6 Common data security mistakes medical practices make

A doctor losing their phone, a psychologist leaving their computer on while on a lunch break and a password that's "password", these are all things that seem harmless enough, but in reality can cause irreparable data damage to a medical practice.

Health data is very precious. It contains personal information about someone - not just their birth date and phone number but blood type, current medications and medical conditions.

This means privacy and confidentiality in healthcare should be a medical practice's number one priority. When it comes to data breaches of patient information it can hurt a practice both in financial ways and reputational ways - no one would want to be a patient at a clinic where their data was stolen.

Here are six common data mistakes medical practitioners make and how to avoid them to secure patient privacy.

1. Leaving the computer on

Leaving a computer or laptop on may seem an obvious task to do but it happens more frequently than you may think.

Gartner says 95% of data breaches will be user-related. Medical practices need to understand whatever software they choose needs to have both back-end security and front-end security.

Back-end security focuses on the backups and hosting of data, while the front-end is about log-in parameters and giving users the ability to log out of their account remotely.

Clinicians need to ensure the software they are using is secure from a data perspective but also protect them from themselves with the front end security as well.

As an example, Clinic to Cloud also logs a user out of a device after nine minutes of inactivity providing the utmost security for a patient's data. It’s this ‘resiliency’ that’s essential when it comes to data security in healthcare, data recovery and backing up of critical data.

2. Losing your smartphone or misplacing USBs

Losing phones is another issue we see in the industry. Doctors are known to take photos of their patients' data for easy access, however if they lose their phone or device, it means confidential patient data could be exposed. Similarly, images and files stored on USBs can be easily misplaced, compromising sensitive patient data.

A way to solve this is using Clinic to Cloud as the app has the ability to take and store photos within the software so if the phone is lost, a user is able to log out remotely.

3. Sharing login details

Sharing login is another way to compromise patient data and privacy which could cause a potential data breach. This happened only months ago where a nurse in regional NSW was caught prescribing herself drugs through doctor's credentials.

Every user needs to have their own credentials. This is not only crucial from a security perspective but an auditing perspective.

If you want to audit files and examine what staff are doing within those files, you need to know that someone's got their own login details.

When a user is given an account their password needs to be strong and not something like 'password'.

4. Using platforms to store data that’s hosted overseas

No matter what device someone has, a user needs to make sure the cloud-based software and apps that they use are hosted in Australia.

Many people don't realise that even though a company is based in Australia, when they store data on platforms like Dropbox, their data is actually going offshore.

This is not recommended in the health sector as it significantly increases the chance of having a breach of confidentiality in healthcare.

Australia also has different security laws when it comes to hosting data in the country, so if you have a cloud server based in another country with different cybersecurity laws to those at home, it could seriously increase the risk of having a data breach.

At Clinic to Cloud, all data is stored and managed in a secure cloud platform locally, using the strictest security parameters. Clinic to Cloud has been built on Microsoft Azure that replicates and backs up data approximately every six minutes, while maintaining advanced firewalls and undertaking real-time monitoring of threats.

5. Overlooking staff training and education on smart data security habits

Clinics need to constantly educate their staff when it comes to using health software and applications, as updates can add new features, maybe change old ways of working and keep the team up to date on the latest cybersecurity scams. Importantly, your team need to know how to prevent, discover and manage a security breach.

The easiest way to do this is through bringing in a professional to inform your staff. Education is the best way to avoid future mistakes. When you educate your staff, you are being proactive in reducing the risk of data breaches.

A data breach is not just a violation of patient confidentiality and information, but it could cost the medical practice potentially thousands of dollars to rectify. ARN explains heavily regulated industries such as healthcare see average costs of $6.45 million per data breach.

6. Forgetting about two-factor authentication

When you log into an online account with a username and password, you’re using what’s called single-factor authentication. You only need one thing to verify that you are who you say you are. This is an easy way to keep patient data confidential.

Two-factor authentication is a type of front-end security where users input two pieces of information such as a password and a code sent to an email and/or mobile phone.

The Australian Cyber Security Centre describes two-factor authentication as a way of 'double-checking' that you’re really the person you’re claiming to be when you log into your online accounts, such as banking, email or social media.

Two-factor authentication means a user needs to provide two things – your password and something else such as a code sent to your mobile device or your fingerprint – before you can access your account.

Clinic to Cloud's uses two-factor authentication, allowing for the ultimate protection of a user's data. There are four distinct options that you can set in the practice administration to control the two factor settings, to cater for the needs of users at the practice as well as the standard of security you require upon login.

To learn more on how to keep your medical data secure, download our FREE data security checklist.

Ready to transform your medical practice?
Roshan Karunaratne
Roshan is Head of Revenue Sales at Clinic to Cloud and has spent over a decade in the healthcare industry, working in pharmaceuticals, medical devices and health technology. Having 24/7 on-call clinical support experience has enabled him to drive success with our customers and focus on better patient experiences and patient outcomes. Leveraging this broad experience, Roshan is focused and determined to drive better patient enablement with the key stakeholders of the medical practice to ensure true optimisation.
Stay up to date with latest articles and resources

image 5-4