Features Management Operations
Securing your practice electronic records

Often, when we think of data security, we tend to focus on secure data centres, sever firewalls, data encryption, daily backups and other whiz-bang technological security innovations. What we often overlook is that it is equally important to incorporate strong authentication methods.  What I mean by this is a well thought out and secret password. All the security technology in the world cannot keep your data safe if your password is easily deciphered or known by others.

It is becoming increasingly commonplace to hear news reports about Internet account credentials being stolen, hacked or otherwise compromised. The sheer number of occurrences is staggering, as well as the scope of the associated criminal activity.

Health-care practitioners are ultimately responsible to ensure their electronic client data, including appointments, patient health information and other related patient data, is protected from theft or loss. Strong password management is a vital part of that responsibility.

Fortunately, there is a series of relatively simple best practices that you can incorporate that will dramatically increase your password’s strength and security. Let’s look at some examples.

Change is good. First and foremost, if the service you are subscribing to provides you with a temporary password, be sure to change it. These temporary passwords are just that – they are meant to be temporary and need to be changed to something memorable and meaningful to you.

Keep it long. Ideally, passwords should not be less than eight characters – longer is even better if your service provider allows for longer password character sequences.

It’s complicated. Be sure your password is made up of a combination of upper and lowercase letters, numbers and symbols. These combinations make it much more difficult for hackers to crack your password.

Uniquely you. Make it easy for you, and you alone, to remember the password you create. Personalizing your password is easier than you think. Here are a couple of ideas that you may want to consider:

• Use character substitutions. To help keep your password both secure and meaningful, substitute numbers and symbols for letters of the alphabet. For example, use a dollar sign ($) in place of an S, an exclamation point (!) for a lower case L, the “at” symbol (@) for the lower case A, or any other substitutions that are meaningful to you. This will make your p@$$word much more secure
• Make an acronym using a line from your favorite song or a phrase that only you know. For example: “My first son Ethan loves to play hockey.” This becomes M1sEltph!

Play hard. Do not use well-known words. Avoid using your name (or nick name), the name of your practice, the make or model of your car, license plate number, birth dates, postal code, your kids’ names or similar easy-to-guess words. Also, avoid using your name followed by a number sequence like 1234 as these are often the first things a hacker will try.

Frequency is key. Change your password several times a year. Even the most secure password won’t help you if someone happens to see you typing it in and memorizes your finger positioning and key strokes. This will also help keep the persistent hackers at bay.

Use variety. Use a different password for each account you access. This is simply a damage control measure – if one of your accounts happens to become known to others, the rest of your accounts will still be safe.

No sharing. Do not share your password with others. Passwords are far more secure if they are kept a secret – loose lips sink ships, as they say.

Memorize. Avoid writing down your password. If you must write it down while you are committing it to memory, store it in a safe place away from your computer and work space. Be sure to destroy the written password at your earliest opportunity.

Browser beware. Do not allow your Internet browser to “remember” your password. This gives anyone who happens to be using your computer direct access to your account. While this may be convenient for your Facebook or Twitter account, it is not advisable for your practice management or banking accounts.

In addition to the above, always ensure that you sign out of your accounts when you step away from your computer or are treating a patient. Never leave your account open when your computer is unattended, as this too will give anyone who sits down at your computer direct access to your patient records.

It may seem daunting at first to adopt these secure password best practices, but it is well worth your time and effort as it will provide peace of mind. Over a short time, it will become second nature to you.

Until next time, be well.

Jessica Foster writes on behalf of mindZplay Solutions Inc., a provider of massage therapy websites and practice management solutions. To learn more about mindZplay solutions for massage therapists visit www.massagemanedger.com or call toll free 888-373-6996.