With the risk of a cyber-security breach increasing on a daily basis, below are some tips that will help practice owners maintain the security that they need in order to protect patient information. Establish a Security Culture ❒ Build a security-minded organizational culture so that good habits and practices become automatic. ❒ Conduct information security education and training frequently. ❒ A practice owner should be the security leader in the practice and set a good example in attitude and action. ❒ Instill taking responsibility for information security as one of your practice’s core values. Protect Mobile Devices ❒ Ensure your mobile devices are equipped with strong authentication and access controls. ❒ Ensure laptops have password protection ❒ Enable password protection on handheld devices (if available). Take extra physical control precautions over the device if password protection is not provided. ❒ Protect wireless transmissions from intrusion. ❒ Do not transmit unencrypted Protected Health Information (PHI) across public networks (e.g., Internet, Wi-Fi). ❒ Where it is absolutely necessary to commit PHI to a mobile device or remove a device from a secure area, encrypt the data. ❒ Do not use mobile devices that cannot support encryption. ❒ Develop and enforce policies specifying the circumstances under which devices may be removed from the facility. ❒ Take extra care to prevent unauthorized view of the PHI displayed on a mobile device. Hopefully, this information will provide some simple security tips in order to prevent a violation and/or security breach which can devastate a practice.
