Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. We suggest you watch the video while reading the transcript.
Hey everybody. Good morning, good afternoon, whatever it may be for you. This is Dr. Perry Barnhill. With the Fearless Chiropractor, and we have a show for you today regarding hipaa, your equipment, and how to make sure you don’t lose it. Go to slideshow please. Okay, first and foremost, as always, a big thanks to ChiroSecure for sponsoring this video you are about to see.
And like I said, we are gonna talk about loss or theft of equipment and data and how it relates to your office and how it relates to your employees and also how it relates in goes along with all the scary things we think in regards. To hipaa. Alright, so why do we teach hipaa? Dr. Julie and I, we’re both chiropractors, like all of you out there.
Click here for the best Chiropractic Malpractice Insurance
We understand what it’s like to have an office. We understand what it’s like to not know exactly what it is we need to know, especially in the world of hipaa. So we are here to teach you, combine our years of experience in the chiropractic world practice that is, and also in the compliance world as we’re both certified in HIPAA and compliance.
Okay, so one of the things we always like to do is if you don’t have a chance to get the very end of this, you can take a quiz here and check to see where you’re at. It’s called the Fearless Provider, HIPAA Risk Score and Assessment. Now, what I’m gonna do here is take you to this screen here so you can scan the QR code and what it’s going to do, and it’s really easy.
Get a Quick Quote and See What You Can Save
It doesn’t take long at all. It’s gonna ask you a series of questions so you can grade yourself and see where you’re at on a scale of A, B, C, D, or your flat out filling. Here’s the reality and believe me, I hate to say it with hipaa, but if you’re not getting an A in hipaa, that means you have risk.
Obviously, if you’re an F or if you’re a D, you have huge risk and there’s a lot of work to be done. C, you still got some work to be done, even at a B, believe it or not, because hipaa, they’re not. The government wants these things to be done, and if something happens and you haven’t been doing them, they’re not too happy about it.
And that’s where we get the fines and that’s where we get the penalty. Of course the goal is to get to the grade A. So let’s get into this a little bit and just a quick little story here to bring you up to speed on what we’re talking about. A provider like ourselves, going into a coffee shop for coffee and we use the public wifi to review an online report that we may have got a radiology report, or maybe it’s a report from another office or another doctor.
The provider, they jump up, they move the, they leave the table just a little bit to go grab the coffee and somebody steals your laptop. They return to the table and find that the laptop is gone, and in a matter of seconds, the damage is literally done. Sit down, stunned disbelief at the potential impacts of what just happened.
And I really believe a lot. Yeah, most of us would freak out because we’ve lost our laptops. What’s above and beyond that is if that laptop contains any information regarding patient information, and I mean anything, name, dates, notes, your soap notes, radiology reports, exam reports, anything regarding that patient and they get it.
We’re, there’s certain things we have to do and make sure to safeguard those so that it doesn’t get leaked. It’s a big deal. Did you know, and this, I’m just gonna fly through this real quick, but basically a laptop stolen in every 53 seconds, 70 million smartphones are lost. Each year, only 7% of ’em are recovered.
And I know, and I’m very cautious about this regard, when we talk to the doctors about this, be very careful about storing any. Patient information on your smartphones. 4.3% of company issued smartphones are lost or stolen every year. 80% of the cost of a lost laptop is from data breach, and 52% of devices are stolen from the workplace.
This is a big deal. This is why we have to protect our equipment and our data. So let’s talk about physical loss and data loss. So physical awareness of a device. We mis misplace our phone if it has patient information on it, or we leave our laptop or our tablet unattended at work or in transit, or maybe it’s in a coffee shop or what about in a car?
We’ve had docs who’ve had their cars broken into and their laptops are stolen. If those laptops don’t have certain protections on them and they get stolen, you could be in some big trouble with hipaa. All right. Data loss, not using proper path password policy. Believe it or not, there is a specific policy regarding how many passwords and special characters have to be in place.
To help protect our patient data sharing passwords, of course, we never wanna share passwords with anybody accessing personal or un unauthorized non-work internet sites on work computers. You know the example I gave in the beginning about that doc at the provider, at the coffee shop using public wifi.
Not a good idea. All right? Don’t do that. You need to make sure these things are protected and they’re protected as much as they potentially can be. So let’s do this. Let’s take a little quiz here. Which of the following activities can cause data to be damaged or loss? Now, I want you to pick the best answer here.
Staying online too long, never fully shutting your computer down, unauthorized access to a system, and always keeping your computer charging. So what do you think? Just sec here. And again, pick the best answer. So the best answer here is C. It’s unauthorized access. Anytime there’s unauthorized meaning, we didn’t give permission to a specific person with certain criteria, they should follow access to our system that contains PHI.
And when I say PHI protected health information or sometimes referred to as EPHI. Electronic protected health information we’re in big trouble. Check this out. This is a graph and this was very interesting. You may want to take a screenshot of it ’cause I’m not gonna go through everything here. But this will give you an idea of how long it takes a hacker to break your password.
So if you look to the table there on the left, number of characters for, and if it’s just numbers, instantly they got it. Go to the bottom here though. So number, if you have 11 characters and it’s only numbers, they can hack it right away. But if it’s lowercase letters. It might take ’em a couple hours, but go all the way to the right.
This is really where we wanna be. You got 11 characters and you’re using, upper lowercase letters and symbols. You take ’em up to 34 years to crack that password. So this is where we wanna be at. We wanna make sure our passwords are super strong. So how do you create unique passwords? One, you wanna make it meaningful to you and nobody else.
Like I said, you don’t wanna share passwords, you shouldn’t share passwords. Create passphrases with special characters. Avoiding items that can be easily discovered in social media profiles or pictures. I think I’ve joked about this before, but a doc that I know in their computer system regarding their soap notes, so they could easily access their laptops in their treatment rooms.
They didn’t wanna punch in the big passwords. They had one too. That’s not strong enough. You gotta make it strong, even if it’s a pain in the rear end. You have to make sure these passwords are. Legitimate and strong. Fly me to the moon. This could be an example of something that you may be able to remember, but look, there’s uppercase, there’s lowercase, there’s a, a number in there and there’s an exclamation point in there.
This is something that would be harder for them to crack. So what do you need to know? To help prevent loss or theft of equipment, make sure you know your organization’s policy on removing equipment from the workplace by asking these questions. And this, by the way, is something that you have to have if you do these things.
Meaning if someone takes their laptops anywhere outside of the office, what’s a policy on it? What are your procedures on it? This is required by law, by HIPAA law, if these things you’re going, if you’re going to do these things. Can I travel with my equipment? What’s your policy and your procedures on that?
Can I take my equipment offsite to work remotely? Do I understand how to access my practice safely? So you can do these things. You just have to make sure the right things are done in order to protect them. If you do these and that you have the policies in place and procedures. If you’re associate docs or if you have a staff member that you allow to do this.
Now, I will say this, I’d be very cautious about having any staff members take anything home. Okay. The next one here is the information on the computer or storage devices encrypted. If it has PHI on it or EPHI. It has to be encrypted. How can I use a secure VPNA virtual private network and secure or and secure password protected wifi to log into the network and to work?
Like I was saying, the coffee shop, not a good idea at all. Don’t do it. Don’t use public wifi. Now, there’s certain things you can do, VPNs. It gets a little bit technical here, but you have to be extremely cautious. It’s important to be aware of your practice’s, policies on traveling with equipment or taking equipment home.
To work remotely, I guess I should say. That’s a question. So this is just another quiz. True or false, is it important to be aware of your practices, policies on traveling with equipment or taking equipment home to work remotely? And I just answered this, so absolutely true. You should always verify your practices, policies associated with the.
Of the equipment outside of your office location. This will ensure you’re not exposing your laptop mobile devices to unknown risks, accessing unsecured networks. And again, I’ll warn you, be very cautious about having any staff members do this and new docs have to be extremely cautious as where as well.
So here are some best practices on how you can protect your devices and protect your data. Know where your mobile devices are at all times, so don’t leave them around. Make the passwords tough, never leave them unattended. Or unlock, meaning don’t leave your laptop in your car. ’cause if it gets stolen, you’re gonna be in big trouble ’cause you didn’t follow certain policies and procedures regarding those things.
You have to encrypt sensitive data. Be aware of your surroundings. Like I said, be aware of where you’re putting these things. Don’t hop up in a coffee shop and just take off. Strong passwords are. And again, do not share your passwords. You have to, by the way. So if any of these things happen, if you re have data that’s lost or you lose equipment that contains PHI or EPH on EPHI on it, guess what we have to do?
By law, it has to be reported. And this is where. You have to report things. So if these things happen, you have to report. And then when you report these things, they’re gonna ask you certain questions to make sure you have all your policies and procedures in place. And of course, that’s what we’re here for.
We have samples of all these things in our hipaa in our HIPAA manual and in our HIPAA training program. So let’s go over this. Let’s just summarize. Lost or theft of equipment or data can have significant long-term implications that will far outweigh the cost to replace the device. Following all system instructions regarding secure passwords and updating your software, you gotta make sure you update software, put in your patches just a few of the many things that need to be done.
Take immediate action if an event occurs. What do we mean by event? By event? It means that if your PHI has potentially been stolen or has been compromised, there’s certain. Questions you need to answer, meaning, Hey, I think this has, I don’t think it has. I know it has, or I know it hasn’t. Based on those answers, there’s certain criteria you need to follow.
You can reach malpractice carriers or good help with that. It professional for guidance. Certainly myself and Dr. Julie with the Fearless Chiropractor HIPAA program, we have, we cover all of these things. Provide as many details as possible related to the incident if something is breached or if something is had.
So here’s some next steps. If you have more questions, people have questions regarding these things all the time, you can go to our website@betterhipaablueprint.com. You can contact us. You can contact me at Dr. perry@betterhipaablueprint.com. I’m more than happy to help you. Remember, I’m a chiropractor. I know what it’s like to take care of patients.
I know what it’s like to have an office, to have a busy office, and I know what it’s like to be afraid of these things. And I also know what it’s like when doctors get themselves in trouble and they haven’t done the things they should have been doing. So a couple things you can do here. One, if you wanna schedule a demo with us, we’re more than happy to show you our program.
Or you can just go to go dot fearless provider.com/demo. You can also go in there, you can check things out, and you can sign up there as well if you choose to. In the meantime, I want to thank you for being here and have an amazing day and we’ll talk to you next time.
Click here for the best Chiropractic Malpractice Insurance
Get a Quick Quote and See What You Can Save