Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. We suggest you watch the video while reading the transcript.
Hi, everybody. Good morning, good afternoon, whatever it may be for you. This is Dr. Perry with the Fearless Chiropractor, and I first wanna give a big thanks to ChiroSecure for bringing this to you. And today we’re gonna talk about the top three. Cybersecurity threats in your practice as it pertains to HIPAA.
Go to slides, please. Okay. Again, a big thanks to ChiroSecure for sponsoring this and bringing this to you. All right, here we go. Let’s talk about the top three cybersecurity threats outlined in the health industry in cybersecurity practices. I know that’s a mouthful. So basically we are gonna talk about what’s a big threat to our offices in relationship to HIPAA.
Click here for the best Chiropractic Malpractice Insurance
Myself, Dr. Perry, Dr. Julie McLaughlin. Why do we teach HIPAA? First of all, we’re chiropractors, just like you guys are chiropractors. We understand what it’s like to have a busy office. We also understand what it’s like to be in for lack of a better term, the fear of HIPAA and HIPAA security, and all the things to do with HIPAA.
So let’s talk about a few of the things that will help keep you out of trouble with HIPAA and the HIPAA police. We’re both chiropractors, like I said, and we both have certifications in compliance, which means we not only understand what it means to be compliant in the context of HIPAA, but we also understand what it like, what it’s like to be in active practice as we have a combined of more than 50 years in chiropractic practice.
Get a Quick Quote and See What You Can Save
So let’s talk about this. Let’s talk about social engineering. I know you’ve heard this word before and quite frankly, it’s something that can be really confusing and we really don’t know what it means. So let’s go over a few of these things. What is social engineering? Social engineering is a form of psychological manipulation that tricks users into to make insecurity mistakes.
Giving away sensitive information. It really relies on human error, like things from our staff, or even us as the chiropractors, instead of vulnerabilities in software and operating systems by exploiting human emotions. Basically what’s happening is these hackers are trying to trick us, trick our minds into clicking on the things that we shouldn’t, suppo we shouldn’t be supposed to doing.
So here’s an example. You’ve all heard of phishing, and when I first started this, I was like, phishing, like FHIS, like phish. No phishing in the cybersecurity world, and HIPAA in this context is. The way it’s spelled here, FHIS. So let’s go over a few of these things. One, not recognizing the sender. So here’s what I’m talking about.
These are things in relationship to phishing and in relationship to HIPAA that you need to very much pay attention to and you need to make sure you talk to your staff about these things. Like quite literally, just going over this slide could save you so much headache and potentially a lot of penalty and a lot of fines.
HIPAA, so not recognizing the sender, we wanna be very careful about that, not expecting an email or an attachment to an email. So these are things we should not click on. Something to look for here. Number three, does the form address match the message or the from address, I should say, does this invo a sense of urgency?
So if you get emails or your staff gets emails that invoke a second sense of urgency. Play pay close attention to that and don’t click onto it until you know for sure it’s safe. What about this one not recognizing the destination URL, or is this a standard internal procedure for IT issues? What about this one?
Is your website. Secure, or is this website, I should say secure Number eight, is this email asking you for login credentials? If you have emails coming in that are asking you for login and credentials, be very careful on not to click on those until you know for sure it’s legitimate. What about this one?
This is something we see all the time, paying attention to the grammar. Number nine here to the grammar and to the spelling. Emails come across that kind of look professional, but the grammar and the spelling. Is off, don’t click on those things. And number 10 is the greeting or the signature generic or lack contact info.
Some of this seems pretty common sense, but a lot of it they trick us into clicking these emails and these attachments. And when you do this, they may have access to your patient’s protected health information and if they get it. It’s just a road we don’t want to have to go down. ’cause then we gotta report these things.
We gotta contact the OCR, which is the HIPAA police, and if we can avoid these things, let’s do it. And simply by avoiding or being aware of these top 10 things will massively reduce those risks. Okay, let’s go to the next one. Ransomware. We have heard about ransomware and it is something that quite frankly, really scares me.
So let’s dive into this a little bit. Here’s what you need to know about ransomware now. It poses a threat to you and to your devices. And what makes this form of malware so unique is the word ransom. Ransomware is extortion software that can lock your computer and then demand a ransom for its release.
And in the cybersecurity world and in the world of HIPAA, what happens is these crooks get into your computer. They take that, they basically make it such that you can’t even do anything with your. They hold it ransom and until you pay, if you pay, and that’s a whole other subject. Don’t do anything until you talk to professionals regarding that.
But sometimes they won’t release that patient information until you actually pay them money. So anyways, but before you do any of those things, make sure you reach out to some professionals and get guidance from where you go from there. Some quick tips here. Most ransomware attacks are sent in phishing email campaigns.
Remember we talked about phishing in emails that look weird, look funny, the grammar, the spelling, something’s funky about it. Don’t click on those. ’cause once you click on those things, it’s possible that’s how they gain and access your information and then freeze it and tell you pay them. Okay.
These messages ask you to either open an attachment or click on it and it goes to a link, and then you’re potentially in big trouble. Stay alert when any email prompts you to enter your credentials. Just be extra careful. Be cautious. Be before clicking any links. In an email, look at the sender. We talked about some of this in the phishing.
Look at the sender, look at the address as a proactive measure. Check to see whether the computer and network to which you are connected. Have a proper intrusion prevention systems and software in place. Place the IT people. Help us out regarding hacking and ransomware and phishing are crucial to protect your patient’s information.
And above and beyond that it’s so important because if those things get hacked, if those things get held ransom, then guess what? Now we gotta deal with HIPAA. And if we don’t have to deal with HIPAA, at least in that regards to reporting these incidences, the better off we’re gonna be. The fourth one here, the last one.
Due to the severity and time sensitivity of ransomware attacks, like I said earlier, seek out professional IT people or a similar point of contact help you when you think your computer’s infected with ransomware. I. If you think for a moment something funky is going on with your computer, someone clicked a wrong link, you have to reach out to professionals to make sure it doesn’t go any further and potentially stop it in its tracks.
Here’s something else a lot of times I don’t think many of us will think about, but it’s preventing loss or theft and of equipment. Or the DA or the data. And I’m talking simple things like even taking your laptops and leaving ’em in your car when you go to the grocery store. So let’s just go over this a little bit.
Physical loss of your equipment or data. That you have access to and work on daily, it has to be carefully protected. So here’s some tips on how to protect some of that equipment and prevent the data loss. ’cause again, if you lose these things, guess what you’re doing? The likelihood that you’re gonna have to report all of this information to the Office of Civil Rights.
Basically the HIPAA police it. We just don’t wanna have to go down that road if we don’t have to. One, never leave your laptop or I iPad unattended at work or in transit. Password policies, updating passwords. These things are actually required to do for HIPAA. Never share your password with anyone.
Follow company policies on accessing internet sites. Avoid using USB drives again. So a lot of our patients will, bringing USB drives to look at different things. I’d encourage you to be highly cautious to insert any of those into your computer. In fact, I wouldn’t even do it unless you know for sure it’s safe to do number six, you have to encrypt en encrypt sensitive. Data, and I said this earlier in number seven, reporting any loss of equipment or suspicious activity on your systems immediately to IT professionals and maybe even to the government, which again, if we don’t have to do these things, this is much better to avoid fines, avoid penalties, and a ton of headache.
Number nine, keeping your emergency contact list close by. So you know something. Like I said in the very beginning, be very careful. I know a lot of us will cruise into the grocery store after we’ve been at our office. We have our laptops. We not supposed to be leaving our laptops in the cars. There’s criteria, there’s policies, there’s procedures that we have to have in place to transport these items.
So make sure you have those things in your program. So what are some next steps? A few things here. I’d encourage you to download a HIPAA compliance checklist and really look at some of these questions that we have on our, you can scan the QR code here and it’ll pop up, but look through these things and it’s not just simple as like implementing policies and procedures to protect patient information.
Yeah. Some people will check that and go, I do that. But the reality is do you seriously have a policy in place, meaning, this is what we need to do, and then the procedures, how do we do it? You know what? Each and every single one of those things has to be written out. I mean from passwords to the way you transport your laptop.
These things are part of the policies and procedures in your HIPAA manual, so you have to have a. All of these things in place in order to be HIPAA compliant. If not, you could be subject to some things we just quite frankly don’t wanna have to deal with. So if you ever have any more questions, you can.
You can hop on the internet. You can find us@betterHIPAAblueprint.com. You can reach out to myself at Dr. perry@betterHIPAAblueprint.com. You can reach out to Dr. Julie as well at Dr. Julie at better HIPAA print blueprint.com. A lot of people wanna schedule a demo. We are more than happy to show you the program.
The HIPAA program will go through it with you and it’s real easy if you’d like to do that. So just cruise over to here to go dot fearless provider.com/demo. All right, so in our Fearless Chiropractor HIPAA program, we have a community. We’ll help you make a HIPAA manual if it’s something that you’re interested in.
I always tell people this, you need it, whether it’s from the fearless chiropractor that you get these things or from somebody else, you have to have a HIPAA manual. And you have to do, like we said here, you have to do ongoing training. So we provide monthly HIPAA training as well, annual HIPAA training, which you absolutely have to do also.
Ongoing support throughout the year and the training. So anyways, again, big thanks to ChiroSecure. This is Dr. Perry with the Fearless Chiropractor. Have an amazing day.
Click here for the best Chiropractic Malpractice Insurance
Get a Quick Quote and See What You Can Save