Video: Every Case Tells a Story| Webinar: ACR/CHEST ILD Guidelines in Practice

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

  • Conditions
    • Axial Spondyloarthritis
    • Gout and Crystalline Arthritis
    • Myositis
    • Osteoarthritis and Bone Disorders
    • Pain Syndromes
    • Pediatric Conditions
    • Psoriatic Arthritis
    • Rheumatoid Arthritis
    • Sjögren’s Disease
    • Systemic Lupus Erythematosus
    • Systemic Sclerosis
    • Vasculitis
    • Other Rheumatic Conditions
  • FocusRheum
    • ANCA-Associated Vasculitis
    • Axial Spondyloarthritis
    • Gout
    • Psoriatic Arthritis
    • Rheumatoid Arthritis
    • Systemic Lupus Erythematosus
  • Guidance
    • Clinical Criteria/Guidelines
    • Ethics
    • Legal Updates
    • Legislation & Advocacy
    • Meeting Reports
      • ACR Convergence
      • Other ACR meetings
      • EULAR/Other
    • Research Rheum
  • Drug Updates
    • Analgesics
    • Biologics/DMARDs
  • Practice Support
    • Billing/Coding
    • EMRs
    • Facility
    • Insurance
    • QA/QI
    • Technology
    • Workforce
  • Opinion
    • Patient Perspective
    • Profiles
    • Rheuminations
      • Video
    • Speak Out Rheum
  • Career
    • ACR ExamRheum
    • Awards
    • Career Development
  • ACR
    • ACR Home
    • ACR Convergence
    • ACR Guidelines
    • Journals
      • ACR Open Rheumatology
      • Arthritis & Rheumatology
      • Arthritis Care & Research
    • From the College
    • Events/CME
    • President’s Perspective
  • Search

Cyber Safety in the HIPAA Age

Richard Quinn  |  January 6, 2017

“Unfortunately, there will always be people who will click on those links, or respond, or open up the poisoned attachment, unless they’re educated,” she says. “I’d like to think that 99.9% of the folks out there, they want to do the right thing. They want to protect their data. They want to protect their patients.”

Data security goes beyond patient health information, too. Most offices have applications for scheduling, email marketing, finance, etc.—and many times there are multiple cooks in those kitchens.

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

“Email is a huge risk, as is texting our patients,” Dr. Kazi says. “We have to be very careful. Use the patient portal as much as possible, and use the right technology to ensure that [data are] protected and encrypted.”

2. Protect Your Systems
Risk analysis and risk management must be periodically reviewed and updated in response to changes in the environment. Ms. Kim says that any change in personnel, technology acquisition/shuttering or an alteration of the processes around your data are “great times to call the consultant.

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

“Do you have an up-to-date firewall? Are you encrypting information you’re sending through the network, to and from? Are you encrypting information when it’s stored on your hard drive or stored on tape, so that if it’s ever stolen, no one unauthorized can get to it?” she asks.

If your practice experiences a data breach, or there is concern that the technology/systems in place are vulnerable, don’t hesitate to schedule an appointment.

“Ask [the consultant] how to close gaps, so you aren’t interrupted by cyber-events,” Ms. Kim says.

3. Don’t Share Passwords
“It should not occur,” Dr. Kazi says, noting he has from his own experience, and heard from colleagues, that such sharing happens in physician offices. “Nobody should ever sign on as you, the physician. I think that is one area rheumatologists make mistakes. It is just so problematic.”

4. Employ a Strong-But-Fair Policy for Personal Devices in the Workplace
It is fair to say the ship has sailed on this topic, because employees, even physicians, have a hard time putting down their phone nowadays.

“Everyone who works in the RISE server room has to leave their mobile phone outside and agree to have no access to personal email,” Dr. Kazi says. “I think that it is unlikely that practitioners and staff can do that on a daily basis. Everyone wants to stay in touch with their kids or spouse. This is more of a practice culture thing; an accountability thing.”

Page: 1 2 3 4 | Single Page
Share: 

Filed under:Information TechnologyPractice SupportTechnologyTechnology Tagged with:cyber securitydatadata managementHealth Information TechnologyHIPAAHIPAA compliancePractice ManagementTechnology

Related Articles

    Cyber Risks: A New Area of Liability for Medical Practices

    December 16, 2015

    Computerization of healthcare in general, and medical records in particular, has opened additional areas of liability for medical practices that many may not be addressing. A data breach of patient records can have major financial and business impacts on the practice when they occur. Data Intrusions Increasing The number of data intrusions hit a record…

    HIPAA and PHI Cybersecurity Best Practices in the COVID-19 Era

    September 14, 2021

    When the first SARS-CoV-2 case was recorded, it was difficult to appreciate the extent to which cybersecurity concerns, particularly in connection to the protection of patient healthcare data, would enter into main­stream consciousness. Although many practices and healthcare organizations have recently adopted additional measures to safeguard patients’ protected health information (PHI) through expanded cybersecurity monitoring,…

    English Hospitals Divert Ambulances After Ransomware Cyber Attack

    May 12, 2017

    LONDON (Reuters)—Hospitals and doctors’ surgeries across England were forced to turn away patients and cancel appointments on Friday after a nationwide ‘ransomware’ cyber attack crippled some computer systems in the state-run health service. The U.K. National Health Service (NHS) said 16 organizations had been affected by the cyber attack but said it had not been…

    Medical Device Safety Concerns Rheumatologists

    December 12, 2011

    Are recent controversies over metal-on-metal hip replacements and an IOM report cause for worry?

  • About Us
  • Meet the Editors
  • Issue Archives
  • Contribute
  • Advertise
  • Contact Us
  • Copyright © 2025 by John Wiley & Sons, Inc. All rights reserved, including rights for text and data mining and training of artificial technologies or similar technologies. ISSN 1931-3268 (print). ISSN 1931-3209 (online).
  • DEI Statement
  • Privacy Policy
  • Terms of Use
  • Cookie Preferences