Quality Matters Newsletter

Ignoring Computer Security is Risky Behavior

Created 12/22/2011
by Tilley, Kathy

What would you think if someone handed your medical records over to a complete stranger and told them to go ahead and read your private information, steal your identity, or do whatever they want?  That’s what happens when computers with clinical documents saved on them are stolen.

As overseers of your consumers’ well-being, you owe it to them to guard their personal information carefully. In addition to notes which contain personal data, clinical documents usually include HIPAA protected personal health information (PHI) such as name, birthdate, phone number, address, Medicaid ID, and case number. 

How can you make sure this doesn’t happen to you and your consumers? The most basic way is DON’T STORE ANY CLIENT INFORMATION ON A LOCAL DRIVE (e.g., C: or D: or USB drive) of your computer! With CHIP (our EMR) there is now very little (I’d argue “no”) reason to save client data on your computer. If you feel compelled to temporarily store something you are currently working on, keep that computer secure from other users while the documents are stored there, and delete them as soon as you are done.

Password protect your computer with a strong password. What is a strong password? Use at least 8 characters, including upper and lower case, numbers, and special characters (e.g., ! or #).  Don’t use words, names, or personal facts such as your birthday or your pet’s name. Don’t write your password down, or if you must write down your personal  password (do not write down your CMH or CHIP password), store it in a secure, locked location (e.g., a safe). Change your password often, even if it’s just a slight change. 

Another safeguard is to keep your computer itself protected by installing security software and keeping your systems up-to-date. This will help prevent viruses like keystroke logging programs (called keyloggers) and other hostile, intrusive software (called malware) from being installed on your computer. Keyloggers can record the keystrokes you use to type your password, capturing your password even if it is a strong one. We already protect your GCCMH computers, but you should make sure your computers at home or other locations are protected as well.

Before copying consumer records outside of CHIP, ask yourself if you really need to do that, and err on the side of caution rather than your own convenience. Leaving data about former clients, or past data on current clients, on your computer is carelessness, and you should remove those records ASAP.    

Basically, use a healthy dose of common sense with a touch of paranoia.