Healthcare Data Security Statistics that May Surprise You

Have you noticed the influx of Updated Privacy Policy notifications in your inbox?

Companies in the European Union – and any company anywhere with EU customers – are scrambling to meet the General Data Protection Regulation (GDPR) compliance deadlines. It’s just a matter of time before stricter privacy control legislation is imposed in other parts of the world.

The protection of personal data is an increasingly hot topic. With every news report of lost, stolen or hacked data, we all become a little more uneasy. Businesses ramp up their focus on protecting their clients, and customers focus on themselves.

With recent high-profile breaches of protected health information (PHI) at companies like Anthem and Allscripts, consumers are more worried than ever about their personal data being compromised. It seems to be a double-edged sword. Consumers are wary of sharing personal information – financial and health-related data top the list. Yet as patients, we expect health professionals to have complete access to our health profiles and background in order to make critical diagnoses, quickly.

The very nature of this information makes the healthcare industry a prime and profitable target for criminals. As you would expect, data security for the users of our dental and medical practice management software has always been a priority.

So naturally, I was intrigued by the findings of Verizon’s 2018 Protected Health Information (PHI) Data Breach Report. I came across a recent article by Suzanne Widup of Verizon’s Security Research Team summarizing findings from 1,368 incidents within the healthcare sector covering 27 countries. Interestingly…

  • 58 % of incidents involved insiders. Whether driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 %); curiosity in looking up the personal records of celebrities or family members (31 %); or simple convenience (10 %), poor internal controls pose a major threat to an organization.
  • 70 % of incidents involving malicious code within the healthcare sector were ransomware infections.
  • 27 % of incidents related to PHI printed on paper. Cyber hacking may be in the news, but it seems real breach activity can also be found in the paper trail. Mailed or faxed prescription information, billing statements, copies of ID and insurance cards… these printed documents are commonly mis-delivered, lost or thrown away without shredding.
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI.

At ABELSoft, our Privacy and Security Specialists are intimately involved at every step of product development and quality control. They champion control and vigilance with internal stakeholders as well as with every software user. Here are several short- and long-term measures suggested by Verizon and by our internal team to lessen the risk of some of these challenges.

a. Full Disk Encryption provides an effective and relatively low-cost method of keeping data out of the hands of criminals.

b. Integrated controls (like ABELSoft’s Authorization Manager, for example) define user roles and access requirements.

c. Documented policies and procedures that mandate routine monitoring of internal access demonstrate commitment to vigilance and repercussions.

d. Staff education regarding these policies is critical.

e. Preventive controls for defending against malware installation are key, as is minimizing the impact that ransomware could have against your network.

f. Unfortunately, ransomware attacks will not always be prevented. There are cases where protective technology gets breached and humans get misled. Good backups become the only recourse when preventative measures fail (other than paying the ransom or starting over, which are both unacceptable solutions).

g. Practices should work towards a reduction of paper-based PHI in their environments, and establish a holistic risk management program that protects not only ePHI, but also other sensitive data that they store and process.

As much as we like to think that we have become cyber-aware and digitally vigilant, we know that hackers and sophisticated criminals will try to get past our defenses. We cannot assume that our team members intuitively understand the importance of privacy and security of healthcare data. They must be educated, reminded and monitored to make sure that you remain the reader of cybercrime news reports… and not the subject.

Read the 2018 Protected Health Information Data Breach Report

Related Posts:

3 keys to cyber security: protect, detect and respond

Pharming and Phishing and Smishing… what next? (re-post)

In Control… or not? It’s up to you

Getting Down to Business: Boost Your Dental Practice Financials

I have written in this space about the importance of managing the performance of your dental practice through analysis of cold, hard empirical data. Facts rule. Numbers don’t lie.

At the end of the day, after you have demonstrated clinical excellence, professional achievement and patient satisfaction, the success of your business comes down to financial viability. I may be preaching to the choir: Rarely if ever do I come across a Dentist or an Office Manager who is not interested in improving productivity and profitability. Yet the nagging questions persist:

What should we be measuring?
Where do we start? Where do we sit today? Why?
How do we accurately monitor results and progress?
What is the industry benchmark?
What specific steps can I take to improve and grow?

For us at ABELDent, the answers unfold within our Practice Management By Objectives™ methodology. We have developed a series of KPIs – Key Performance Indicators – to guide your progress. The foundation of the program is the fact that all the data you need to identify and monitor your vital numbers resides within your existing ABEL software database; it’s as simple as generating the relevant reports and performing some quick calculations.

Here are eight quantifiable measures that will get you well on your way to analyzing, managing and ultimately improving your financial performance.

Key Performance Indicator Chart

If you find that your own numbers are below industry benchmarks, consider some of these short- and long-term initiatives:

Improve cash flow

  • Be clear in your communication with patients regarding financial terms and guidelines. Always inform before you perform
  • For costly procedures, ask for a deposit or upfront payment
  • Offer financing plans; limit payment plans to 60 days
  • Accept credit and debit cards
  • Use electronic claim processing
  • Provide statements and/or do regular collections follow-ups
  • Run frequent, regular A/R reports
  • Track patient payment patterns and address any issues proactively

Increase revenue

  • Focus on higher end dentistry
  • Monitor and improve case acceptance
  • Pursue outstanding treatment recommendations
  • Raise fees

Decrease overhead

  • Source less costly supplies, equipment and services
  • Evaluate all purchases based on ROI
  • Increase productivity of staff through training

Build your patient base

  • Ask your patients for referrals
  • Initiate or reinforce marketing efforts
  • Track the effectiveness of each marketing activity

I hope this detailed information is helpful, or that at least it gets you thinking about delivering more focus on your bottom line. Financial KPIs are just one of the facets of the strategic practice management we champion. I invite you to continue this conversation by attending one of our upcoming webinars or by reaching out to our team at any time.

Going Cloud: Three Common Myths Busted

The more I discuss cloud computing with dental practitioners, the more I recognize that there’s as much dis-information floating around as there are facts you can count on.

Moving to a cloud-hosted model is a big decision. Most companies choose it for business agility and cost savings. But there are drawbacks to consider. That’s why ABELDent now features a hybrid solution: Our practice management software users can enjoy all the advantages while minimizing the risk.

To help you separate fact from fiction and support any level of migration to the cloud, I thought it might be helpful to share the truth about the most common myths:

  1. If our data moves to the cloud, our business will no longer have control over our technology.

    Not so!  You still have total control over technology, but your IT department won’t have to worry about constant updates. The time they’re now spending on maintenance and software upgrades will be significantly reduced, allowing them to focus on advancing your organization’s technology and business operations.

    Instead of spending your capital budget on servers, you can think strategically about reinvesting those funds into growth initiatives. (Hmm… what else could I do with those savings?)

  2. Keeping our data on premise is safer than in the cloud.

    Not so!  It’s becoming increasingly clear that companies are routinely hacked without ever knowing it. Your practice may have a security expert, or use the services of a third-party professional. However, most companies can rarely assemble a team large enough to uncover and protect against the hundreds of possible alerts that come through each day.

    Cloud data centres like Microsoft Azure – our proven choice – are singularly focused on security and built with scale in mind. A dedicated team maintains security at the pinnacle of industry standards, using a wide range of processes and regulatory compliance expertise, to prevent, detect and mitigate breaches.

  3. Corporate spies, cyber thieves and governments will have access to my data if it is in the cloud.

    Not so!  This is a top fear about the cloud among many businesses, but it is unfounded. It’s your data, not anyone else’s. You determine access and options, rights and privacy restrictions. Strict controls and design elements prevent your data from mingling with that of other organizations. Physical access to data centres is secured and monitored continuously, and all data centre staff must follow stringent data access protocols.

    A respected provider like MS Azure guarantees that your data will not be mined for advertising or for any purpose other than providing services you have paid for. If you choose to leave the service, you take your data with you.

The more I learn, the more the benefits of cloud computing make solid business sense, especially within the context of our hybrid solution for dental practitioners. As always, we’ve dedicated our development resources to making sure we address the needs, concerns and real-world priorities of our users. Read more about our Best of Both Worlds solution. And please share this with any colleagues who need help separating fact from fiction when it comes to the cloud. It’s good to be on the same page: You’ll save time by not having to argue about these myths.

Is there Room for Improvement in your Practice Productivity?

“If you want something done, ask a busy person.” Do you ever revert to this time-tested pearl of wisdom in your dental practice?

Are those busy people the same ones who have taken the time to fully understand the ins and outs and full potential of your practice management software? The ones who know exactly where to find the information you need on the spot? I’ll bet they are.

The more I speak to Dentists and Managers about office productivity and workflow efficiency, the more I feel the need to champion the critical impact of knowledge on practice performance and growth. Mastery of your software builds confidence, and proficiency with organizational aids like ABELDent’s Patient Manager and Treatment Manager can make the difference between an average and a superior employee.

We all have the same 24 hours in a day. So what’s the differentiator between “can do”and “no way”?

Top performers don’t necessarily work harder – they work smarter.

I came across this conclusion in an article by Santi Arnaiz summarizing a recent study by leadership training firm VitalSmarts. A few highlights:

    • Employees rated by their managers as 9s and 10s on a 10-point performance scale are not only three times more valuable than the average employee, they are responsible for 61% of the total work done in their departments.
    • 83% of managers and 77% of peers say these top performers are less stressed than their coworkers.
    • Asked to describe the work habits of these staff, respondents used these phrases most commonly:

    So how can you make all your workers your best workers? Help them embrace a few productivity practices.

Once just a Threat to Dental Practices, Ransomware has hit Prime Time!

This is my third blog post about cybercrime – ransomware specifically – and the danger it poses to your dental practice management software and data. Last year, I reported that the security company McAfee had charted a 165% year-on-year increase in ransomware attacks.

I also passed along OntarioMD’s bulletin advising extra vigilance about data security; since then, I had not heard of any specific incident involving this nasty activity. Until the middle of December, that is, when I sat down to watch one of my favourite TV shows. I find Grey’s Anatomy quite informative, as guilty-pleasure TV goes. The episode dealt with a data hostage crisis that shut down all electronic systems from OR monitors and equipment to ICU life-support systems and code-locked supply closets and exits. The season-ending cliff hanger saw the Chief of Staff and the FBI at loggerheads over negotiating a multi-million bitcoin ransom exchange. Cannot wait for Part 2.

Grey Sloan Memorial’s life-threatening cybercrime makes for great TV, but it is the kind of drama you definitely don’t want or need. Your practice data is your lifeline to the health of your business. Awareness, protection and vigilance are essential for prevention.

FYI, here’s a link to the bulletin offering good advice about how to deal with such a threat and, more important, steps to take to protect your dental practice in the first place. In addition, some great security tips I assembled for last year’s post. Always worth repeating!

Down the final fiscal stretch

Now that summer vacations have wound down and the annual back-to-school routines have been played out, the beginning of Fall may be a good time to settle back and refocus on how your practice is performing.

Where have you excelled and where have you fallen short of expectations? How do you determine what you need to do to change course if necessary, to reach your goals and grow your business?

We have all heard the adage “If it can be measured, it can be managed.” So true.

It starts with having a routine in place to make this review as effortless as possible. You’ll need to establish the practice benchmarks to target and the appropriate measures to be put in place to track your progress. If you’re a member of the ABELDent community, you’ll know I’m referring to Key Performance Indicators – KPIs – that are the heart of our Practice Management By Objectives methodology.

Defined as “a set of quantifiable measures used to compare performance over a specific period of time”, clearly articulated KPIs allow business managers to keep their finger on the pulse of the practice.

During a seminar we recently hosted with Microsoft Canada, the discussion of KPIs was a popular topic. It resonated with the audience that strong, well-defined KPIs contribute to better decision-making, more appropriate goal-setting, resource optimization and, importantly for many, a more objective, quantifiable valuation of a practice.

We walked through a few examples of how to develop KPIs that support specific practice objectives and demonstrated how they can be produced from within ABELDent software. Our expert then showed how to develop benchmark targets based on the practice profile and goals. These benchmarks can in turn be compared to actual KPI results to determine gaps in performance and the appropriate operational adjustments necessary to improve results.

This is another example of how a project that takes a small amount of time and thought can lead to increased efficiency, tighter management and better ROI on your practice management software.

It’s the best way to accurately examine how your practice has performed in the past, understand where it is today and help predict – and control – what it could do by year end.

ABELSoft Inc. Celebrates 40 Years in Business

“This is a tremendous milestone for ABEL. Our sincere thank you to our employees, customers and business partners for their dedication and loyalty over the years. As we move forward, the company’s strength and its successes will continue to depend on our people, our partners and our clients’ trust,” said Angela Spinks, CEO. Read the full press release