The Physicians Practice S.O.S. Group® www.ppsosgroup.com
Fix My Practice – Educating Employees to Prevent Data Breaches
Why are we hearing about so many breaches and I believe it is because we are not educating our staff about all the potential risk.
HIPAA security starts with employee education. You can lock your systems down, run scans, use antivirus, do regular patching etc. However, in reality, all it takes is for an employee to click on something, or upload something and like a magic trick…you now have a breach. Even Blue Cross and Blue Shield fell victim. An employee uploaded a file containing member information to a public facing website. The worst part is that was not discovered until 3 months after it happened. It exposed over 16,000 patients. While it was only 1% of its members, but it happened, and 1 patient is 1 patient to many. The immediate questions that come to my mind regarding this were: Did they provide employee education? Did this employee simply upload the wrong file, or did they not understand what they were doing? Was it malicious?
The data was out there for 3 months and they are unable to determine if it was accessed. The breach included names, date of birth, diagnosis codes, provider details, and procedure codes. All the information needed to process claims. No social security numbers or financial data such as credit cards were exposed. This is important because that is the information that could be used in medical identity fraud.
This breach will serve as a stark reminder for practices to have proper access controls, network monitoring, policies and procedures and employee education in place. Bi-annual training and training upon hiring will help eliminate some of these unnecessary breaches.
Practicing quality medicine while maintaining and managing the bottom line is a balancing act that provider’s face daily. The Physicians Practice S.O.S. Group is committed to and has helped healthcare providers across the country with new practice startups, IRO needs, and providing practice management and compliance solutions. Call our office to discuss any needs you might have.
Regina Mixon Bates, CEO | The Physicians Practice S.O.S. Group | www.ppsosgroup.com
#ReginaMixonBates #practicemanagementconsulting #practicemanagement #physicianconsulting #consulting #HIPAAsecurity #breachprevention