Does Your Practice Really Ensure Patient Data Security?


April 4th, 2019 -
Andrey Ostashko
/ 4 Min Read

Computer keyboard to keep data securedHealthcare practices have tremendous responsibilities, both, to improve patient care and to ensure the security of patient data. As more organizations deploy electronic health records (EHR) platforms and take advantage of telemedicine, the role of managing digital protected health information (PHI), i.e. patient data, will increase. In addition, the Cybersecurity Act (CSA) of 2015, reports Jessica Davis of Healthcare IT News, provides direction on how practices can improve cybersecurity and reduce data security risks.

The Importance of Patient Data and Damage From Data Breaches

Patient data use has increased among all types of healthcare organizations, ranging from the largest hospital systems to the single, mid-sized clinics, and multi-specialties. Moreover, according to a Public Health Emergency publication on healthcare cybersecurity, the average cost of a data breach for healthcare organizations stands at $2.2 million. While smaller costs may exist, this reflects the permanent damage to the practice’s reputation, fines levied by the Centers for Medicare & Medicaid Services (CMS), and legal action taken by affected individuals.

Assessing the Current Cybersecurity of Your Patient Data

The volume of cybersecurity threats to healthcare organizations is increasing. Hackers leverage sophisticated attacks, ransomware incidents, and access to non-workplace appropriate sites as potentials ways to access your data, reports Axel Wirth via HealthTech Magazine. Before taking any action, practices should ask these key questions:

  1. “Has anyone in the facility accessed or provided information on a potential threat that resulted from an e-mail phishing attack?”
  2. “Can patients and care team professionals send encrypted messages and communications without using personal email servers or public-accessible servers, such as Gmail and Microsoft?”
  3. “Has anything unusual appeared within the EHR database or resulted in suspicious, unexplained activities?”
  4. “If an attack were to occur, do backup data stores exist?”
  5. “Does the practice utilize anti-malware detection and correction tools?”
  6. “How does the practice determine who may access the system and track all access points to identify potential risks?”
  7. “Does the practice store patient data in an authentic EHR that undergoes penetration testing, or is it a home-grown solution?”

Answering these questions will help your practice determine its potential risks for a cyber attack. Ultimately, each question represents a vulnerability that must be addressed to eliminate the risk. Even if a practice does not update servers regularly or does not connect systems to the internet for sharing data, a hacker could still leverage wireless technologies to gain access to patient data. Furthermore, an attacker could access financial data, resulting in additional losses, including the loss of billing data and information. Therefore, it is essential to ensure data integrity and security in the same way you fight against illness and disease.

How Medical Practices Can Keep Patient Data Secure

Most healthcare organizations continue to spend less than six percent of their annual IT budgets on cybersecurity. Meanwhile, a mere 40 percent regularly schedule cybersecurity discussions and updates as part of management strategies, says Wirth. Instead of leaving it up to chance, healthcare organizations should follow these steps, says Luis Castillo of Forbes, to improve the cybersecurity of internal systems, including patient data security:

  1. Recognize the threat. Healthcare cybersecurity is exposed to countless threats that could result in lost patients, massive charges, and more.
  2. Update cybersecurity protocols. For instance, requiring two-factor identification for access to PHI is an excellent practice.
  3. Train staff to recognize potential threats. These threats range from suspicious activity to unsolicited emails. In addition, create the process to manage each threat when it occurs, including referral to authorities.
  4. Use an EHR that contains built-in cybersecurity software. Modern systems should utilize the latest encryption protocols and reduce risk as a core business objective.

EHR Security Measures that Protect Your Patients’ Privacy

  • HIPAA Compliance
  • Perform IT Assessments Regularly
  • Clean up User Device Unnecessary data
  • Regular Audit
  • Data Encryption
  • Password Protection
  • ONC-ATCB Certification
  • Regular Update & Patch Your Systems

Fortify Your Practice’s Digital Capabilities With the Right Partner and Systems Provider

There will always be new cybersecurity threats on the horizon. The key to success lies in understanding what hackers are doing to gain access and taking preventive steps to maximize cybersecurity. In fact, practices with an integrated EHR, such as PrognoCIS, achieves this goal and offers benefits to you and your patients. Request your demo today.


Contact PrognoCIS To Discuss The EHR Needs Of Your Medical Practice

Find out whether our electronic health record software is the right choice for you

Request Demo Download EHR PDF

Recent Posts

Please fill in your details with the best contact email and phone number.
We look forward to connecting with you.

Contact Us

All our promotional offers are as individual and unique as the practices and clinics we support.

We look forward to exploring the potential benefits and offers prognoCIS has for you.

Please fill in your details with the best contact email and phone number.

All our promotional offers are as individual and unique as the practices and clinics we support.

We look forward to exploring the potential benefits and offers prognoCIS has for you.

Please fill in your details with the best contact email and phone number.

Need Help?
We're Here To Assist You

Would you like to see an example of this?


Feel free to contact us, and I will be more than happy to answer all of your questions.

Receive the latest news

Subscribe To Our Newsletter

PrognoCIS Demo

We would like to invite you to take a demonstration of PrognoCIS EHR to fully appreciate the depth of content, features and simplicity of use.

Please choose your preferred method of contact.