5 essentials for securing patient health data
When you’re working in healthcare, you can never be too careful with your patients health information. Here's the five things we recommend you do to keep your patient records as secure as possible.
Joel and Bill (Cliniko ops engineer) took to YouTube to chat about online security during COVID-19. With more people than ever working from home, it’s paramount to ensure the online security of your team, your clinic, and your patients.
Emily Gable·
Right now, more people than ever before are working from home. This means it’s especially important to consider online security—for your clinic and your patients. How are you storing patient data? Are you using passwords that can be easily guessed? What steps are you and your team members taking to secure your devices? COVID-19 might be forcing us to change our routines, and during this time, online security is more important than ever.
You can review the recording from our session here:
Some of the topics we covered in our event were:
How should passwords be managed?
Use unique passwords for everything. The longer, the better—things like phrases are good. Don’t share your passwords with anyone, and don’t use the same thing for different accounts! It might take a bit more effort, but it could save you in the long run. Password managers, such as LastPass or 1Password, are helpful for storing and creating unique passwords (and they integrate nicely with your browsers, so it makes it easy to log in to your various accounts).
How can I keep my accounts secure?
If it’s not clear already—strong, unique passwords! It’s also a good idea to sign up for alerts on sites such as have i been pwned—this will let you know if your email address is compromised, and if you receive a notification, you can take immediate action to secure the compromised account.
Also, use 2-factor authentication (2FA)! 2FA is something that’s used in addition to your username/email address and password that gives you a unique, one-time code and requires that you have a physical device (such as a mobile phone). It’s called 2-factor authentication because it requires two factors: the first is your email/password, and the second is the device that the code is generated on. It’s an extra step, but it’s worth it—especially compared to what would happen if someone got access to your account.
How can I keep my devices secure?
Make sure your hard drive is encrypted—and back things up! You can have the most secure password in the world, but if someone steals your computer, they could—in theory—remove the hard drive and put it into a different computer. Encryption helps to keep your hard drive safe. Many devices will make encryption easy—FileVault (for Mac) and BitLocker (for Windows) are applications that you can “set and forget”—meaning you can turn them on once, and they’ll handle the rest.
What’s the difference between HTTPS and HTTP?
HTTPS (emphasis on the “S”) means that the website you’re visiting is secure. HTTP (without the “S”), means the site you’re visiting is not secure. Don’t enter payment information (among other personal details) on websites that aren’t HTTPS!
How can I make sure my home office setup is secure?
Make sure you’re using a secure wifi network (ideally, this is your home network, which is accessed only by you and those in your household, and is secured by a unique password). Don’t access clinic/patient data on a public network—so if you’re at the airport or at Starbucks, don’t use their public wifi if at all possible. If you have to, use a VPN—but a better option, if not working at home, would be to use your mobile phone’s password-protected hotspot as your connection.
Here are the links to the sites and applications we mentioned in the recording, plus a few more! All of the tools mentioned have a free version, although some have paid-only features. Note that if you share your information with any third parties, you may be contacted or receive marketing from them.
5 essentials for securing patient health data
Your patients depend on you to keep their health records safe. Check out this blog post to learn best practices for what you can do when it comes to securing your patients' health information.
Best practice for securing health data
Joel gave a presentation on how to best secure the health data that you and your team work with on a daily basis. This blog post features the entire video presentation, as well as the transcript.
How to evaluate the security of your telehealth software
This blog post, written by John Colvin (one of Cliniko’s developers), offers tips on what to look for when choosing a software for telehealth calls (but these tips apply to many things, not just telehealth!).
The 50 worst passwords of 2019
A list of the top 50 worst passwords of 2019. Don’t use any of these (or any like them)!
How secure is my password?
This lets you input any password, and it calculates how long it would take a computer to guess that password. (The longer it takes the computer to guess it, the more secure it is!)
have i been pwned
A site that lets you enter your email address, and it will let you know if it’s been compromised (and which sites it was compromised on).
1Password & LastPass
Secure password managers that let you store and create passwords for all of your various accounts. When used correctly, they allow you to log in to each of your accounts without even needing to type your password out.
Authy & Google Authenticator
2FA apps that generate unique codes for you to use in addition to your normal login process (email and password). While it adds an extra step to the login process, it's worth it for the added security.
GoogleCloud and Australian Privacy Principles
Talks you through what you need to do to make sure your GoogleCloud/GSuite account is compliant with the Australian Privacy Principles (and therefore acceptable to store patient data in).
Little Snitch 4
A network filter—lets you know what applications are trying to connect to your network. If a new piece of software is installed that it doesn’t know about, it will alert you, and ask if you want to allow the connection.
Carbon Copy Cloner
Backup software for Mac—if your hard drive crashes, you can boot from your backup disk.
Bitdefender
A virus-checker software, available for Windows, Mac, and mobile devices.
Nord VPN
A Virtual Private Network application that will let you securely connect to a network—even a public one—while encrypting your connection. It’s still best to use a private, trusted network if possible, but a VPN such as Nord is good to have as a backup, especially if you’re travelling or working in a public place.
Filevault
An encryption tool for Apple computers.
BitLocker
An encryption tool for Windows devices.
When you’re working in healthcare, you can never be too careful with your patients health information. Here's the five things we recommend you do to keep your patient records as secure as possible.
Presenting to Victoria University's (AU) fourth year Osteopathy students, Cliniko founder Joel Friedlaender details how all health professionals can keep their patient health data safe.
Do you need to evaluate telehealth solutions to be used in your business? John, one of the developers that built telehealth for Cliniko, shares his tips on what to look for, and how to make sure the system you choose is secure.