OP’s Pediatric Success Series
by John Kelly
Security Best Practices All Pediatric Practices Should Follow
Healthcare data breaches are more than just an IT risk. They can have lasting financial and social repercussions for practices, employees, and patients. Taking proper steps to secure data is an investment both in patient safety and business integrity.
Here’s why cybersecurity is more important than ever — plus what pediatric practices can do to safeguard sensitive data.
The Importance of Pediatric Data Security
Protected health information (PHI) is highly valuable because it contains a treasure trove of data. Once a hacker learns passwords to one healthcare account, they can use these details to hack into other accounts.
Personal health information can also be used for medical identity theft. “Your information could be used by someone to get medical or government services, medications or medical equipment, or falsify insurance claims,” explains Steve Cheryba, Network and Systems Architect at Office Practicum.
Michael Matlack, President & CIO at Office Practicum, says that these data breaches are even more problematic for pediatric practices, which are entrusted to secure and manage the personally identifiable information of children, siblings, and parents.
Financial and Social Repercussions
Once a security breach has occurred, the financial and social repercussions can be permanent. Aside from hefty HIPAA fines, significant patient data mismanagement may lead to involved parties bringing legal charges against the practice.
In the digital age, the social implications of a data breach can be difficult to anticipate. Patients and families may feel betrayed by a practice and its employees after a security breach. In turn, they may voice their negative opinions on social media and turn their business elsewhere.
“Even if they [a pediatric practice] can survive the fines and legal ramifications, they might not necessarily be able to survive the social ramifications and the community impact,” Cheryba warns.
Security Measures for Practices and Employees
There are a number of important security measures that pediatric practices must take to keep data secure.
A few essentials include the following:
- Purchase and install antivirus software
- Ensure proper firewall setup
- Update all software early and often
- Perform nightly backups and keep multiple copies on hand
- Store backup data in a secure location safe from natural disasters
- Configure internal data access
- Ensure that employees have access only to the information they need
Practices can also ensure company-wide password safety. Such rules include:
- Never use the same password twice
- Use passphrases instead of single words (e.g. YellowChairsCoverBanjos) because obscure details are harder to guess
- Use leeted passwords (changing an E to a 3; an I to a 1)
- Change your password every 2-3 months
- Keep all passwords in a trusted password manager, like LastPass
Making Cybersecurity a Priority
How much a practice dedicates to cybersecurity depends on data management needs and overall budget. Security might feel like a significant upfront cost, but it’s a preventative measure that can save you thousands – if not millions – down the line.
Just because your data is hosted and secured by a trusted system, for example, doesn’t mean that it’s 100 percent secure. And if you don’t have a trusted IT team on staff, it’s a good idea to hire an IT contractor for routine safety checks.
Enforcing security best practices across employees and partners helps protect your practice against ransomware, viruses, and other cybersecurity breaches. You’ve worked hard to build a thriving practice. Ensure that you have the proper cybersecurity protocols in place to protect it.
About the Sponsor
Office Practicum is a leading provider of pediatric-specific solutions. Our EHR, PM system, and billing services help pediatric practices improve clinical and financial outcomes. Contact us today to learn more.