Photo by Chris Panas on Unsplash
Allied health professionals know that maintaining data integrity (i.e. keeping your client’s personal details private) is of utmost importance. Practitioners need to work hard to minimise human error, establish business rules and utilise systems to ensure data integrity.
As an allied health practice, you store sensitive information online such as financial, health and employment information. This data is often stored using either locally hosted or cloud based databases such as a practice management software, an exercise prescription software, marketing software etc… It’s crucial that each database protects the data stored.
The data you are dealing with is exceptionally sensitive so it’s important to be aware that there are hackers with malicious intent who are looking to access control to and steal this practice data. Below are some measures you can take to ensure that your data stays safe within your practice’s systems and that you are taking proactive measures to reduce the risk of compromised data.
Use a strong password
Easily hackable passwords are the bane of every IT professional’s existence. Use a strong password (a combination of upper and lowercase letters, numbers and symbols) when accessing any systems including your own email.
While strong passwords are crucial for security, we tend to use the same passwords for all accounts, especially if the password is a complex one. Ensure you use a different strong password for all accounts that require maximum security, such as those containing financial, client, health and employment information.
Turn on Two Factor Authentication (2FA)
Two Factor Authentication (2FA) provides 2 layers of security when accessing a system such as your practice management software. First you input your login and password, then for extra security, you will be asked a security question or be required to verify your login with your personal mobile device.
Be wary of unfamiliar emails
Hackers use sophisticated phishing techniques to gain access to your secure data. Don’t open emails, click on links or give out any information to anyone with an unfamiliar email. Tips to identify phishing emails include:
- Check the email address. Does it match the organisation’s web address?
- Check the URL for the organisation. Can you recognise the URL as the business/company name? Or is the URL unrelated? If so, this might be a sign of a fake website designed to try to get information from unsuspecting people.
- Does the email contain errors or typos? Typos are easy to make, but if something looks wrong in an email, it probably is.
- Does the email or website follow the companies’ communication and image styling?
- Does the email ask for personal information, such as to confirm your email address and password? Does it ask for any other personal information?
If you’re unsure about any of the above, call the company to check if the communications you have received are legitimate.
Don’t give anyone your account password!
This one cannot be overstated. As much as you trust your colleagues, never share login information. Any account activity will create a digital record i.e. a trail of your activity on your account. This is the equivalent of a declaration stating that you performed the activity that appears on your account. If someone else used your login details, there is no way to prove that you didn’t perform this activity.
Here are a 2 queries to look into further with your IT team
Use a VPN
A VPN (virtual private network) can help to protect data further. Firstly, it will hide your IP address, which will make it far more difficult to have your online activity tracked, and secondly, a VPN will encrypt the data you send and receive, so even if intercepted, the data cannot be read by hackers. Check with your IT team about a VPN as a potential
Check your Firewall
A firewall is a guard between your computer and the internet, automatically filtering anything it deems as suspicious. Most operating systems have a built-in firewall, so check if yours does by checking the security settings on your computer.
How your practice management system can help
Preserving data integrity is something every good practice management system should treat as a top priority. Look for a practice management system that uses 256-bit encryption both to transmit data and for storage of data on secure servers. It’s more than just a fancy way to say ‘super-secure.’ 256-bit encryption is the same security level that banks use for internet banking, so you can be confident in your practice management system’s ability to keep your clients’ personal information safe and secure.
Customisable Permissions Settings
Make sure you are utilising the permission settings on your practice software. You should have the option to customise your permission settings for your staff. This will ensure only the relevant staff members will have access to relevant client details.
Mandatory Password Updates
A practice management system should require all staff members to change their password at regular intervals. As we learned above, changing your password often will prevent any malicious actors from being able to guess a password and access confidential data. This is to minimise the possibility of your account being compromised by hackers looking to access client’s personal details.
Set Two-Factor Authentication
As mentioned above 2FA is an enhanced security option that most systems will have. Your practice management software should allow staff members to set up two-factor authentication (2FA). This acts as another layer of security on your account to prevent anyone being able to access your account and private data. 2FA adds another step to the login process, usually by sending a password or code to your email account or phone number as an additional method to verify your identity, and confirm you really are the person you’re claiming to be when logging into your account.
Look for a Penetration Testing Certificate on the Practice Management System’s Website
When reviewing software to use in your allied health clinic, ensure that the company has had penetration testing done on their software. This means that the company has paid (often a very large amount!) for a professional security company that employs professional hackers to try to hack the software. A penetration test certificate will be issued only to the software that the professional hackers are not able to access. If your chosen practice management software has a penetration test certificate displayed on their website, it’s a good sign that the people behind the system treat data security as importantly as you do.
As you can see above, there are additional features and integrity processes that you can implement when making the important decision about which practice management software you will use in your allied health practice. The above features should be a minimum that a practice management system offers when it comes to security and the importance of data integrity. Look for a practice management system that offers the above security features when choosing your software for your allied health practice, and you can then ensure you’re making the best possible choice when it comes to protecting your clients’ personal information.
Nookal is a provider of Practice Management Software for the allied health industry. They offer practice management solutions to help health clinics streamline their administration systems, effectively manage their business and improve efficiency and productivity.