ICD-10 updates: protect your practice from hackers [INFOGRAPHIC]

You have seen the headlines – “…Data stolen from Anthem, CareFirst and other medical industry heavyweights.” Hackers pose a threat to businesses, government and individuals alike. The threat of hackers gaining sensitive patient information is very real for practice owners today. As a doctor of optometry, you have spent dozens of hours preparing your practice to handle the new ICD-10 codes, but have you made the changes to ensure your patients’ information is safe? According to the Ponemon Institute, cyber criminal attacks in health care have increased 125 percent since 2010. It is a good time when you update your computer system(s) to make sure you are following HIPAA security rules as well as protecting your practice from hackers. The following are some things to check off your list as you complete your transition to ICD-10.

The Checklist

In order to protect your patients’ information and prevent receiving a hefty fine, your practice’s security measures should be tailored to address the exposures brought on by hackers. In fact, the FBI issued a private industry notification in 2014 warning health care providers that their security measures were too lax. Here are some steps you can take that will help you strengthen the security of your data:

• Encrypt your patient data. Encryption is a way for you to convert your patient data to encoded text. This means you must have the key to the code to be able to read and understand the information.
• Protect your hardware. Some of the biggest vulnerabilities for any practice are items that can be easily walked out of your office, like laptops, tablets and smartphones. However, should such an event occur, it is not as likely that you will face a stiff penalty if your data is encrypted.
• Talk with your vendors. Vendors who have access to patient information, like billers, coders, and document shredders, can also be held liable for a breach. When you sign your vendor agreements, make sure you understand their security measures and what liability, if any, they will take for breached data in their possession.
• Password management. While you may not want to spend the time it takes to login, passwords are often your first line of defense in protecting patient data.
• Provide staff training. As you’re training your staff for the ICD-10 transition, take time to go over security measures. Periodic reminders and clear security guidelines are key to keeping your practice safe.

For more ICD-10 transition tips, see “COA aids for ICD-10 transition” and “Less than 30 days until ICD-10 – Last minute checklist” in this issue.