Secure Your Patient Portal
Communication with your patients is a vital part of the care you give. Whether you need to inform them of a change to their appointment, give them the results of a test, or whatever else, you need to be able to share data with those you care for.
You’d rather not have to use the phone for communication every time, right?
And you don’t – thanks to advances in healthcare technology, and business technology as a whole, you can keep in touch with your patients in a number of convenient ways – such as the patient portal.
However you choose to do so, you need to make sure it’s done securely so that you’re not putting patient data and your organization’s HIPAA compliance at risk.
What Is A Patient Portal?
The patient portal is a secure website through which patients can access their electronic health record (EHR). Additionally, depending on the type of medical practice and software involved, the patient portal may also allow for a range of different associated tasks to be carried out, such as requests for prescription refills, appointment scheduling, and direct messaging.
What Risks Are Involved With A Patient Portal?
The fundamental problem here is that any technology that makes data access and sharing more convenient can also make that data less secure. In other words, the easier it is for you to access data, the easier it could be for cybercriminals to access that data as well.
Think of it like this – the most secure place to store data is in your head. If you can memorize the data, then there’s no way for anyone but you to access it. As soon as you write that data down, or put it in an email or store it in the cloud, it is automatically, by its very nature, less secure.
That’s why, if you’re going to make patient data easier to access by connecting it to a patient portal, you have to make sure it’s properly secured.
Have Patient Portals Already Led To Patient Data Breaches?
Yes – this isn’t just a theoretical risk.
Unsecured patient portals have been exposing patient data for some time, with 2019 seeing a considerable increase in data breaches. There have been more than 25 million patient records breached in the last 6 months alone. This is more than a 66% increase when compared just to 2018.
What Does Patient Portals Security Have To Do With HIPAA?
While HIPAA does not specifically mention patient portals, they fall under its general HIPAA Security Rule and the subsequent standards and implementation specifications. In a nutshell, you have to do whatever it takes to protect your patients’ data.
Whatever you’re currently doing to protect patient data accessed via portals, it’s only considered compliant up until the point that it’s breached.
In the report, “The State of Patient Identity Management”, the surveyed healthcare organizations reported using the following security measures in patient portal authentication processes:
- Username and password (93%)
- Knowledge-based authentication questions and answers (39%)
- Email verification (38%)
Given the rate of data breaches in the healthcare industry, you could assume that these standard security measures aren’t enough. Fortunately, there are more steps you can take…
How Can You Better Secure Your Patient Portals?
Implement a multi-factor authentication solution, which requires the user to utilize two methods to confirm that they are the rightful account owner.
There are three categories of information that can be used in this process:
- Something you have: Includes a mobile phone, app, or generated code
- Something you know: A family member’s name, city of birth, pin, or phrase
- Something you are: Includes fingerprints and facial recognition
Though multi-factor authentication does make it harder for the account owner to access the account, it also makes it difficult for others to learn your password. Their job becomes much tougher because they now need to do more than just hack your password. They’ll need personal information about the account owner.
This is an easy, cost-effective way to protect your patient portals and your patients’ data. By adding an additional layer of security, you make it that much harder for cybercriminals to break their way in.