In January 2018, ATI Physical Therapy discovered a security breach the compromised the medical records of more than 35,000 patients. For some clinics, this would be catastrophic. In addition to appearing unprofessional and likely losing patients, a breach could be costly if any patient experiences identity theft. For this reason, strong data security is important for any physical therapy office.
Why Data Must Be Kept Secure
Physical therapy patients trust their therapists to protect their medical records and remain HIPPA compliant. In addition to names, birth dates, addresses, and phone numbers, the files usually include employment information and identification numbers for insurance cards. The identifying information is enough to wreak financial havoc on the patient if it gets into the wrong hands, but the potential for problems goes beyond that. The records also include a detailed history of the patient’s health, including diagnoses and medications, which brings about a whole other kind of identity theft.
Possible Consequences of Unsecured Data
If the patient’s social security number or credit card payment information was also in the file, the thief could use the information to make purchases or access lines of credit in the patient’s name. Medical information poses another problem. Unscrupulous people may pretend to be the patient to have expensive medical treatments done without paying for it or could order medication in the patient’s name with the intention to resell it.
It is important to note that gaining access to medical information isn’t as hard as it sounds. There is no need for the thief to ever enter the practice. Without proper security, he or she can easily hack in from anywhere in the world. In fact, if an employee has a work laptop and takes it home, someone could simply steal it and gain access to the information. In 2016, Kineto Rehab Physical Therapy, PLLC announced a possible security breach after an employee’s laptop was stolen.
Tips for Ensuring Your Data Is Secure
You can improve the chances of keeping data secure by implementing and following a few guidelines at your clinic. Start with the wireless network. Wireless routers are susceptible to hacking, so upgrading to the latest technology is essential if you haven’t already. You should also change the company’s network password regularly and block unauthorized devices. Install firewalls and antivirus protection on the network as well.
Next, write a mobile device policy and have a meeting to educate your staff about data security. The policy should indicate whether employees can use personal mobile devices on the work network. If you allow it, you should indicate what type of data they can store and what apps they can have installed to prevent a security breach. During the education meeting, teach them what phishing is and warn them not to open an unknown email on the employer network, especially if it has a file in it. Additionally, you should train them on how to choose a secure password. Finally, indicate what is or isn’t a violation of the policy and have everyone sign a contract.
Rev-Ignition is a professional medical billing company that can help you ensure your data is secure, safe and protected as we handle your billing and reports. Contact us today to learn more about what we can do for your clinic.