7 Ways To Avoid A Data Breach In Your PT Clinic

Aug 7 | , , , , , , , ,


Data security is especially important when you store the sensitive, personal information of a large number of physical therapy patients. It’s vital your clinic takes every step necessary to avoid a breach and protect the data of your clients. Here are seven steps to avoid a data breach in your private practice:

1. Educate your staff
According to the Forrester, 36 percent of data security hacks resulted from inadvertent employee mistakes in 2013. To avoid employee missteps, inform your therapists and staff of your clinic’s data practices and how employees can be harmful to the clinic without knowing it. Ensure workers know the actions that can lead to a breach, like leaving devices unlocked or without password protection. The more your staff knows about the factors of a hack, the better employees will avoid the behaviors that cause trouble.

2. Keep software updated
If your firewalls or backup solution tell you that it’s time to update the system, don’t delay the process. Refreshed software can make all the difference for hackers looking to gain access to your practice’s records. Waiting too long increases the number of weaknesses in your system, making it easier for outsiders to enter the network and grab unprotected data.

3. Encrypt data and devices
An investment in encryption software helps keep clinic and personal devices and information protected from outside eyes. While it’s a basic tool, masking sensitive data can save your practice from the loss of client loyalty and patronage. Encryption is a proactive measure that can save private practices the stress and money associated with the recovery from a data breach.

“Encryption is a proactive and preventative measure that can save your practice money.”

4. Collect less information
A simple way to prevent a data breach is to store less information overall. Request only the most vital material from patients to keep on file. For example, most physical therapy practices don’t require a Social Security number if insurance identification is present. Delete credit card numbers as soon as they’re used to keep your database as clear as possible. Unnecessary and antiquated information like old pay stubs and invoices should be shredded to protect clients’ personal data. If patients ask to keep a card on file, explain the measure is for their safety.

5. Conduct a risk assessment
The ability to patch up weaknesses in your practice’s system is impossible without knowing where the vulnerabilities are located. A third-party company will be able to identify the most dangerous aspects of your data solution and provide you with methods to fix them. Risk assessors can also help your practice prepare a response plan in the event of an emergency. An assessment is a smart expense to undertake, which could save your clinic the stress and distrust associated with an information breach.

6. Use a monitoring system
It’s important to keep an eye on database activity to oversee who enters the system and what the users’ functions are. Certain events and records of activities like multiple failed logins should signal an error that needs to be investigated by your administrator. While reviewing logs daily may be difficult in a physical therapy practice, looking over them weekly could prevent a large-scale data breach from taking place under your nose. If you need extra assistance, a security company will be able to decipher the log codes for you.

7. Adhere to HIPAA’s Security Rule
The U.S. Department of Health and Human Services, under the Health Insurance Portability and Accountability Act (HIPAA), developed security regulations to protect the protect the privacy of individuals’ health data in an information age where technology is constantly changing. The Security Rule states health care providers and clearinghouses that transmit information electronically must enforce physical, electronic and administrative measures for defending personal information from unauthorized persons.

Included in these safeguards are security personnel that will implement safety procedures; access and audit controls that decide which authorized persons have access to information; software that monitors activity in the system and a limit of physical access to the premises.

Data breaches in a medical setting are particularly dangerous. Tons of valuable patient information is stored in one place and without proper security measures, hackers can gain access into the system and wipe out your practice’s records. To avoid an incident like this, it’s vital for clinics to take precautions like encrypting information, hiring a risk assessor and educating therapists about safe data practices.


This article is brought to you by PREFERRED Therapy Providers Inc. PREFERRED is the nation’s leading payor management services network. Our expertise is working with physical, occupational and speech therapy practices – from single clinics to multiple clinic locations.