“Epic and others like it were not designed for use by clinicians on the front line trying to help patients,” he says. “These systems are giant billing platforms. It’s varying fields of data to be walled off.”
Sadly, Epic and others like it are all we have when it comes to storing patient data safely, and despite their flaws, these portals are still the safest available option for doctors and patients. Health care facilities are strictly regulated to receive federal government funding, and they must pass safety certifications, including security protections for patient data. They also seek to maintain industry recognition in order to stay credible and competitive. Want to make a hospital exec nervous? Tell them the Joint Commission is coming by for a visit. They need those gold star approval ratings.
Some patients are under the misconception that these systems are not really that secure. But in the past few years, data breaches have been rare (though they do happen). Hackers frequently target hospitals and health care systems for ransomware attacks, but it doesn’t pay for hackers to demand money when robust backups exist. While the industry has made some progress, the problem of individuals taking personal risks continues.
A former Department of Homeland Security adviser and a doctor, Chris Pierson is CEO of BlackCloak, a company that specializes in personal digital protection from financial fraud, cybercrime, reputational damage, and identity theft. He believes vigilance is key for doctors and patients alike.
Protect Your Entire Family
“I don’t think people realize that once someone is able to get just one piece of information, that can lead to opening others’ private data,” Pierson says. “It’s no longer the original individual on their computer, but additional family members’ identity that can be compromised.”
He explains that even if one organization keeps your data safe, another associated one may not, and that’s where criminals will strike.
“It’s not just medical offices. It’s your pharmacy, labs, insurance company, anyone who keeps personal information. That has real value, and selling it is the priority.”
Victims of identity theft can be revictimized when personal information gets into multiple hands. A street address and verified phone number can go far, especially if the phone contains many contacts, who then become vulnerable to attack themselves.
“If you get Mom’s info, you can get the child’s as well. An ID card, social security, all of it, and then they have the ability to collect false medical claims or just extortion. It’s a two for one.”
Two-Factor Authentication Is Worth the Effort
Pierson mentions how critically important it is to use a multistep authentication system. Your level of protection goes up considerably just by using secure passwords and one-time authentication codes.
Thankfully, setting all this up is easier than it sounds. Apps on your phone or tablet can help. Google Authenticator, when paired with a service that supports authenticator apps, provides a six-digit number that changes every few seconds and can keep people out of your data even if they have your username and password. Other companies ask users to enter an SMS code as the second authentication factor, in addition to a password, although SMS codes are less secure than authenticator apps. Either approach is better than none—unless a hacker is in physical possession of your phone, they are not getting access.
Social Media and Tracking
Social media is becoming a popular way for health care providers and entrepreneurs to connect with the public—and often to sell them treatments or advice. These Instagram or TikTok accounts may offer tips from someone in the medical industry, which can appeal to those facing rising health care costs and difficulties accessing care. But an internet doctor’s background or popularity does not ensure that they observe strong privacy guidelines or secure their transactions.
My Instagram is flooded with offers promising everything from better sleep to improved sexual health. It’s nice to have options, but that help and any information you receive from those accounts or send to them isn’t covered under HIPAA. Any time you pay out of your own pocket for health-related items or services, or on a direct-to-consumer health app, there is no recourse if someone steals your personal information or shares it.
Along with social media and direct-to-consumer health options comes large-scale data tracking. Outside of official medical practices, you should view surveillance as an expectation, rather than an exception.
Ask Questions
When you sign up for any service, whether through a new doctor’s patient portal or an online supplement shop, ask how your data is stored and where it goes. Read the privacy policies and settings, even briefly, to find out what options you have to restrict the sale or reuse of your data. Check the default settings to make sure you’re not giving away too much information. Find out if the service or platform offers two-factor authentication and set that up if it’s available. Know that it’s rare for anyone to need your social security number, no matter what a customer service agent says. A birth date and address is usually enough.
Pierson and others agree that we all need to consider security from several angles and do our best to protect ourselves and our loved ones. “The sophistication of identity attacks will always evolve and change. Remember, they only have to get it right once, but we have to guess right all of the time.”
Denial of responsibility! My Droll is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
