Recently, a healthcare provider in California got a lot of media attention for its patient data security measures. The coverage, however, wasn’t the kind of free publicity a medical practice might hope for.
The news of the mid-October theft of a desktop computer from an office of the Sutter Health system initially passed with little fanfare, but when word spread that the PC contained the confidential information of over 4 million patients, the incident became a big story.
Though the computer was password-protected, the medical records housed inside it were not encrypted. If a hacker attempted to mine the data, he could access it with relative ease.
Breaching Security… and Trust
According to a recent survey by PwC’s Health Research Institute (HRI), over 50% of healthcare organizations have suffered some type of privacy or security issue within the last two years. A security breach of any size or seriousness not only places your patients’ privacy at risk but also jeopardizes your business.
In truth, it’s unlikely that a medical-data criminal mastermind executed the Sacramento crime mentioned above; it was probably just an act of petty theft. Nonetheless, the incident almost certainly shook consumers’ trust in the vandalized practice, so the crime’s greatest damage may be to Sutter Health’s bottom line.
Armed with the knowledge that they failed to properly secure patient data, would you choose Sutter Health over another provider?
When asked what would sway them to choose one hospital over another if cost, quality and access were equal, 30% of consumers surveyed by HRI said they’d select the hospital with clear privacy and security policies.
It seems apparent, then, that a practice that’s confident in its security measures – and willing to project that confidence to consumers – would have an advantage in the prospect of maintaining and expanding its patient base.
How Confident Are You in Your System Security Measures?
All technologies utilized by HIPAA-covered entities are required by law to adhere to HIPAA Security Rule regulations. But is simple compliance enough for you and your patients?
One way to boost confidence in your data security methods is to make the switch to a cloud-based software system. Traditional client-side server software systems may be Security Rule-compliant, but they’re only as secure as the location they are stored in. As with the stolen PC, an object – the server – houses patient information on-site at a practice.
Cloud-based systems can provide a more secure means of storing and transmitting data since they encrypt it upon receipt and store it online, in the cloud, so there’s no hardware to steal.
Show ‘em What You’ve Got
If you’re taking advantage of cloud-based technology and feel confident in your practice’s security and data protection measures, let people know.
Patients often research providers online prior to choosing physicians, and many are well informed about the changing landscape of medical security and privacy issues.
Make your practice the one that stands out as having clear security and privacy policies. After all, there might be consumers who notice and choose you because of it.
Contact your software vendor and ask for stats on their security measures and their effectiveness – they should be more than happy to provide you with the numbers.
Use the most impressive facts about your system in your marketing collateral, on your practice homepage, or on your Facebook page.
Any content that conveys how much you value good security will set you apart from the providers who fail to mention it and might help establish yours as a practice that cares about its patients’ privacy and the safety of their information.
No matter what, make sure any security news about your practice is good news. Stay informed and up-to-date when it comes to security, and always encrypt your data.
How would you communicate your data security measures to patients?
Madelyn Young is a Content Writer for CareCloud and an expert on practice management, medical billing, HIPAA 5010, ICD-10 and revenue cycle management. You can read her work on Power Your Practice and the CareCloud Blog. Contact Madelyn with story suggestions, contributor articles, or any other feedback at madelyn@poweryourpractice.com or follow her on Twitter @madelyn_young.
The material and information contained on this website is for general information purposes only. You should not solely rely upon the material or information on the website as a basis for making any business, legal, medical, or any other decisions. While we endeavor to keep all information up-to-date and correct, all information in this site is provided "as is," and CareCloud Corporation and MTBC Inc. make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information contained on the website for any purpose. Any reliance you place on such material is therefore strictly at your own risk.