Healthcare Data Security Statistics that May Surprise You

Have you noticed the influx of Updated Privacy Policy notifications in your inbox?

Companies in the European Union – and any company anywhere with EU customers – are scrambling to meet the General Data Protection Regulation (GDPR) compliance deadlines. It’s just a matter of time before stricter privacy control legislation is imposed in other parts of the world.

The protection of personal data is an increasingly hot topic. With every news report of lost, stolen or hacked data, we all become a little more uneasy. Businesses ramp up their focus on protecting their clients, and customers focus on themselves.

With recent high-profile breaches of protected health information (PHI) at companies like Anthem and Allscripts, consumers are more worried than ever about their personal data being compromised. It seems to be a double-edged sword. Consumers are wary of sharing personal information – financial and health-related data top the list. Yet as patients, we expect health professionals to have complete access to our health profiles and background in order to make critical diagnoses, quickly.

The very nature of this information makes the healthcare industry a prime and profitable target for criminals. As you would expect, data security for the users of our dental and medical practice management software has always been a priority.

So naturally, I was intrigued by the findings of Verizon’s 2018 Protected Health Information (PHI) Data Breach Report. I came across a recent article by Suzanne Widup of Verizon’s Security Research Team summarizing findings from 1,368 incidents within the healthcare sector covering 27 countries. Interestingly…

  • 58 % of incidents involved insiders. Whether driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 %); curiosity in looking up the personal records of celebrities or family members (31 %); or simple convenience (10 %), poor internal controls pose a major threat to an organization.
  • 70 % of incidents involving malicious code within the healthcare sector were ransomware infections.
  • 27 % of incidents related to PHI printed on paper. Cyber hacking may be in the news, but it seems real breach activity can also be found in the paper trail. Mailed or faxed prescription information, billing statements, copies of ID and insurance cards… these printed documents are commonly mis-delivered, lost or thrown away without shredding.
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI.

At ABELSoft, our Privacy and Security Specialists are intimately involved at every step of product development and quality control. They champion control and vigilance with internal stakeholders as well as with every software user. Here are several short- and long-term measures suggested by Verizon and by our internal team to lessen the risk of some of these challenges.

a. Full Disk Encryption provides an effective and relatively low-cost method of keeping data out of the hands of criminals.

b. Integrated controls (like ABELSoft’s Authorization Manager, for example) define user roles and access requirements.

c. Documented policies and procedures that mandate routine monitoring of internal access demonstrate commitment to vigilance and repercussions.

d. Staff education regarding these policies is critical.

e. Preventive controls for defending against malware installation are key, as is minimizing the impact that ransomware could have against your network.

f. Unfortunately, ransomware attacks will not always be prevented. There are cases where protective technology gets breached and humans get misled. Good backups become the only recourse when preventative measures fail (other than paying the ransom or starting over, which are both unacceptable solutions).

g. Practices should work towards a reduction of paper-based PHI in their environments, and establish a holistic risk management program that protects not only ePHI, but also other sensitive data that they store and process.

As much as we like to think that we have become cyber-aware and digitally vigilant, we know that hackers and sophisticated criminals will try to get past our defenses. We cannot assume that our team members intuitively understand the importance of privacy and security of healthcare data. They must be educated, reminded and monitored to make sure that you remain the reader of cybercrime news reports… and not the subject.

Read the 2018 Protected Health Information Data Breach Report

Related Posts:

3 keys to cyber security: protect, detect and respond

Pharming and Phishing and Smishing… what next? (re-post)

In Control… or not? It’s up to you

Getting Down to Business: Boost Your Dental Practice Financials

I have written in this space about the importance of managing the performance of your dental practice through analysis of cold, hard empirical data. Facts rule. Numbers don’t lie.

At the end of the day, after you have demonstrated clinical excellence, professional achievement and patient satisfaction, the success of your business comes down to financial viability. I may be preaching to the choir: Rarely if ever do I come across a Dentist or an Office Manager who is not interested in improving productivity and profitability. Yet the nagging questions persist:

What should we be measuring?
Where do we start? Where do we sit today? Why?
How do we accurately monitor results and progress?
What is the industry benchmark?
What specific steps can I take to improve and grow?

For us at ABELDent, the answers unfold within our Practice Management By Objectives™ methodology. We have developed a series of KPIs – Key Performance Indicators – to guide your progress. The foundation of the program is the fact that all the data you need to identify and monitor your vital numbers resides within your existing ABEL software database; it’s as simple as generating the relevant reports and performing some quick calculations.

Here are eight quantifiable measures that will get you well on your way to analyzing, managing and ultimately improving your financial performance.

Key Performance Indicator Chart

If you find that your own numbers are below industry benchmarks, consider some of these short- and long-term initiatives:

Improve cash flow

  • Be clear in your communication with patients regarding financial terms and guidelines. Always inform before you perform
  • For costly procedures, ask for a deposit or upfront payment
  • Offer financing plans; limit payment plans to 60 days
  • Accept credit and debit cards
  • Use electronic claim processing
  • Provide statements and/or do regular collections follow-ups
  • Run frequent, regular A/R reports
  • Track patient payment patterns and address any issues proactively

Increase revenue

  • Focus on higher end dentistry
  • Monitor and improve case acceptance
  • Pursue outstanding treatment recommendations
  • Raise fees

Decrease overhead

  • Source less costly supplies, equipment and services
  • Evaluate all purchases based on ROI
  • Increase productivity of staff through training

Build your patient base

  • Ask your patients for referrals
  • Initiate or reinforce marketing efforts
  • Track the effectiveness of each marketing activity

I hope this detailed information is helpful, or that at least it gets you thinking about delivering more focus on your bottom line. Financial KPIs are just one of the facets of the strategic practice management we champion. I invite you to continue this conversation by attending one of our upcoming webinars or by reaching out to our team at any time.

3 keys to cyber security: protect, detect and respond

Podcast – Technology experts Bill Dungey, IT Manager at Complete Technology Solutions (CTSIT) and Anthony Horvath, VP of Client Services and Operations at ABELSoft Inc. share real life examples about dealing with cybercrime and the loss of access to valuable data.

Listen to this podcast to hear about current trends in cybercrime and discover what makes you vulnerable to hacking and to malware attacks such as ransomware. In addition, Bill and Anthony discuss some best practices for maintaining privacy and security that will help you protect yourself and/or your business.

Podcast

A truly rewarding business trip

As a regular follower of my blog and member of the ABELSoft community, you probably know that my company has long been a Microsoft Gold Certified Partner. It is definitely an honour to be invited to their annual premier event for partners around the globe, this year newly titled Microsoft Inspire.

When I boarded the plane en route to Washington, DC with my colleagues, I had no idea that we would end up on centre stage at the main event just a few days later.

Indeed, there we were during the awards banquet standing in front of a big screen announcing our company’s award as the 2016/2017 Microsoft Dynamics ISV of the Year for Canada!

This level of recognition is momentous.

While we have always believed in the power and value of Microsoft’s products and services, we worked in extra-close collaboration with them over the past year to optimize the use of Dynamics 365 for ABELDent users.

As a result, ABELDent software is now integrated with Dynamics 365 for Financials. We’re even providing a free license to customers to underscore the value of better and faster service and richer enhancements. Today’s ABELDent users can manage their practices with real-time business information at their fingertips:

  • Advanced analytics
  • Integrated accounting, clinical and financial reporting
  • Streamlined Human Resource management
  • Patient acquisition and retention management
  • Inventory management

Partnering with Microsoft helps us maintain our pivotal role in the digital transformation of the dental practice. We’ve always known that our innovative solutions and services exceed customer expectations, help them surpass business goals  and deliver unparalleled value.

Clearly, Microsoft agrees.

Could your dental practice benefit from a digital makeover?

As Canadian pioneers of practice management software with 40+ years of experience, we are very gratified to see how technology has evolved to support every aspect of the dental practice. Today, the office that is operating without digital support is the rare exception.

On the surface, this is a great achievement. Yet when I dig deeper, as I frequently do in business development initiatives, I am surprised at how few dental teams are actually utilizing their technology investment to its full potential. Some may be limited by their choice of simple software that satisfies only basic tasks like scheduling. But many others have invested in more robust software that is just waiting to be optimized.

Wherever you sit, it’s time to seriously examine the state of your technology. Increased competition; heightened consumer expectations; the quest for planet-friendly, paperless solutions; cybercrime… these are among today’s external pressures that will continue to impact your success. For a dental practice more specifically:

  • The security and privacy of your data is more important than ever, yet has never been more at risk.
  • Cloud computing presents the opportunity for huge advances in the speed, mobility, reliability, and storage capacity of data. It can be more cost effective and quicker to deploy while improving the efficiency of backup and recovery.
  • Integrated communication portals enable amazing levels of practice/patient interactivity, heightening patient engagement and loyalty.
  • From a reporting and analytical perspective, your practice data can offer a wealth of valuable insights. Awareness and measurement of your KPIs – Key Performance Indicators – is a gateway to continuous improvement.

If you are not yet tapping into the power of your software, maybe it’s time for a digital makeover… let’s talk! ABELDent Inc. partnered with Microsoft Canada to present an evening of insight that has the potential to transform the success of your dental practice. You can easily access this material online, or call us for customized guidance and exploration.

Pharming and Phishing and Smishing… what next? (re-post)

It seems a week does not go by without news of another hacking incident or privacy breach. Cybercrime is here to stay. I thought it would be helpful to re-post this article from last year to reinforce the importance of cyber vigilance in the practice management arena.

Pharming and Phishing and Smishing… what next?

Three words that did not even exist a couple of years ago – at least not spelled like this – are now mainstream threats. They’re right up there with spam and scams, spoofing and spyware, hacking and botnets, malware, viruses, worms, ransomware, Trojan horses and, yes, WiFi eavesdropping.

I’ve already written about some of these types of cybercrime in this space, in particular the ones that have been known to affect small businesses with big sensitivity to database privacy, like dental practices.

But online fraud is everywhere. I used to think that it was only the naïve non-digital-savvy individuals who got themselves duped with such schemes. No longer. Hackers and scammers are getting more and more sophisticated. Like the recent spate of official-sounding telephone calls directing taxpayers to a spoofed Canada Revenue Agency website to pay re-assessed taxes – that ploy would make most of us sit up and take notice.

So when I came across the Get Cyber Safe website sponsored by Public Safety Canada, I double-checked to make sure it was legit. The site is part of a national public awareness campaign around Internet security and online protection. It is full of great information and advice, from tips to safely dispose of your tech devices to precautions to take when an employee leaves your company. There’s even a downloadable Get Cyber Safe Guide for Small and Medium Businesses and a self-assessment tool that could be quite handy resources.

www.getcybersafe.ca

Even if you don’t have time today to check out this site, at least bookmark it for future reference.

We all need to learn to be skeptical – even if it’s against our nature. We must learn to detect fraud and protect ourselves, our businesses, our patients, our employees and our families from becoming victims of cybercrime.

Ps: I had to look up ‘’smishing’’: it is ‘phishing’ for private information using SMS (texting) rather than email.

Are you Living the Vision, Mission and Values of your Dental Practice?

Audience fragmentation is a challenge that marketers have been grappling with for some time. Consumers can no longer be pigeon-holed into a few contact channels: They are increasingly adventurous, capricious, demanding, and armed with information. Just when you think you’ve built a toehold on a social media site like Facebook, the early adopters have already moved on to the next shiny thing.

Consumers want to understand what you stand for, but they also want you to understand what makes them tick. Increasingly, they expect responsiveness, interactivity and customization.

Dental professionals cannot ignore these trends. The current environment for attracting new patients is competitive to the point where clinical expertise and caring service are just part of the equation.

Market differentiation is necessary to fuel momentum. A practice that can define and clearly articulate what unique advantages they offer to their patients can often move the needle from surviving to thriving.

In ABELDent’s Practice Management by Objectives™ methodology, the development of a meaningful Value Proposition is fundamental to a solid business strategy. There’s a mutual underpinning between the Value Proposition, the Mission, the Vision and Values statements, and the Operating Plan. Learn more about Practice Management by Objectives™.

If you have not yet articulated your thinking on this, your Mission is a good place to start. It should describe:
a. Why you are in business
b. Who you serve
c. How your practice adds value or improves the life of those you serve

Next, explore your Vision:
a. How do you define success, both short and long term
b. How will you and your practice improve, grow and prosper over the next several years

Finally, identify your Values:
a. What’s your patient care philosophy
b. What principles and qualities are important to you
c. What behaviours model those principles

This exercise is both a personal exploration and a team exercise. In order to create a shared vision and encourage buy-in, all staff and stakeholders could be involved.

Your operating processes, practices and systems evolve from this foundation. They define your day-to-day activities within the dental practice, from the business stakeholders to all staff and all the way through to each patient. Inevitably, these emotional connections you create will extend to external audiences and form the basis of marketing communications that reach and attract new patients.