• linkedin
  • Increase Font
  • Sharebar

    10 ways to improve patient data security



     Back up data off site

    Practices that use a client-server system should have onsite backup, such as a mirrored server that can replace the main server if it goes down, Nussbaum says.  

    In addition, he says, all practices should have off site backup, both for security purposes and in case of natural disasters. In addition, practices should maintain off site copies of their financial data, including data from billing systems, general ledgers and payroll systems, he says.

    A cloud-based EHR vendor or hosting firm will back up EHR data, says Nussbaum. Practices that have client-server systems should back up their data on a tape and move it offsite at least daily, he adds. It’s essential to keep these backups offline in case a hacker takes over your network, he notes. 

    Also, he says, backups should be encrypted. Otherwise, a lost backup tape is considered a security breach under HIPAA.


     Get business associate agreements

    HIPAA requires practices to sign business associate agreements (BAA) with all outside parties with which they share PHI. 

    These agreements obligate the business associates to safeguard the PHI. Organizations covered by HIPAA do not have to evaluate the security procedures of their business associates, but some experts suggest that practices question business associates about their security practices in general to help safeguard data.

    Hashey does this before he signs a BAA, mainly to ensure that outside firms understand the importance of protecting patient information.

    Sacopulos agrees this is a good idea, but cautions against including business associates in security risk assessments. It’s impractical because it involves too many entities, he says. Also, if a practice signs off on a business associate’s security practices, it’s assuming a legal duty that it’s not obligated to take on. 


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Latest Tweets Follow