News Feature | April 8, 2014

5 Tips To Avoid The Data Breach Trap

Christine Kern

By Christine Kern, contributing writer

The Data Breach Trap

Among the biggest headaches in the world of IT are data security breaches, like the widely-publicized case of Target.

To quickly recap – in December 2013 and January 2014, Target announced hackers had gained access to Target’s internal servers and used that access to install a virus on Target’s point of sale credit card machines. The virus grabbed credit card and PIN (Personal Identification Number) information, and stored it secretly on the servers where the hackers could retrieve it later. The hackers were thus also able to gain access to other Target databases with email, address, and phone records. In all, 40 million credit card numbers and 70 million personal records were compromised.

Although Target’s breach made front page news for weeks, they are not the only retailer to suffer from similar breaches. Data security is a paramount issue, not only to retailers, but to any entity that captures and holds sensitive information – including healthcare providers.

Medical practices already must secure information under HIPAA laws, and should already have policies in place for any credit card information they encounter. While larger institutions are obviously a hacker’s first choice due to the amount of data they might steal in a single effort, smaller institutions will also become targets as loopholes are tightened and more people are aware of the dangers of hacking and the need for security.

So, how can you avoid becoming a victim of a data breach? Managemypractice.com has provided five quick tips to help tighten security and avoid infiltration by a potential hacker.

  • Start a credit card on file system
    Keep the patient’s card on file, offsite, in an encrypted payment gateway to reduce the liability for the practice because there are less human touches in the process that can invite fraud.
  • Review your financial and security policies
    Audits reviewing breaches of Protected Health Information (PHI) and protected Payment Card Industry (PCI) data focus less on the actual events that led to the breach, and more on the culture, policies and environment the breach occurred in, and how that contributed to the incident. Start by examining your policies regarding annual HIPAA, OSHA and billing compliance training, data security, physical and administrative safeguards, how information is stored and retained.
  • Create a culture of compliance, privacy and respect
    More than individual policies, rules and regulations, an office’s culture is the accumulation of norms, practices and relationships that guide how things are done in any given situation. If you have great policies in place, but the culture of the office dictates that they aren’t followed, or are only followed under ideal conditions, you are still at a great risk for a breach.
  • Talk to your vendors
    Make sure your credit card gateway and processor are giving you all the tools you need to keep your patient financial data safe.
  • Talk to your customers
    Be proactive! With the breaches at Target and elsewhere, this is the perfect time to start a conversation with your patients about how you can do more to communicate with them, and involve them in their security.