By Suze Shaffer
When designing your website we all think it’s a great idea to “share” who are team is. Although, it is necessary in healthcare because patients want to see who your staff is and get to know them, be careful not to give out TMI – too much information. Hacker and spammers troll websites looking for information they can use. Think about this… when you post on your website your favorite flower, favorite food, or where you were born, these can be used as security questions or used to figure out other details of your life.
Another area of concern is when a business associate calls your office and asks for information and you didn’t request them to call or contact you. Make sure that person is still employed there and verify the call before giving out any information, sending any information, or permitting access to your systems. Recently, a friend of mine told me about an IT company who had one of their employees impersonated on the phone. Luckily the hacker wasn’t able to get anything since the computer wasn’t connected to the network. Just think what could have happened if it were!
Best practices in protecting your information.
- Although you want to be “real” and connect with your patients online, give out information sparingly. What you post online is read by ANYONE!
- When creating your security questions, don’t answer the questions truthfully. When asked what is your favorite flower, make something up! You just have to remember what you made up! For example: Favorite flower, Mexican – name a food instead. Favorite food, Pink Roses – name a flower instead. Mix it up a bit!
- When anyone calls and asks for any confidential or patient information. Verify before giving out any information. Make sure that employee still works there and they have been requested to perform whatever they are requesting.
- Never let anyone that calls on the phone have access to your computer, server, or any electronic device until they have been verified.
- Do not permit any transactions to be processed until what is requested has been verified.
I know this sounds like a lot of extra work, but think about the consequences and the time that will be spent correcting a mistake. Not to mention the cost if you have a data breach!
If you would like more information, contact us at 877.659.2467 or complete the contact us form.
“Simplifying HIPAA through Partnership, Education, and Support”