When you work in healthcare you can’t afford to be complacent about data security—the consequences of a breach could be disastrous, for both you and your patients. These are some security threats you need to know about and some strategies to ensure that your digital records remain protected.
Aisling Smith·
You’re not imagining it—online scams are becoming more convincing. This means that implementing strong security practices is more important than ever, especially when it comes to your allied health practice. You’re the custodian of highly sensitive and private information, all of which is very juicy bait to hackers. So how do you avoid becoming a cautionary tale? By knowing the threats that you’re facing and taking the right steps to protect your data.
Once upon a time it was easy enough to figure out that the email, riddled with typos and telling you that you’d won 10 million dollars, wasn’t legitimate. These days, scammers have gone high-tech and sophisticated. With the rise of AI, it’s getting harder to pick up what’s real and what’s fake—and the bad news is that it’s only likely to get worse. As a starting point, make sure you’re aware of:
Treat any communication you receive with caution, even if it appears to be from someone you know. Obviously, be careful with your bank details and credit card information, but also make sure that you never share your password with anyone for any reason. It might not feel good to always be cynical, but it’s better than being sorry! It’s also a smart move to restrict what information you share on social media or other public platforms (perhaps consider making your personal accounts private), so it can’t be weaponised by scammers.
The importance of data security for health professionals can’t be overstated. At a minimum, a data breach will cost you time, money, and patient trust. At worst, it could land you in legal or regulatory trouble, or even cause your business to fail.
The good news is that these consequences can be avoided by following some simple security steps.
Having the right security measures in place is the cheapest and most effective way to remain compliant and avoid a data breach. A small amount of effort in the short term could save you a world of pain down the track.
We encourage you to implement all of the following steps for your Cliniko account, and many of them will be applicable for other online services that you use as well.
There’s a handy website called Have I Been Pwnd that allows you to check whether your personal information has already been involved in a data breach. We recommend you have a look. You type in your email address and the website informs you as to whether you’ve been compromised, which can help you figure out how vulnerable you are right now. A service like iCloud Keychain automatically checks for this.
This is your first line of defence against a data breach and while it sounds obvious, far too many people don’t get this right. Having a password that can’t easily be guessed isn’t an annoying bureaucratic hurdle to jump over; it’s an essential step to protecting your data. While we all get taught that a password including “a combination of a letter, a number, lower case, upper case, and a symbol” equals a strong password, this isn’t actually the case. So, what criteria should you use for your passwords instead?
Enabling 2FA in Cliniko (two-factor authentication) is the single most effective step you can take to keep your account secure. It works by adding an extra layer of protection in addition to your username and password. With 2FA enabled, logging into your account requires you to enter a code that gets sent to your device. This means that even if a hacker gains access to your password, they’ll also need to have your phone or your iPad handy to get any further. It’s also possible to make 2FA mandatory for all users on your Cliniko account and we highly recommend that every healthcare practice takes this step.
Keep software and devices up to date, and always install the latest version. This is important: software updates fix any bugs and gaps in the security of the current system and prevent you from becoming a target for hackers. It’s similarly important to keep your browser up to date and What Is My Browser is a site that allows you to check this.
What are the security policies of any third-party software that you use? Check whether the service you’re using includes peer-to-peer encryption (we talk more about the different kinds of encryption in our article all about telehealth security). It’s also a wise idea to review whether any tools you use will sell or transmit your personal data to other parties—you can’t afford to skip the fine print.
Make sure that your team can recognise a phishing email or text, as well as the impersonation techniques used by social engineers. It’s also a good idea to give them strategies to know what to do if they’re in doubt and even to invest in some education or training sessions they can take. As a starting point, you could ask them to take this online test about phishing!
Use a system to verify the identity of anyone calling for information and make sure that you have a protocol in place as to what information to give out. When you’re authenticating your patients, try to do so in a way that preserves their confidentiality—which is one of the reasons that online booking can be a better option than phone booking.
Create clear procedures that you can follow when someone leaves your practice, and a key part of this is making sure that their security access is revoked ASAP. Thinking about future security from when you first onboard new team members will make your offboarding much easier.
While we take the security of your data very seriously at Cliniko, we can’t protect you without your help. If you don’t have basic security protocols in place, then it doesn’t matter how secure our software is—your patient data is still at risk.
Security can feel like a hassle until it’s too late, so take a few minutes today and make sure you’ve checked off everything on this list.
When you’re working in healthcare, you can never be too careful with your patients health information. Here's the five things we recommend you do to keep your patient records as secure as possible.
Two-factor authentication (2FA) is one of the best tools you have to prevent unauthorised access to your online accounts. Learn how 2FA works and why you should be using it to protect your patients' privacy.
Are you setting up your new team members in a way that ensures the privacy and security of your practice?
