How to Hack-Proof Your EHR

infographic on making ehr secure
According to a Duke University/CFO Magazine Global Business Outlook Survey, “More than 80 percent of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data.” This study also found that small and medium-size businesses are most at risk, primarily because they tend to not allocate as many financial resources to this task as some of the larger companies in existence today.
While this particular finding paints a pretty grim picture about data security in chiropractic offices across the nation, the reality is that you don’t have to put your private information or that of your patients at risk. In fact, there are at least four things you can do to begin hack proofing your electronic health record (EHR) system today. They are: backing up your data, securing your internet, protecting your emails, and locking your network.

Backing Up Your Data

The Massachusetts Institute of Technology reports that backing up your files is necessary for a number of reasons, some of which include: if your system is crashed by an attacker, having corrupt data, experiencing hardware issues, and falling victim to computers which are “lost, stolen, or destroyed in a fire or other catastrophe.” One option is to perform this task manually right in your practice, but making it an automatic function not only saves you and your office staff time, but it also ensures that you don’t forget to do it, potentially putting your data at risk.
Off-site backups are preferable as well, which means that you store your data at another location. This makes it easier to recover should someone gain access to your information by breaking in and taking your computer and hard drive, or in the unfortunate event that your practice experiences a flood, fire, or other types of disasters which destroy your data. Automatic backups are preferred in this instance as well.
Finally, when selecting a backup system, choose one that is HIPPA (Health Insurance Portability and Accountability Act of 1996) compliant and test it regularly to ensure that you can easily restore your data should any issue or breach occur. After all, the backed-up information is no good if you can’t gain access to it.

Securing Your Internet

Some chiropractic professionals prefer to store their confidential data in a cloud EHR system instead of a server-based EHR system. Both platforms have the same security but a cloud system should incorporate a password manager. This helps you keep track of which password you’ve assigned and alert you to change them, protecting you from locking yourself out of your data entirely.
End to end encryption is also essential in protecting your data from any user other than you. Consider securing your internet with a business associate agreement (BAA) as well, covering you for HIPPA-related purposes.
More tightly securing your internet also includes authenticating the websites you access by confirming they are correct before hitting enter and only going to sites that are secure themselves (those with URL’s that begin with “https”). It’s beneficial to change your passwords to ones that contain numbers, letters, capital letters, and special characters, making it more difficult for a hacker to guess what they are.

Protecting Your Emails

The third way to hack-proof your EHR is to protect your email-based correspondence. This process means using a secure messaging system to send your electronic letters and taking the time to confirm that your emails are being sent only to trusted email addresses. You can also prevent a hack by only downloading attachments that you’re expecting to receive and deleting the rest.
Locking Your Network
Finally, securing your network can help prevent unauthorized people from accessing your data. Using antivirus software can help; just make sure you choose one that is reputable and trustworthy. How to Geek explains that these protectors work by “controlling the incoming and outgoing network traffic.”
Finally, don’t forget to secure your Wi-Fi too. Password protect it so no one can gain access without the appropriate code. Do not allow your patients to access the internet while waiting for their appointment. If you wish to provide this service to patients, use a separate non-public system for your private and patient data.
Protect Your EHR
Although four-fifths of all businesses report experiencing some data breach, your chiropractic office doesn’t have to be one of them. By implementing these four suggestions, it increases the likelihood that it won’t be, making it more than worth the time and effort.