EyeWorld is the official news magazine of the American Society of Cataract & Refractive Surgery.
Issue link: https://digital.eyeworld.org/i/407647
OPHTHALMOLOGY BUSINESS 64 November 2014 by Leah McBride Mensching Ophthalmology Business Contributing Writer Technology and common sense: Protecting practices from hackers L arge chain stores and celeb- rities are constantly making headlines for getting hacked, with loads of customer and personal information stolen. But while big names tend to make the news, smaller businesses like medical practices are at risk, too. "They aren't at the same risk— they're at bigger risk," said Susan Solovic, a small business expert, entrepreneur, best-selling author, and keynote speaker. "If it can happen to a big company like Target or Home Depot, it is abso- lutely going to happen to a small business because they're easy prey, and hackers love to grab data from small businesses." Although doctors and staff members at practices know hacking is a risk and are concerned about protecting their patients' medical and financial data, whether they have time to address those concerns is another issue, she said. "They're busy working in the practice on their day-to-day things that have to get done … so it's easy to put the necessary things you need to do to protect yourself from cyber attacks on the back burner," she said. A running theme in hacking instances has been carelessness, which means common sense and being more careful is the first line of defense. There are 3 easy steps to pro- tecting data, none of which are expensive or time consuming, Ms. Solovic said. First, change passwords at least every 90 days. Second, make sure passwords are not easy to guess. Third, make information accessible on a need-to-know basis only. In other words, only people who need access to specific sets of data should be given an account to log in and access that data. "I think small business owners need to make their employees very cognizant of the way cyber attacks occur—suspicious emails, people asking for information that they shouldn't have," she said. "You have to be very prudent and determined about keeping everyone on alert because it is everyone's responsibil- ity, and it only takes one person to make a mistake." Patient portals Patient portals, which allow patients to create log-ins and passwords to access their medical information and correspond with doctors, as well as pay their bills, are a reflection of how society has changed as a whole. "Younger patients are more open to accessing their information online, so they want these types of things," said Tamim Qaum, MD, an ophthalmologist at Via Christi Clinic, Wichita, Kan. "The trend is toward more and more data and services being available on the computer." Communicating with their doctors electronically, rather than by phone, is important to young- er patients, agreed Bennie Jeng, MD, professor and chairman of the Department of Ophthalmology and Visual Sciences, University of Mary- land School of Medicine, Baltimore. "[A patient portal] keeps up with the pace of society," he said. "Patients have direct access to all of their charting information, whereas before they had to sign a request and say they wanted copies of a record. Now they have everything— in truth, it does belong to them." While putting medical data and payment options at patients' fingertips is an important new facet of patient care, it also comes with risks that both practices and the patients themselves must be mindful of, Dr. Qaum pointed out. Practices must consider all potential sources of information breaches in order to guard against them. "We often think of breaches being external. But the reality is that