|
By Ingrid Helgeson, MA, DataHEALTH
These days, protecting your information from hackers, viruses and other disasters
is not only important, it’s vital. Here, in no particular order, are the
best ways to protect your information and, at the same time, help you comply
with the HIPAA Security Rules:
- Pay attention to and understand what it is you need to protect on your computer
systems.
- Make sure databases containing confidential and sensitive information are
encrypted. Never store them on publicly accessible servers.
- If you send sensitive information via email, make sure to use encrypted
email or a web-based messaging platform.
- When an employee quits or is let go, disable his network log-ins and email
accounts immediately.
- Create security policies that document how you are safeguarding your information
to protect your practice and patients from information disasters and legal
liabilities.
- Regularly update, refer to and enforce your security policies.
- Keep an inventory of your information systems and document your network.
- Limit user access to your information systems. Implement access control
based on assigned roles and responsibilities.
- Don’t just rely on technology to protect your information—encryption,
firewalls, and virus protection are all important but so are security policies
and procedures.
- Develop and implement a disaster recovery and business continuity plan--in
the event of a disaster, you don’t want to have to make critical decisions
on the spot.
- Back up your data regularly. Routinely check your backups to make sure
they were properly backed up. Perform test restores. Store your backed up
data at a secure, offsite location where it will be readily available in the
event you need it.
- Change the settings on your operating systems and software applications—never
leave them with the default settings.
- Be proactive, not reactive in dealing with viruses. Update your antivirus
software at least weekly or subscribe to an active virus protection service;
sign up for virus alerts via email; and check virus notification sites, such
as Symantec SARC, Trend Micro or CERT.
- Change your passwords often. Never share your password or post it where
it can be found. Avoid obvious passwords that can be easily guessed and never
use dictionary words for passwords. Use a combination of letters and numbers
at least seven characters long.
- Never leave your servers and network equipment in a room to which everyone
has access.
- Train your users on your security policies and what to look for, such as
unsolicited email attachments and common hacker activities.
Follow these practices and you’ll substantially improve the security
of your computer systems and the protection of your information. For more information
on protecting your data, please call or email Ingrid Helgeson at DataHEALTH
(1-888-656-DATA or info@datahealthusa.com).
|
