Important Tips to Protect Your EHR System

1
Important Tips to Protect Your EHR System By
using electronic health record (EHR) and practice
management systems, medical practices have all
sorts of information available. With a few
computer keystrokes or mouse clicks, we could
find, use, and share information that helps
satisfy our patients needs. But other people
want access to this information. Their intent
isnt to help your patients, but to hurt them by
stealing personal data and using it for harmful
purposes. To protect this sensitive medical data
and provide EHR security, consider taking a few
steps. Assess your risks Going through life
with a pessimistic outlook usually isnt the
healthiest perspective, but a little pessimism
may be helpful when youre considering and
implementing EHR security measures. More
accurately, its useful to think about the kinds
of risks your EHR system faces or might face. By
conducting a risk assessment, youll identify
things that could possibly hurt your system and
think about what could happen if they actually
occur. Such considerations are important because
your practice is always changing. Maybe your
office has moved or has opened another location,
or you could be conducting more of your work
online, such as offering more telehealth
appointments. Is your practice storing this
information on a new server? In the cloud? Its a
good idea to analyze your data safety procedures
and update them regularly. Staffing could also
bring risks. Do your current staff members have
experience with your EHR and practice management
systems and their safety protocols? Do you trust
new employees with your procedures and
data? After Analyzing these potential downfalls,
if something bad does happen, youve already
thought about it and ways to solve it. This
knowledge and preparation could inspire
confidence, not fear.
2
Perform tests and scans While youre
brainstorming potential problems, you also might
want to pretend that something has gone wrong or
check if it could go wrong. To make such checks,
conduct tests and scans of your electronic health
record (EHR), practice management, and other
software systems. Use antivirus software and
other tools to check for the presence of viruses
and other types of malwares, such ransomware.
Ransomware is malware that could prevent you from
accessing and using your files. If your
antivirus software and tools determine that your
system is infected with malware or is at risk of
infection, take immediate action. This action
might include contacting your practices resident
tech expert or another trusted professional who
youve worked with in the past. Theyll work
with your practice to quarantine files, destroy
viruses, or take other safety-related
steps. Update your software and systems
regularly Working with tech experts could help
you tackle current problems. Its equally
important to establish security techniques for
electronic health records to try to prevent such
problems in the future. Weve all groaned when
those messages pop up on our computers to inform
us that our software systems need updating. While
weve probably also delayed those updates, its a
good idea not to ignore them entirely. Also
known as patches or service packs, software
updates typically include features to patch
vulnerable aspects of software programs as well
as items that fix bugs and enhance the
software. Many of these updates occur
automatically or when we permit them to occur.
Other software doesnt update immediately but
indicates when users should take such
actions. Encrypt your data By encrypting your
practices sensitive personal information, youre
adding another layer of EHR data
protection. When you encrypt information, your
system uses algorithms to convert regular text
known as cleartext into coded information.
Technology
professionals refer to this coded information as
ciphertext.
3
Ciphertext appears as random letters and numbers,
so its impossible to interpret without a tool
known as a key. Only authorized users have these
keys and can convert ciphertext back into
readable, usable cleartext. If hackers do get
into your EHR system and your individual records,
they dont have keys. They wont have access to
information they shouldnt have. Even if they
try to share encrypted information, it will be
worthless gibberish, not valuable personal
data. Evaluate your hardware Antivirus and
encryption tools are useful ways to secure
private information. So is evaluating your
medical offices hardware. Determine how your
staff members are accessing data. Are they using
personal computers and laptops that are
physically at your office? Those kinds of devices
in their homes? Youll need to ensure that each
device uses antivirus and security
precautions. You might want to create policies
about the employee use of phones, tablets, and
other smaller electronic devices to access your
practices medical records. Consider buying such
smaller electronic devices (or reimbursing
employees for them) and designating them as
work-only hardware. Then, you can install and
monitor security tools as part of your EHR
maintenance efforts that keep your patient data
safer. These precautions should extend through
the use of your computers and beyond. Are you
buying new devices? Make sure the old ones dont
have medical information stored on the devices
themselves. If they do, delete it. Save your
important information first. Then, you could wipe
the devices hard drive by running a factory
reset. You could also remove the hard drive
entirely or check the internet to explore other
actions. Limit employee access In addition to
limiting the amount of devices that could access
your EHRs, its also a good idea to limit the
amount of people who could see and use such
records. New staff members probably dont need
full access to your EHRs and
probably shouldnt. Its a good idea to work with
staff members for a bit.
4
Becoming familiar with them could help you
determine if theyre trustworthy in different
ways and seem as if theyll be working with your
practice for a while. On the other hand, do you
have loyal employees who have been working with
you for years? Employees who have displayed
honesty and integrity in different ways. Those
are the employees who are probably more
trustworthy. Theyre people who are better
candidates for seeing, using, and altering your
entire EHR system. Speaking of accessing and
altering EHR systems, are you in the market for a
new EHR or practice management system? Do you
have questions about how this software works and
what it could do for you? Contact Eye Care
Leaders to learn how electronic recordkeeping and
other solutions could help you work effectively,
easily, and yes, safely.