Not All Hackers Are Russian

Not All Hackers Are Russian
…and other reasons to keep your data secure

I think it goes without referencing recent political headlines, but hacking is quite the buzzword lately.  In the HIPAA world, hacking can be an enormous problem for the solo practice therapist, but so too can many other safety and security issues—even the boring ones that don’t make headlines. By utilizing best practices like those highlighted below, you’ll be well on your way to improving the safety of your client information, as well as your practice’s HIPAA compliance.

  1. Make sure your data & devices are SECURE. Device encryption is a highly recommended way to keep data secure.  The good news is that some devices are encrypted by default.  So if you use an iPhones or an iPad, you’re in luck—encryption is a default setting. Mac computers are not encrypted by default, but it’s easy to turn on.  For Android phones you can check in the security section (under settings) to see if encryption is enabled.  Windows PCs are also not encrypted by default, but encryption can be enabled easily on those as well.  (Source / More information on encryption here). Be sure you are utilizing the handy feature on your phones and tablets that allow you to protect access to your device with a passcode/PIN/fingerprint reader.  This is a great first line of defense, provided you use a high quality passcode or your fingerprint.  Device encryption doesn’t protect against data in transit, but that’s a post for another day.
  2. Make sure your data systems are RELIABLE. Ensuring that your devices are reliable means immediately doing those sometimes annoying updates when they roll around, and changing your passwords when you’re prompted to do so (or, for the really proactive, on a schedule you set for yourself!). Sometimes those annoying updates are addressing security flaws that, left ignored, could leave you susceptible to attacks.
  3. Make sure your data systems & practices are founded on GOOD INTERNAL POLICIES. If Santa brought you a new phone in December, what happened to your old one? Did it end up in the catch-all drawer in the kitchen? For sale on ebay?  Either way, it is important to adopt a policy for “sanitizing” your old devices that may have client information in the contact or texting history.  Take a look back at this article where I went into more detail on my preferred Office Space-style internal policy.

Another great internal policy is the utilization of a password manager.  If you feel like you’re constantly being prompted to change your passwords and you’re finding it impossible to remember them all AND use different passwords for different websites, a password manager may be a great solution for you.  You only have to remember one password for the app, which then grants you access to an entire database that stores complex passwords generated by the application.

Remember: Secure, reliable, and good internal policies.  By keeping these things in mind, you are well on your way to having your HIPAA compliance ducks in a row!