How to Prevent a Security Breach in Your Practice

With electronic health records (EHRs) becoming the norm for documenting a patient’s health history, security breaches in medical practices are occurring more frequently. Not only do these breaches threaten to expose sensitive data about your patients, it also threatens the credibility and safety of your practice. With the increase in computer system hacking and healthcare fraud, physicians need to find ways to prevent these dangers from happening to minimize any potential damage. Here are three questions you should ask yourself if you want to keep your patients’ data from ending up in the wrong hands.

How can medical data be stolen or lost?

Computers are touchy pieces of hardware, and if you experience a power surge in your practice, your computer systems could be wiped. For example, if you were in the middle of filling out a summary of a patient’s visit or writing an electronic prescription, all of that information can be lost.

Another issue that practices may face is lost or stolen computer devices. Flash drives, hard drives, laptops and tablets are all vulnerable to theft. If you have a disgruntled employee or a highly unsatisfied patient, these portable devices can be taken with one swipe of the hand.

The most common cause for patient information getting misplaced or deleted is employee negligence. Unintended mistakes can cost a practice thousands of dollars, especially if staff members aren’t properly trained on new computer software. Human error can never be eradicated – mistakes happen – but medical practices need to consider thoroughly training their employees to prevent future mistakes.

Computer hacking and other internet technology issues can cause computer systems to crash and be left open to breaches. Hackers who gain access to your computer servers can release malicious viruses onto all connected devices or hold your patients’ data for ransom. These breaches are costing healthcare providers and patients a lot of money. In fact, medical identity theft can cost a patient $20,663 to resolve, according to the Ponemon Institute. For healthcare organizations, breaches cost an estimated $4,000,000 in damages with 60% of those breaches occurring in smaller sized physician practices.

Why would someone want to steal your patients’ medical records?

Electronic health records are profitable on the black market. Reports show that health information is one of the most lucrative types of data for cyber-criminals to steal, more lucrative than Social Security numbers. All of that data can be used to purchase prescription drugs, file false insurance claims and receive healthcare at the expense of someone else. Employees who have access to this data which can include names, phone numbers, addresses and test results can sell it to criminals who want to use that information for blackmail, billing fraud and identity theft.

What steps should I take to protect my patients and my practice?  

If your practice has suffered from a medical data breach, or if you want to protect your practice from such threats, take the following precautions:

  • Use cloud storage instead of portable storage devices like flash drives and hard drives.
  • If you store your data on laptops and computers, use encrypted passwords to prevent someone from simply guessing your password and accessing everything stored in your files.
  • Check in on your third party vendors. If your patient data is being held by another organization, make sure they are doing their due-diligence and are taking necessary precautions to protect your patients’ health information.
  • Create policies and guidelines when it comes to training staff. They need to understand the importance of protecting patient data because if the shoe was on the other foot, they wouldn’t want a cyber-criminal to gain access to their medical records.
  • Lastly, consider investing in data breach insurance. It can protect your practice against loss, theft, or intentional misuse of patient data.

Progress is being made in the healthcare industry to ensure the safety of patient information. The risk of a security breach can be averted by implementing a comprehensive security plan that addresses the weaknesses within a practice’s computer system as well as having a properly trained medical staff that is both thorough and cautious.



Contact Information

AAFP Insurance Services
Attn: Policyholder Services
PO Box 7470
Leawood, KS 66207-0470

(800) 325-8166

Email Us

Hours of Operation

Monday through Friday
8:30 AM – 4:30 PM Central Time

We’re here to help