How to Keep Patient Information Safe and Protect Your Practice’s Reputation
Updated: Mar 25, 2020
Technology can be both an extremely valuable tool for your dermatology practice and potentially problematic at the same time. Computer glitches, managing your online reputation, and staying in tune with social media trends are aspects that could be problematic. However, other aspects of technology have far more potential for truly damaging your practice. Namely, keeping your patients’ personal and medical information secure is one of the most important technological aspects of your dermatology practice. Unfortunately, data breaches in healthcare systems have been at a steady increase since 2012, so it is more important now than ever to make sure your patients can count on the safety of their information when they schedule an appointment with you (Becker’s Hospital Review). HIPAA regulations dictate that you must keep your patient information secure. Doctors have been fined hundreds of thousands of dollars for security breaches. Hiring a HIPAA consult to audit our practice is a good idea. This blog does not address HIPAA requirements but rather discusses a few issues that you may not have thought of. Here are a few essential tips to help you protect patient information and the reputation of your practice.
1. Protect All Patient Data
First, your practice and its employees need to recognize that patient data must be protected. All staff should be trained on HIPAA when they are hired. We retrain our staff annually using powerpoint slides and a written standard operating procedure (SOP). Make sure employees realize that any information that could identify a patient in any way, including names, addresses, phone numbers, and email addresses, as well as health-related information, needs to be treated with security. Most data breaches that do occur start as small mistakes made by an employee who may not have fully understood just how sensitive this type of information is. Be sure to discuss this with each of your employees so that everyone is on the same page about what information needs to be protected. Here are a few areas you should consider to make sure you are covered:
Sign in sheets at the entrance to our building or your reception desk. Use sign in sheets that have removable sticker so that patients do not see who else has signed in.
Text messaging- Do not allow your staff to text with patients unless you are using a protected service. We use Klara to text our patients. Klara encrypts the data and allows doctors to track all text messaging conversations between the staff and the patient. It doesn’t yet add the data to the electronic medical record (EMR) but hopefully that will come in the future.
Appointment Reminders– Give your staff a script about appointment reminders. They cannot say This is a reminder about your BOtox appointment on Friday” because that gives away patient data and tells the receiver that the patient is receiving Botox. You do not know who is receiving the email or voice mails, especially on a home phone number. Ask a HIPAA consultant about the best way to script appointment reminders.
2. Keep Your Practice Protected from Cyber Crime
Electronic health records are becoming the norm in most practice settings due to benefits such as coordination of care, increased productivity, and decreased paperwork. Medical practices are frequently targeted by cyber criminals, because healthcare data offers more private information than just the names, addresses, and social security numbers that these criminals can obtain from credit card data. It is also important to back your data up securely in the event of a virus. To avoid these pitfalls to your practice, make sure all computer software is up-to-date, and all devices have current antivirus and antimalware systems installed. You should also talk with your employees about how to handle suspicious email attachments and consider using data encryption software to encrypt all sensitive data. If healthcare data is breached, your practice could be fined, and you may lose your patients’ trust and tarnish the reputation of your practice. Make certain that the staff that works with the EMR is extremely well trained so that the do not accidently send out confidential information to the entire email list. We use Nextech and I send my staff to their annual meeting to help keep their skills up to date.
3. Keep All EMR Computers Secured in the Office at all Times
I heard a story about a physician who had his laptop with patient data stolen out of his care. He received a very large fine for HIPAA violations. Do not let your staff take home the EMR computer to finish up on work for ANY reason at all. Loss of these computers would be a breach of patient confidentiality.
4. Make Sure Your Staff is Using Individual Passwords and Not Logging Into Each Other’s Accounts
You are probably thinking “Of course my staff has their own passwords!”– but have you checked to make sure they are not logging in as each other? If the staff is not trained and constantly reminded, this can happen. Just take my advice and double check. We track how many patients the staff sees and how long they spend with the patient so that each employee is incentivised to be logged in as themselves. We have a zero tolerance policy for using each other’s passwords.
5. Have an Incident Response Plan Ready
In the event that patient data should be breached, even on a small scale, it is a good practice to already have a plan in place to swiftly and effectively handle the situation in order to minimize patient risk. Whether this means creating an in-house team to handle these situations, or hiring a third-party to help you, being adequately prepared can make all the difference in end result.
Developed by world-renowned dermatologist, Leslie Baumann, MD, the Skin Type Solutions® Franchise System is an educational, science-based skincare store that implements a simple and reliable system to maximize skincare product sales and improve patient compliance and results.
Based on Dr. Baumann’s patent-pending Baumann Skin Typing System, this first-of-its-kind retail model provides dermatologists with the scientific methodology, training, and education necessary to prescribe effective, customized skincare regimens utilizing multiple brands of products that have been independently tested and approved by Dr. Baumann. To learn more about what Skin Type Solutions can do for your dermatology practice, visit the STS site here.