The number of data breaches increased by 54% in the first half of 2019. Clinics are targeted because they’re not performing sufficient risk analyses to build the right mitigation plan and not keeping up-to-date on security measures. Subscribers that follow the advice of Brightsquid privacy support services stay ahead of cyber attacks and privacy breaches caused by human error with our perpetual compliance tools. Here are a few ways the Brightsquid team of certified privacy experts helps you avoided privacy catastrophes.
“Why do we have to encrypt the backup if it’s only ever with the dentist?”
There are many misconceptions about privacy requirements in healthcare on behalf of clinics and their IT support. Usually, these myths stem from not fully understanding the risks, or improperly interpreting the wording of the regulations.
Brightsquid's team of certified privacy professionals spend their days interpreting privacy regulations.
One major question we often educate clinics about is the encryption of mobile devices. Clinics and their IT support wonder why mobile devices such as laptops and external hard drives need to be encrypted. The answer is that devices such as these are targets for theft or subject to loss.
The Brightsquid team of certified privacy experts explains that you need to plan beyond best-case scenarios; you need to prepare for the worst. If a device containing patient information falls out of your control, you need to be able to prove that anyone in possession of the device cannot access the information.
Healthcare is the only industry in which internally initiated privacy breaches outnumber breaches that originate externally. Staff mistakes are a big reason why. Clinic staff handle private information throughout their day. It’s no wonder errors are made, but the right training can be the difference between smooth operation and scrambling to recover from a breach.
Clinics that have attended our privacy training frequently provide feedback that staff have avoided breaches by applying the principles learned to daily activities.
One clinician explained that training “has definitely been an asset to our office and we found it to be very informative and all-around helpful to the safety of our patient's information and the protection of our staff and office.”
There are serious consequences to not reporting a privacy breach. The first step in any breach response is recognizing it in the first place. Our training helps clinics be aware of the risks and define a privacy breach.
Once a breach is identified, you need to determine the risk of harm for any patients involved, applying specific criteria to your assessment. Our dedicated privacy experts work with clinics to assess the risk of harm in any breach situation, to determine if reporting is required and to plan their response and mitigation measures.
Every Brightsquid privacy support subscription includes Secure-Mail, a secure and compliant replacement for email, fax, mail, and even phone. Traditional email is the number one way ransomware infects clinics, and misdirected faxes, mail, and email are a major cause of privacy breaches in clinics.
Secure-Mail comes standard with critical privacy compliance features such as read receipts and message recall. When our support team received a frantic call from a clinic that had sent a message to the wrong patient, we were able to advise them on how to recall the unread message. They breathed a sigh of relief and said, “You just saved us from having to report a breach.”
The Brightsquid privacy team is ready to support your perpetual privacy compliance. Privacy regulations are complex and interpreting them on a case by case basis is a nuanced exercise. Our team maintains certifications in information privacy management so you and your team can stay focused on your expertise in providing excellent care.
Get started by completing this privacy risk assessment.