By Tony Cody, Owner, 12 Points Technology

As a business owner in the healthcare field, your top priority is taking care of your patients.  Most of the time, you do so by giving them medication for an illness, setting a broken leg or scheduling counseling sessions to work on a mental health issue.  However, there is another level of taking care of those who come to you for help, and that level has nothing to do with the actual practice of medicine.

Taking care of your patients also means keeping their private information safe and secure.  In this day and age, every administrator in the healthcare field is aware of HIPAA and is concerned with abiding by HIPAA guidelines so they don’t run afoul of the government.  While this is admirable, it’s only the first step in a mindset of always putting their patients’ privacy and security first.

Most business owners have one thing at the top of their priority list: running their company effectively and profitably.  Doctors, chiropractors, dentists and others in the healthcare field are no different.  If they don’t keep their eye on business development, there will be no practice and therefore no patients to take care of.  Many times, they are handing over the reins when it comes to network security to secretaries or HR personnel and, unfortunately, handing over the reins sometimes means dropped balls.

Don’t get us wrong: we’re not blaming those in the healthcare field for possible HIPAA violations nor are we pointing fingers.  Having a secure network is a highly technical and often confusing process, especially with the ever-changing technology and the adaptability of those who are trying to steal information or commit other cyber-crimes.  Having a secure network involves everything from a strong password policy, limiting of information only to those who need it, email encryption, secure forms on websites and much more.  It’s usually too much to process for those who do not have a strong IT background (which most in the healthcare field do not possess).

So what happens when that ball DOES get dropped and a HIPAA violation occurs?  Yes, you can get fined or otherwise punished by the government (and we all know that’s not a good thing).  But let’s go a little deeper than that.  Let’s say that your network was breached by a hacker and that a good portion of your patients had their PHI (Private Health Information) stolen.  What does this do to your practice?  The patients that you have vowed to take care of are now facing the nightmarish possibilities of identify theft, credit card fraud and exposure to incredibly personal health information.  What does this mean for you as a healthcare provider and business owner?  It could very well mean tarnishing (or even destroying) your credibility and the trust that you have worked so hard to build over the years.

Whether HIPAA existed or not, you should always be concerned with taking care of your patients’ Private Health Information.  The next question is, how do you do so?  The best thing you can do is work with a professional who is up to date on network security (and HIPAA guidelines) BEFORE an issue takes place.  With new HIPAA regulations, those in the healthcare field get audited regularly to make sure they are compliant, and it’s important to have an IT security professional come in prior to an audit to make sure all of your proverbial ducks are in a row.

Of course, having the right software, encryption and anti-virus methods in place is just half of the story.  The other half is what usually trips up most businesses and it can be summed up in two words: human error.  You can have the gold standard in anti-virus installed on your network, but if one of your receptionists opens a file she’s not supposed to, a breach can still occur.  That’s why it’s important to not only focus on your network but also to focus on training and educating your employees on best practices.  If you want to take the next step, you can also consider installing software that virtually eliminates the possibility of infection no matter what file is opened.  Meanwhile reviewing and updating all other defenses is an ongoing task that should be repeated regularly to ensure you’re doing everything you can to safeguard your network and your patients’ data.


Tony Cody is the Founder and CEO of 12 Points Technologies, a digital forensics and cybersecurity company that helps protect businesses from online threats, recover from online incidents and provides services for those who need to recover critical information from digital devices.  Tony has over 20 years of IT experience with the U.S. military and private firms.  For more information, please visit www.12PointsInc.com