Are your electronic patient records secure?

Is your office computer system-and the confidential patient records it contains-safe from hackers?

Maintaining office computer security isn’t just good practice-it’s the law. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians to ensure that patient records are kept confidential.^{click here.}

Hardware tokens are pocket-size devices that, when connected to the computer, allow access by entering the proper password. Hardware tokens are suitable for managing off-site remote access and add another layer of security for local access.

Medical records programs. Most software programs allow administrators to restrict access to medical records by setting up levels of ability to access and modifying electronic records for different users. Each user should have a unique password for authentication. The software also should have an audit trail capability, so that each user’s activity with electronic patient records can be reviewed.

Security breaches

An Internet connection-however brief-can invite security breaches that allow hackers to access patient information, delete programs, steal passwords, disrupt other Internet-connected computers, and erase the hard drive. Avoiding Internet connections altogether would increase security, but this is not feasible.

• Viruses reproduce using the host computer, most commonly by infiltrating the e-mail program and making it hard to detect corrupted files.
• Worms are similar to viruses but are self-contained, whereas a virus must attach to another file.
• Trojan horse programs, usually disguised within seemingly legitimate Internet programs, are less common than viruses or worms. They do not replicate but are equally dangerous. You unknowingly start the Trojan horse after downloading what looks like a useful program. The Trojan horse then self-installs silently, giving the hacker who created it access to your computer.
• Port attacks are malicious attempts to connect and eventually take over another computer. A ‘port’ is a software ‘location’ where a program on another computer can connect to a host computer.
• NEVER open e-mails from unfamiliar sources. Viruses are commonly sent as attachments, which you should never open unless you know they are safe.
• Turn off your computer or disconnect from the Internet when not in use.
• Back up your data regularly. Put patient files in one folder or directory, then copy them to a backup medium such as CD-ROM, zip drive, or portable hard drive. Of course, keep the disks in a secure place.

Anti-intrusion programs

Antivirus programs can check for the latest viruses and their variants and remove them. To do this, automatically update the program with new virus signature files- files created by antivirus program vendors to help the software identify viruses. Most antivirus programs will automatically check the vendor’s Web site for updated files if the computer is connected to the Internet.

Virus signature files should be updated daily to provide maximum protection. Most companies provide a 1-year subscription to the updates, which must be renewed upon expiration for new virus definition files.

Manual updating is acceptable but may be too time-consuming for a busy office.

Well-known antivirus programs include Wireless Internet 101,” Psyber Psychiatry, December 2003)

If your computer is connected directly to the DSL or cable modem or a telephone line, you probably need a firewall. The most recent Microsoft Windows XP and Mac OS X versions each include a software firewall, which should be activated upon installation.

Windows-compatible firewall programs include ZoneAlarm, Sygate Personal Firewall, Symantec Norton Personal Firewall, and Tiny Software Personal. Mac OS-compatible firewalls include Intego NetBarrier, Sustainable Softworks IPNetSentryX, and Norton Personal Firewall.

Once your firewall is installed, check it to verify that all ports are protected. Gibson Research Corp. has two excellent (and free) security checks: ShieldsUP! and LeakTest. Run these tests, then follow the listed suggestions to secure your computer.

Disclosure

Dr. Luo reports no financial relationship with any company whose products are mentioned in this article. The opinions expressed by Dr. Luo in this column are his own and do not necessarily reflect those of CURRENT PSYCHIATRY.

Is your office computer system-and the confidential patient records it contains-safe from hackers?

Maintaining office computer security isn’t just good practice-it’s the law. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians to ensure that patient records are kept confidential.^{click here.}

Hardware tokens are pocket-size devices that, when connected to the computer, allow access by entering the proper password. Hardware tokens are suitable for managing off-site remote access and add another layer of security for local access.

Medical records programs. Most software programs allow administrators to restrict access to medical records by setting up levels of ability to access and modifying electronic records for different users. Each user should have a unique password for authentication. The software also should have an audit trail capability, so that each user’s activity with electronic patient records can be reviewed.

Security breaches

An Internet connection-however brief-can invite security breaches that allow hackers to access patient information, delete programs, steal passwords, disrupt other Internet-connected computers, and erase the hard drive. Avoiding Internet connections altogether would increase security, but this is not feasible.

• Viruses reproduce using the host computer, most commonly by infiltrating the e-mail program and making it hard to detect corrupted files.
• Worms are similar to viruses but are self-contained, whereas a virus must attach to another file.
• Trojan horse programs, usually disguised within seemingly legitimate Internet programs, are less common than viruses or worms. They do not replicate but are equally dangerous. You unknowingly start the Trojan horse after downloading what looks like a useful program. The Trojan horse then self-installs silently, giving the hacker who created it access to your computer.
• Port attacks are malicious attempts to connect and eventually take over another computer. A ‘port’ is a software ‘location’ where a program on another computer can connect to a host computer.
• NEVER open e-mails from unfamiliar sources. Viruses are commonly sent as attachments, which you should never open unless you know they are safe.
• Turn off your computer or disconnect from the Internet when not in use.
• Back up your data regularly. Put patient files in one folder or directory, then copy them to a backup medium such as CD-ROM, zip drive, or portable hard drive. Of course, keep the disks in a secure place.

Anti-intrusion programs

Antivirus programs can check for the latest viruses and their variants and remove them. To do this, automatically update the program with new virus signature files- files created by antivirus program vendors to help the software identify viruses. Most antivirus programs will automatically check the vendor’s Web site for updated files if the computer is connected to the Internet.

Virus signature files should be updated daily to provide maximum protection. Most companies provide a 1-year subscription to the updates, which must be renewed upon expiration for new virus definition files.

Manual updating is acceptable but may be too time-consuming for a busy office.

Well-known antivirus programs include Wireless Internet 101,” Psyber Psychiatry, December 2003)

If your computer is connected directly to the DSL or cable modem or a telephone line, you probably need a firewall. The most recent Microsoft Windows XP and Mac OS X versions each include a software firewall, which should be activated upon installation.

Windows-compatible firewall programs include ZoneAlarm, Sygate Personal Firewall, Symantec Norton Personal Firewall, and Tiny Software Personal. Mac OS-compatible firewalls include Intego NetBarrier, Sustainable Softworks IPNetSentryX, and Norton Personal Firewall.

Once your firewall is installed, check it to verify that all ports are protected. Gibson Research Corp. has two excellent (and free) security checks: ShieldsUP! and LeakTest. Run these tests, then follow the listed suggestions to secure your computer.

Disclosure

Dr. Luo reports no financial relationship with any company whose products are mentioned in this article. The opinions expressed by Dr. Luo in this column are his own and do not necessarily reflect those of CURRENT PSYCHIATRY.

Is your office computer system-and the confidential patient records it contains-safe from hackers?

Maintaining office computer security isn’t just good practice-it’s the law. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians to ensure that patient records are kept confidential.^{click here.}

Hardware tokens are pocket-size devices that, when connected to the computer, allow access by entering the proper password. Hardware tokens are suitable for managing off-site remote access and add another layer of security for local access.

Medical records programs. Most software programs allow administrators to restrict access to medical records by setting up levels of ability to access and modifying electronic records for different users. Each user should have a unique password for authentication. The software also should have an audit trail capability, so that each user’s activity with electronic patient records can be reviewed.

Security breaches

An Internet connection-however brief-can invite security breaches that allow hackers to access patient information, delete programs, steal passwords, disrupt other Internet-connected computers, and erase the hard drive. Avoiding Internet connections altogether would increase security, but this is not feasible.

• Viruses reproduce using the host computer, most commonly by infiltrating the e-mail program and making it hard to detect corrupted files.
• Worms are similar to viruses but are self-contained, whereas a virus must attach to another file.
• Trojan horse programs, usually disguised within seemingly legitimate Internet programs, are less common than viruses or worms. They do not replicate but are equally dangerous. You unknowingly start the Trojan horse after downloading what looks like a useful program. The Trojan horse then self-installs silently, giving the hacker who created it access to your computer.
• Port attacks are malicious attempts to connect and eventually take over another computer. A ‘port’ is a software ‘location’ where a program on another computer can connect to a host computer.
• NEVER open e-mails from unfamiliar sources. Viruses are commonly sent as attachments, which you should never open unless you know they are safe.
• Turn off your computer or disconnect from the Internet when not in use.
• Back up your data regularly. Put patient files in one folder or directory, then copy them to a backup medium such as CD-ROM, zip drive, or portable hard drive. Of course, keep the disks in a secure place.

Anti-intrusion programs

Antivirus programs can check for the latest viruses and their variants and remove them. To do this, automatically update the program with new virus signature files- files created by antivirus program vendors to help the software identify viruses. Most antivirus programs will automatically check the vendor’s Web site for updated files if the computer is connected to the Internet.

Virus signature files should be updated daily to provide maximum protection. Most companies provide a 1-year subscription to the updates, which must be renewed upon expiration for new virus definition files.

Manual updating is acceptable but may be too time-consuming for a busy office.

Well-known antivirus programs include Wireless Internet 101,” Psyber Psychiatry, December 2003)

If your computer is connected directly to the DSL or cable modem or a telephone line, you probably need a firewall. The most recent Microsoft Windows XP and Mac OS X versions each include a software firewall, which should be activated upon installation.

Windows-compatible firewall programs include ZoneAlarm, Sygate Personal Firewall, Symantec Norton Personal Firewall, and Tiny Software Personal. Mac OS-compatible firewalls include Intego NetBarrier, Sustainable Softworks IPNetSentryX, and Norton Personal Firewall.

Once your firewall is installed, check it to verify that all ports are protected. Gibson Research Corp. has two excellent (and free) security checks: ShieldsUP! and LeakTest. Run these tests, then follow the listed suggestions to secure your computer.

Disclosure

Dr. Luo reports no financial relationship with any company whose products are mentioned in this article. The opinions expressed by Dr. Luo in this column are his own and do not necessarily reflect those of CURRENT PSYCHIATRY.