Steps to Security

Posted By American Med Spa Association, Monday, March 13, 2017

Experts agree that protecting patient data should be every employee's job. When securing protected health information (PHI), says Scott Schober, "One of the most effective things that people overlook is that the weakest link is often people. People are part of the problem, and part of the solution." Schober is CEO of Berkeley Varitronics Systems.
"Your first line of defense is your employees," adds Jennifer Searfoss, Esq. She is chief solutions strategist for healthcare consulting firm SCG Health.

To shore up your people and policies, consider these operational and technical tips:
Make it personal. At a recent training session, Ms. Searfoss showed her employees compromising pictures of nursing-home patients that had been posted online by their caregivers.1 "I had all the employees bring in pictures of their grandparents and place them next to these pictures." Once the employees realized how they'd feel if their grandparents had been thusly betrayed, "They understood their role – protecting our patients."
Never give your own personal information unless absolutely necessary. Medical practices do not need patients' Social Security numbers to provide care, says Mr. Schober, and they can't deny care to people who won't provide them. "What happens when you write that down? That paper is photocopied; one copy is placed in a folder, the other goes into a file cabinet. A staffer takes that information home and enters it from a remote computer attached to the practice's server. Your Social Security number is everywhere."
Read more at Dermatology Times >>