How to Prevent Security Breaches in Your EHR Software

Posted by Sharon Chin on Mon, Apr 14, 2014 @ 05:04 AM

EHR_Software-001Last week, we talked about keeping your data secure in a client-server system and we thought that a cloud-based EHR software would be a better and safer solution for your practice.  This week, we chanced upon a blog post by Power Your Practice about preventing security breaches that we wanted to share.

The post mentioned an alarming fact about how data breaches may not even be caused by advanced hacking techniques, but avoidable employee blunders. We thought that this was a helpful post no matter the kind of EHR software that you are using, and a lot of the tips that may seem like common knowledge, are not actually practiced.

Best Practices to Prevent Security Breaches in Your EHR Software

We’ve combined some of Power Your Practice’s precautions along with ours. Check them out:

  • Provide up-to-date HIPAA training to all your staff.
  • Minimize the chances of others overhearing patient information by not using a patient’s whole name within hearing distance of others.
  • Secure all paperwork containing patient and health data by placing in a drawer or folder when not in use. Cover charts so patient names are not visible and as a general rule of thumb, you should never leave records unattended.
  • Close computer programs containing patient information when not in use. Practice management and EHR software with automatic time out settings can be very helpful in case you forget.
  • Backup systems that contain patient data. Storing your data in a HIPAA compliant cloud-based system is safer than using a client-server or paper documents. Most cloud service providers back up their data in at least three places, but for extra security, you could request a backup storage in your practice.
  • See if your practice management and EHR system gives you control of user access to different levels of information. This prevents employees from accidentally changing or seeing information that does not pertain to their specific duties, such as not allowing certain staff access to billing information.
  • Implement password best practices:
- Ban the sharing of passwords between staff members.
- Reusing passwords makes you an easy target for multiple account hacks, so make sure that you use different passwords for each account.
- Change your password every 30-90 days.
- Passwords should not be words that can be found in the dictionary. It allows hackers to easily run a dictionary program for a matching word.
  • Shred paper files. You can hire a company to shred documents for you instead of wasting an entire day shredding documents, especially if you are making a switch from paper to electronic records.

Keeping your patient’s data secure should be your practice’s top priority and it also makes sure that you are following the law! A practice management and EHR software is a really big part of managing your practice, but you can also take full advantage of it to help keep your patient data secure.

For more tips like these, check out one of our favorite blogs Power Your Practice, or subscribe to our blog for more resources!


Tags: Tips & Tools, Uprise EHR & PM

Looking for tips to grow your eyecare practice business? Read on!