Business Insider

A huge threat inside your doctor’s office doesn’t concern health

Once upon a time, your personal information was mostly safe. Before ones, zeros and the data bits flowed freely over wires, fiber and air, your date of birth, Social Security number, address and medical history were confined to a few thin sheets of wood.

Suddenly, we fear a data thief lurking around every corner of the internet. But many of us walk into a medical office and willingly hand over an abundance of personal information. And therein lies the problem. According to the most recent Verizon Protected Health Information Data Breach Report, 58 percent of medical data theft incidents involved insiders. The report reads, “Healthcare is the only industry in which internal actors are the biggest threat to an organization.”

Fortunately, there’s something each of us can do to make information safer in medical offices. Let’s start with people in the medical office:

1. Don’t collect more information than is absolutely necessary.

2. Keep all paper documents containing personally identifiable information locked away at all times

3. Keep all digital information containing personally identifiable information encrypted. Yes, encrypted! According the Verizon report, “The extremely common scenario of a password-protected, but unencrypted laptop stolen from a medical professional’s car is a prime example, as is a ransomware infection.”

4. Limit access to all personally identifiable information.

5. Create a list of all the steps you take to secure information and share that with the patient. Think of the trust built when a doctor sits down with a patient and says, “You’re entrusting your personal information with us. Here’s what we do to protect you.”

6. Stay up to date with the latest security measures and best practices (this article is not a comprehensive list).

7. Understand there is no 100 percent, absolute way to avoid data theft. Do everything in your power to prevent, but if data is lost, report it quickly and inform patients. This is not a time to try to “save face,” and prevent embarrassment.

8. If a person in your office is caught stealing information, prosecute and make a public example. Don’t just fire the person and let them go to the next medical office to perpetrate the same crime. Practice zero tolerance.

For patients and clients:

1. Ask questions. Don’t just fill in every blank on a form. Ask why the office needs the most sensitive of information and how it’s being protected. If you are dismissed with, “Oh, you have nothing to worry about,” or receive anything but a specific explanation of how your information is protected, there’s a good chance the office is NOT taking your security seriously.

2. Stay aware. Watch how people in the office handle information. Is that sheet of paper containing a name and Social Security number slapped on a clipboard and hung on a wall? Call out the offender.

As it turns out, this is not an all-inclusive list. I’m highlighting the real threat and providing a few things we all can do to reduce the threat. Stay data safe.

Dale Dixon is chief innovation officer of the Better Business Bureau Northwest.