Features Continuing Education Education
Data security and your massage therapy practice

Readers have requested a discussion about the issues surrounding data security as they relate to a massage therapy practice. In this article, then, we will touch on higher-level security matters. While this synopsis is not meant to be definitive, provide legal advice nor deal with all aspects of data security, there are fundamental data security precautions that should be employed by massage therapists to safeguard sensitive information.

Data security in your massage therapy practice should be a very high priority for you. Client records, your clinic’s financial data and other confidential information need to be shielded from unauthorized access, theft, corruption and loss. This instalment of RMT Tech Talk aims to inform the reader of a number of common security concerns and the related protective measures.

WHAT IS DATA SECURITY?
Data security is the generic term that is used to describe the protection of personal, client and company information. A massage therapist must employ data security measures that comply with relevant government regulations and recognized “good business practices.” These measures apply to both paper files and paperless, or electronic, record-keeping solutions.

WHAT ARE SOME COMMON DATA SECURITY THREATS?
Both paper and electronic files are subject to physical theft or destruction by fire, flood and other natural forces. Unauthorized access to the data is another threat that needs to be protected against. Unauthorized individuals can include your clients, facility cleaners, family members / roommates (if files are stored in a home-office environment) and Internet hackers.

WHAT CAN I DO TO MINIMIZE THE RISKS?
There are some security issues that a practitioner needs to take into account for both paper and electronic record-keeping solutions:

Paper records require secure facilities, fireproofing measures, anti-theft precautions, access protection as well as file duplication and storage. Alarming systems, locked-down filing cabinets and duplicate offsite secure storage are among the “must-haves.”

Electronic record keeping is the most common form of information storage. While some people believe that paper records are safer than electronic record keeping, electronic records can be much more secure and far easier to manage. In addition to physically protecting your office software and hardware, you must perform daily backups of your data and store a copy off site at another secure location. If your PC is connected to the Internet, be sure to install a firewall to protect it against Internet predators. Be sure to utilize username and password “best practices” at all times.

Increasingly, therapists rely on affordable professional, third-party services to provide secure Internet-based practice management solutions. These services can include the input, storage and management of your data practice-wide, such as appointment scheduling, client record keeping, SOAP notes and financial record keeping. The data is stored in secure, specialized data centres utilizing state-of-the-art firewalls and server technology. They should include daily data backup and offsite storage duplication, thus removing these burdens from the practice owner.

These service providers should incorporate the following security precautions to protect your data:

Utilize state-of-the-art firewall, intrusion detection and prevention technology in front of the servers that house your data. Maintain strict physical protection and minimized access precautions. Utilize SSL data encryption (the encryption technology used by your financial institution for online banking transactions). Data encryption protects the data that is sent between your local computer and the data centre’s server during transmission. Sign-in protection: Prior to allowing access to your practice’s data the valid username and password must be authenticated. Sign-in best practices: Always use best practices when choosing your system password. Use a minimum of eight characters made up of a combination of upper- and lowercase characters, a symbol and at least one numerical digit. Change your password frequently. Inactivity logout: When you are inactive for a specified period of time, the system should log you out and require re-entry of your correct username and password. This will protect your data if you walk away from your PC and forget to sign out.

Reliable practice management solutions that provide these important security essentials are available. Your massage therapy association may be able to direct you to service providers that specialize in the matters discussed in this article.

Until next time, be well!

Jessica Foster writes on behalf of mindZplay Solutions – a leading provider of massage therapy websites and practice management solutions. To learn more about mindZplay Solutions for Massage Therapists please visit www.massagemanedger.com or call toll free 888-373-6996.