Jonathan Podwin, Director, IT Operations, dentalcorp
With the rise of technology in healthcare, it is more important than ever to protect your data. Technology is a key enabler and advantage in the delivery of optimal patient care, but the systems we use can introduce additional vulnerabilities that need to be addressed. The convenience of online appointment booking, the increased use of digital forms, and the popularity of online portals all represent potential system and data vulnerabilities. Even innocuous digital imaging and practice management systems need to be considered as part of a Practice’s strategy to protect patient information and ensure system security.
Security is a shared responsibility
Everyone on your team can and should play an active role in protecting the Practice. Make sure that each team member understands the common risks and ways to mitigate them. The list that follows provides tips that everyone can follow to help keep your Practice safe.
Don’t let curiosity get the best of you. Always delete suspicious emails and links, as they can compromise your computer and create unwanted problems. Remember, if something looks too good to be true, it probably is.
Don’t respond to emails or phone calls requesting confidential company information—including employee information, financial results, or company secrets. They often appear to come from trusted sources like an employee or business partner. Validate any interactions relating to technology or IT support using verified contact details and report any suspicious activity.
Don’t leave printouts containing private information on your desk - lock them in a drawer or shred them. Keep your desk tidy and documents locked away. It makes the office look more organized and reduces the risk of information leaks.
Out-of-date virus protection or software which is not equipped to defend systems against evolving threats puts your systems at risk. Regularly update virus protection.
Weak, repeated, shared, or publicly displayed passwords put your data at risk. Make sure you use unique, long, and complex passwords, and be sure to update them at least once a year. Don’t use obvious passwords, like “password,” “cat,” or obvious character sequences on the qwerty keyboard, like “asdfg” and “12345.” Try to use different passwords for different websites and computers so that if one gets hacked, the others remain secure.
Encryption / Password protection of File
Always password-protect sensitive files on your computer, USB, smartphone, etc.
Remote Access and Shared Locations
If accessing systems remotely or from shared locations (which should be avoided whenever possible), ensure that the Wi-Fi connection is secure and that you have logged out and cleared your browser history when you are finished. If you are working from home, ensure your router admin password is not the “default” password, is complex, and is changed at least every 6 months. Ensure your Wi-Fi password is likewise secure and do not share your device with anyone else in your household. If that is not possible, ensure that you have a separate secure log-in to your device which restricts file/folder access.
Third-party messaging platforms
Do not use third-party messaging to discuss patient information. Avoid referring to any identifiable piece of data associated with a patient in your messages.
Trust the experts
When in doubt, enlist an expert. dentalcorp has a 30+ person IT team dedicated to supporting and delivering a best-in-class technology stack that empowers and supports our practices across the country, keeping our clinics safe and information secure. We limit risk and potential negative impact with separation of duties and segregation. We ensure that only those necessary have access to sensitive data. Our clinics have full segregation to ensure that there is no lateral movement across our network of practices if a breach were to occur.
Originally published in Oral Health journal.
About the Author
Jonathan Podwin is an experienced IT professional with over 17 years in IT Operations within the healthcare and retail industries. Throughout his career, he has led teams in Cyber Security, IT Service Management, on-prem/cloud Infrastructure, and Network administration. Jonathan is the Director of IT Operations at dentalcorp.