Meet Unsafe Urkel.
He’s always doing the wrong things when it comes to securing his data. He’s that guy who writes his passwords on sticky notes and leaves them out in the open for anyone to see. Urkel likes to use the same password for everything and doesn’t think twice about clicking on a suspicious email.
When it comes to protecting his health data — probably some of the most critical data in his life — Urkel just can’t be bothered. It doesn’t even occur to him to take steps to safeguard his personal medical information.
Unfortunately, Unsafe Urkel is not alone in his behavior. Many patients need to be aware of the risks associated with sharing their health data and take the necessary precautions to keep their information safe.
So, how can patients keep their health data safe?
Here are some best practices we’re going to dive into:
- Use strong passwords and change them often.
- Be careful with emails and links.
- Use secure websites.
- Keep software up to date.
- Be cautious with public Wi-Fi.
- Ask providers about their security measures.
- Review and monitor health records.
Best practices for patient data security
No shame here! I’ve made some of these same mistakes myself. Over the past few years, as technology has rapidly evolved, both personal and professional data security practices have struggled to keep up. In 2020 alone, the healthcare industry accounted for 79.6% of all reported data breaches in the United States, making it the most targeted sector for cyberattacks. As we continue to find new innovations in healthcare technologies, sharing your data with intent, knowing how to protect it, and your rights as a patient are important.
So, let’s look at how Urkel doesn’t do so well and how you can do much better!
1. Use strong passwords and change them often
Unsafe Urkel thinks he’s being clever by using his pet’s name as his password, but that’s the first thing a hacker would try. It’s tied to your personal information, and there are plenty of ways for people to find that out—especially from social media!
What can you do instead?
Patients should use a combination of letters, numbers, and symbols to create a strong password. Changing your password regularly, at least every 90 days, and avoiding using the same password for multiple accounts is also recommended. For added security, make passwords at least 8 characters long—although 12 is even better!
2. Be careful with emails and links
You know Unsafe Urkel. He will click on any link that comes his way, but that’s how you fall prey to phishing scams. These scams are designed to trick people into revealing their personal information, such as passwords or credit card numbers. They are even great at mirroring legitimate businesses to trick you.
What can you do instead?
Patients should always verify the source of an email or link before clicking on it. If it seems suspicious, they should delete it immediately. If the email asks you to confirm a password change or information when you didn’t request it, don’t click on any links in the email and contact your provider directly.
3. Use secure websites
Unsafe Urkel ignores the website he’s visiting as long as he gets what he wants. The “this site is unsafe” page is his favorite. It seems silly, but many people click “continue anyway” and go to sites that aren’t secure. But some websites are not secure and can expose your data to hackers.
What can you do instead?
Patients should only use secure websites, indicated by the https:// in the website address, when entering personal or financial information. The “s” lets you know that the website has security certification!
4. Keep software up to date
Unsafe Urkel doesn’t bother updating his software because he thinks it’s a waste of time and totally unnecessary. Many software updates include security patches to fix vulnerabilities that hackers can otherwise exploit.
What can you do instead?
Patients should make sure their software is up to date, including their operating system, browser, and any other applications they use.
5. Be cautious with public Wi-Fi
I bet you guessed it already! Yep, Unsafe Urkel likes to connect to any public Wi-Fi network he can find, but that’s a risky move. Public Wi-Fi networks are often unsecured, meaning anyone can access the transmitted information.
What can you do instead?
Patients should avoid using public Wi-Fi networks to access sensitive information, such as their health data unless they use a virtual private network (VPN) to encrypt their data.
6. Ask providers about their security measures
Unsafe Urkel assumes that his providers have everything under control, but he should ask them about their security measures to make sure.
What can you do instead?
Patients should ask their providers about their data encryption, access controls, and other security measures they have in place to protect their health data.
Want to get a closer look at what security questions to ask?
Listen in!
7. Review and monitor health records
Unsafe Urkel doesn’t bother reviewing his health records because he thinks they’re boring. But reviewing and monitoring health records can help patients identify any errors or fraudulent activity, leading to better patient outcomes and personalized healthcare.
What can you do instead?
Patients should review their health records regularly and report any errors or suspicious activity to their providers. By checking their records regularly, patients can also improve their patient experiences by catching mistakes or potential flags before an issue occurs.
These best practices are essential for patients to keep their health data safe. Following these guidelines, patients can protect their personal and sensitive information from cybercriminals who want to exploit it for financial gain or other malicious purposes.
Your Rights as a Patient
In addition to these best practices, patients should know their rights under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a federal law that protects patients’ health information from unauthorized disclosure.
What are some of the rights found in the HIPAA Act?
- Patients have the right to access their health information,
- Request corrections to their records,
- File complaints if they believe their privacy rights have been violated.
This is not to say that keeping health data safe is not just patients’ responsibility. Providers, payers, and other organizations that handle health data are also responsible for protecting it. Patients should ask their providers about their HIPAA compliance and make sure that their providers are following the guidelines set forth by the law.
It’s also important to note that health data breaches can seriously affect patients. In addition to the financial losses resulting from identity theft, health data breaches can lead to medical identity theft, where a criminal uses a patient’s information to receive medical care, prescription drugs, or other benefits. This can lead to incorrect medical records, fraudulent insurance claims, and even life-threatening medical errors.
How dangerous can it get when patients ignore data security?
What can happen when patients don’t take their health data seriously?
Let’s look at what happened to our friend Unsafe Urkel.
We remember how Unsafe Urkel was always careless with his health data. He used the same password for everything, clicked on any link that came his way, and connected to any public Wi-Fi network he could find. He never thought anything bad would happen to him.
One day, Unsafe Urkel received an email from his doctor’s office. The email said there was a data breach, and his personal and health information had been compromised. Unsafe Urkel was shocked and didn’t think anything bad could happen to him.
The consequences of the data breach were tiresome, to say the least. Unsafe Urkel didn’t know who had his information or what they were doing with it. He had to spend months cleaning up the mess the data breach had caused. He had to change all his passwords, cancel credit cards, and monitor his credit report.
He also had to deal with the emotional stress of knowing that his personal information was in the hands of criminals. Having such personal information exposed to the world is a deep, psychological hit. Unsafe Urkel now finds himself heading to the doctor more often for his chronic illness exacerbated by the stress.
Unsafe Urkel learned his lesson the hard way. He realized he had been careless with his health data and had not taken precautions to keep it safe. He vowed to do better in the future and to follow the best practices for maintaining health data safe.
Unsafe Urkel may not have realized it, but the average cost of a healthcare data breach is $7.13 million, or $499 per record. Medical identity theft affects approximately 2.3 million Americans each year, costing them an average of $13,500 in out-of-pocket expenses to resolve. Data breaches are a concern for every consumer and every business.
Without exception.
Don’t be Unsafe Urkel. Take your data security seriously because you matter. And you deserve it.
Stay safe out there!
Are your patients satisfied with the way you treat them — and their data? Find out! Patient feedback can go a long way toward helping you to improve their experiences and to find out how you can help them! Don’t know where to start? We’re here to support your efforts!
