Have you checked your clinical data backups in the last four weeks? Do you have a signed document from your IT vendor agreeing to your patient confidentiality policy? Finally, as a business owner or manager, do you know what security policies and technologies are in place to protect your patients’ data?
If you’ve answered no to any of those questions, then you’re not alone and unfortunately, your business might be at risk.
43 per cent of the health businesses audited by REND Tech Associates in 2013 believed they implemented adequate security measures in their businesses. However, our audit results told a different story.
One of the costliest technology risks to a health business is the failure to recover current patient data easily and promptly. The inability to do so can have severe medico-legal implications for health businesses and their patients. Such risk is always linked to the backup policy that businesses chose to implement.
To minimise the risk of not being able to recover your patients’ data when you need it most, I suggest contracting an eHealth engineer to design and tailor a backup plan unique to your business and available technology.
The second major source of data loss risk is the unauthorised access to clinical patient data by IT vendors. Whilst we can agree that not all IT vendors actively choose to access clinical patient data, there have been cases reported where practices and health businesses have faced legal actions due to their inability to provide signed confidentiality agreements from their IT vendors and staff.
If you don’t have a signed document from your eHealth engineer stating that they meet your patient data access policy then you need to obtain one now.
If you’d like a confidentiality agreement template then please feel free to call us and we’ll be able to send you a generic template.
The third security risk to health businesses is the unauthorised access of patient data, which we all commonly know as hacking. However, most health business owners or managers aren’t aware that half the hacking cases reported aren’t external hacks but internal ones.
An internal hack is when an unauthorised staff member or stakeholder within the business is able to access clinical or business data that they are not supposed to.
To remove the internal hack risk from your business you can implement a few simple steps. The first step is to ask the clinical staff not to share their passwords with other staff members. The second tip is to ensure that no one except the business owner, manager and IT vendor can access the server. The third tip is to audit your business IT platform every 12 months. It is important to have an external eHealth engineer audit your current IT platform and check the level of service that your IT provider is delivering.
Ongoing regular audits ensure that your business is protected from downtime due to technology failure, medico-legal complications due to unauthorised data access and most importantly, ensuring that you can always use your backups when needed.
If you enjoyed this article and would like more useful tips, then I’d encourage you to visit our website for more useful articles, tips and recommendations.