How to Prevent Employee-Caused Data Breaches at Your Dental Practice

INTRODUCTION

dental officeSecurity breaches in the healthcare industry are on pace for more than one per day, according to a recent report. What’s telling is that 9.2 percent of the breaches occurred through accidental email/internet exposure and 8.7 percent due to employee errors, an IT security company discovered.

It’s one thing to be targeted by hackers, but dental practices wanting to prevent healthcare data breaches need to eliminate ones caused by staff.

Here’s how you can protect patient health information:

EDUCATE AND TRAIN DENTAL STAFF

Depending on the size of your practice, you may have just one person who handles all of your marketing, social media and PR. Let’s call this person your marketing director (and if you don’t have one, it may either be the owner or the receptionist).

You and your marketing director must focus internal communications efforts on situational training and education, respectively.

For your marketing director, regular communications–be it newsletters, Intranet blog posts, presentations, quizzes and/or handouts–are important to engage staff and build a mindset in which security is at the forefront. Your objective is to reduce or eliminate unintentional employee-caused data breaches.

For you (or your third-party IT consultant), cybersecurity company Redspin says to test staff with phishing emails and phone calls. Supplement the training with posters, wikis and other items the staff can reference quickly. For example, small stickers on laptops reminding staff only to use trusted wi-fi hotspots can go a long way.

With education and training, your dental practice hopefully can avoid breaches such as the email scam that affected the nursing home chain American Senior Communities in Indiana.

USE A PRIVILEGED ACCESS MANAGEMENT SYSTEM

Work with an IT company to install Privileged Access Management (PAM) software. It will determine who may access various systems and create a digital audit trail. PAMs often require multiple types of authentication when logging in. Thus, you need to make sure staff members achieve informed consent about these safeguard processes that can be time-consuming or annoying, according to the Commonwealth Fund.

PAMs also can help stop malicious employees or ex-employees who intentionally steal information or cause other harm to your systems. Give your dental patients peace of mind by telling them (e.g. through your website) that you’re doing everything in your power to protect their sensitive information.