password123456I’ll bet that you disagree with the title of this post.  My guess is that 99% of Dentists, Medical Doctors and their staff members would much sooner share their password than their toothbrush! share-toothbrush-with-dog

In fact, I bet another lunch at nice restaurant that 90% of you out there regularly share passwords!  BAM!  Guess what?  You’re toast. Someone just compromised your system and has harvested your Protected Health Information (Practice Management Software Database).  These criminals are selling it right now on the black market for a hundred bucks per record. We call this a breach.  Now, who are you ‘gonna’ call?

This is exactly what the framers of the HIPAA and HITECH Rules were concerned about.  Furthermore, when their audits begin in early 2016 and they find you are using computer accounts with shared passwords, or no passwords at all, it can cost you $50K! Per Incident!!  I know, the hammer (stick) is not as effective as the ‘carrot’. But someone needs to get through to you. You know who you are, so stop ignoring security and get serious.

How about a nice, sweet ‘carrot’ to balance things out? When Dental and Medical practices are HIPAA-compliant, they can use it to their advantage.  When compliance is regularly communicated with their existing and potential patients, it enhances the patient care experience, and improves client stickiness.

Here are five quick things you can do today to help your office become more secure.

  1. STOP sharing usernames and passwords. Quit storing ANY password (simple or complex) on a sticky note stuck to your computer monitor or under the keyboard. Passwords MUST be kept SECURE!!
  2. Create a unique user and password for each person who has a legitimate need for access to PHI in your office.
  3. Go read this post about creating passwords, and this one about password managers.
  4. Get your budget ready to invest in privacy, security AND compliance. If you don’t, you’ll wish you had.  The process begins with spending a few hundred dollars to get a detailed Security Risk Assessment and Gap Analysis completed by a qualified Technology Provider.
  5. Get a Trustworthy IT company that leads with security and compliance. It makes no sense to continue to use your brother-in-law who has no clue about Privacy, Security and Compliance. Call 541-494-2099 Now to setup your Risk Assessment .

We have developed and implemented a simplified, repeatable, best-practice based process.  We’ll walk through the process with you, identifying issues and tackling the simplest ones first.  Once the low hanging HIPAA ‘fruit’ is picked, we’ll continue together down the road to privacy, security and compliance. Don’t turn the years of time and money to build your practice into the tears of a lifetime from a destructive data breach or failed HIPAA audit.

Do it today! Privacy, security and compliance are not going away. There are specific ongoing requirements to maintaining compliance such as periodic staff training, documentation, and assessments. Getting started is the best way to tackle the elephant (HIPAA) in the room one step at a time.

And remember – Don’t share your passwords OR your toothbrush!

 

Leave a Comment