Throughout each day, you are likely logging in to websites and applications that store your information digitally; from your email to banking portals, and from your Amazon account to your EHR system — all these accounts contain a vast amount of confidential, private information.
How do you stay safe in the digital age?
Staying Safe Online
While there are targeted attacks on corporations, often times the individuals who suffer from an identity theft or being hacked online, are simply the victims of being easy prey. It is often said that burglars looks for people who do not lock their cars or front doors.
Online theft and hacking often follow the same principles: they often look for an easy victim.
Here are a few ways that you can help maintain your own security online and avoid becoming an easy victim.
- Do not allow your browser to store your log-in credentials (such as your password) for you; this means that anyone using your computer can access your email — or your EHR system
- Do not open attachments or click on links in emails that you do not trust. If someone sends you an email with an attachment that you were not expecting, contact them through a separate email to ensure it is safe
- Set a strong password for your email, banking, social media, and other online applications, and change your password on occasion
- Install a trusted anti-virus program that will scan your computer for threats and can keep you safe online as well. There are reputable (and even free) options available
- Practice safe browsing. Use a trusted browser (such as Chrome, Safari, or Edge) and do not visit obscure websites. Follow your browser recommendations if it indicates the website may not be safe
Maintaining HIPAA Compliance
Beyond that ways that you can stay safe in the digital age, there are also a few simple, but important, steps you can take to help maintain HIPAA compliance as you interact online:
- Do not use personal email accounts to transmit confidential information
- Do not store confidential information on your computer, and ensure that your computer is encrypted
- Discard of confidential information appropriately by using a HIPAA compliant shredding service
- Do not reuse passwords, write them down, or share them with staff or family members. Reusing passwords allows hackers to steal your identity more easily; as you re-use your password on different sites (such as your banking, email, and EHR systems), you make yourself vulnerable and expose yourself to greater threats from hackers.
- Only access confidential information (such as PHI) from trusted computers and internet networks. Do not access your email from computers or network you do not trust.
- Ensure that your PC is continually patched and has current security fixes in place. We wrote in late 2015 about how using Windows XP while accessing PHI is an automatic HIPAA violation. This is a great example of how HIPAA compliance is an ongoing process; you must ensure that the technology you use (such as your browser and your computer) is continually updated with security patches.
Much of your daily HIPAA compliance boils down to ensuring that you are using tools and acting in a way that is HIPAA compliant. Ask yourself the following questions:
- Do you speak about client information in your reception area?
- Do you receive confidential email on a personal account that anyone else has access to?
- Do you leave PHI out in the open for others to see? (such as an intake form, a release, or a copy of an insurance card)
- Are your passwords written down anywhere?
- Do you take and store photos of EOBs or insurance cards on your personal phone?
- Do you have a confidential shred bin that is disposed of professionally?
All these areas may be HIPAA violations or leave you vulnerable to violations of confidentiality. To help inform you on some of the ways that we ensure the safety and security of your information, we have added a dedicated Security and Privacy page to our website to give more information on what we do, as well as how you can assist in maintaining confidentiality.