Everyone has heard stories about hackers accessing sensitive information — such as Social Security numbers or credit card data — leading to identity theft, stolen credit or tax fraud. But medical record information can also be the focus of an information breach. For this reason, patients may be apprehensive to share critical medical and billing information with you. To maintain the trust of your patients, doing business as a rehabilitation provider requires excellent cyber security controls.

How safe is the Protected Health Information (PHI) of your patients? According to a recent report from Verizon Enterprise Systems, “nearly half the U.S. population has been affected by breaches in PHI since 2009.” Also, according to the report, 18 out of 20 industries experience stolen medical information, and confirmed PHI breaches have impacted more than 392 million medical records.

Rehabilitation Providers who are part of larger healthcare systems usually inherit well established information security policies and procedures. However, their size also makes them a more likely target of thieves. Smaller, private practice clinics are held to the same HIPAA laws and standards as huge multimillion dollar companies and may struggle to provide adequate levels of PHI security. Thankfully, they are not usually the target of data thieves.

However, regardless of your size, any PHI data breach has quantifiable reputational, financial, legal, operational, and clinical repercussions. So, it’s important for your therapy staff to be aware of the potential for information theft, how it can happen, and how to keep your patients’ information safe.

How Do Data Breaches Occur?

According to the Verizon report, 86 percent of all PHI breaches occur in one of the following ways:

  1. Theft of laptops, tablets or jump drives that contain medical records
  2. Accidentally sending medical information to the wrong contact
  3. Theft of information by an employee who has direct access to medical records.

You can keep patients’ information, and their trust of your facility, safe by taking the following 4 steps to protect all PHI touched by your staff. As noted by the report, it can take years to identify the source of a data breach, so prevention is usually the best strategy.

READ  Lessons in Physical Therapy from the Olympics: Inspired by the 2014 Sochi Olympics, your patients may encounter some new injuries.


PHI Safety Precautions

You can take the following steps to help ensure PHI is safe at your facility:

  • Know who’s in the building at all times. Companies that house files with sensitive information take security measures at all entrance points, such as requiring punch codes or security badges for entry. If your facility doesn’t have this capability, you can keep all doors locked except the front door, and require all guests to sign in with the receptionist.
  • Do thorough background checks on all staff. Ensuring your staff has clean records is important to keeping your patients, facility and other workers safe. Screening should include a credit check, criminal background check, and a drug and alcohol screening.
  • Keep technology secure. Your software, website and email system should include safeguards such as firewalls, passwords, virus scanning and data encryption. It may be worth it to hire an in-house IT person (or team), or outsource the maintenance of all your software.
  • Train your workers. In addition to HIPAA training, it’s important for your staff to understand the danger of PHI theft. You can conduct regular in-service training for easy things, such as locking a computer desktop when not in use, keeping laptops safely stored, etc.

For a more detailed analysis of your facility’s Information Security Systems, the US Department of Health and Human Services offers a series of Educational Papers. Protecting PHI becomes more complicated when using electronic tools to communicate with patients, such as email or engaging in telepractice. However, resources are being developed to enable these innovations to comply with HIPAA.  To read about a HIPAA compliant texting app that was recently invented by a physical therapist, check out this article.

Find Highly Qualified Therapy Staff

If you’re looking for talented therapists, contact PT Solutions. We specialize in the placement of qualified PT and OT and their Assistants, as well as Speech Language Pathologists. To learn more, contact our one of our experienced therapy staffing consultants today.

Cyber Security and Physical Therapy: 4 Steps to Prevent Data Theft in your Facility was last modified: by



Write a comment:


Your email address will not be published.