close
Essential Information on Data Security: Things All Clinicians Need to Take Into Consideration

Essential Information on Data Security: Things All Clinicians Need to Take Into Consideration

September 16, 2016data protectionDigitalTech383Views

As many of you may know, today is a busy consumer day as the new iPhone 7 is released. The buildup to the release of the iPhone 7 from the keynote speech to today has prompted me to think about how we manage, migrate, modify, and most importantly protect our data. The more data breadcrumbs we leave behind, the more we need to be aware of what we can do ourselves to protect our data.  Each time we browse a shopping site, browse our Facebook feed, or log onto a site that utilizes cookies to personal your surfing experience (this happens in the majority of sites you visit in your daily browsing experience), we are leaving behind a trail of where we’ve been and providing data about our tendencies.

Although there is data protection built into all many of the cloud services we use today, it is advised that you think about the things you can do yourself to keep your data protected. As a clinician, we have HIPPA standards to abide by, but I think it’s more important to protect your data than the legal minimum. Just think of the big data breaches in the recent years, the 68 million Dropbox passwords compromised, the 40 million credit cards compromised at retailer Target, the 80 million patient health information comprised by the Anthem Insurance Company, to the Panama Papers data leak compromising private financial information of many world leaders.

I suggest that you review this article at a later time to take inventory of how you protect data. This is meant as an introductory article that will allow to assess and adjust how you protect your data. Much of the information here is through my own use, experiences, and research on how to protect data dating back to when I first started graduate school and started working on patient health information (PHI). I also want to reveal that I enjoy organizing and that data protection is something I enjoy doing and hope that I can pass on wisdom so that you do not experience any pains related to data protection and being hacked, digitally or physically.

I will cover some basic areas and make a few suggestions about data protection. Future articles will expand on each of the sections below and discuss more about data protection that was not covered here.

Passwords

One of the essential things you should do about the passwords you use throughout your life is NOT to reuse passwords at all. If there is a data breach/leak in one of the services you use a password and you use the same password across services (e.g. banking, financial, email, clinical), the potential for someone to access and wreak havoc is high. All one needs is your main email address and the common password, and they can have a computer try many popular sites to take over your account.Creating

Passwords. Always mix up the passwords and be sure to use a capitalized letter, number, and symbol. Some services may not let you use symbols. When I was an intern at NASA Ames Space Center two decades ago, they wanted us to have non-English phrase passwords that included numbers, letters, and symbols that were a minimum of 8 characters in length. The best you can do to protect yourself is to have your passwords set to maximum of what the service accepts. This can be easily managed through a password manager (discussed briefly in the next session).

Password Manager. It is important to come up with unique and sophisticated enough passwords for each account you create. To do this in this age and manage passwords and accounts, it is quite simple with the assistance of a password manager. My recommendation is to use 1password as it syncs and works across all of the popular software platforms (MacOS, iOS, Windows, Android). I will post a tutorial on this in the future.

Two-Factor Authentication

Whenever a service offers two-factor authentication or secondary authentication, use it! Two-Factor Authentication is an extra layer of security that requires not only your password, but also another type of credential that you only know to access your account. This typically is something like a 4-6 digit pin that is emailed, texted, or pushed to your devices or a password, or a pattern. These are some of the popular services that offer Two-Factor Authentication: Linkedin, Twitter, Microsoft, Apple, Google, Dropbox, Tumblr, Snapchat, Paypal, eBay, and Amazon.

File Protection

This one is especially important for clinicians to pay attention to. The shift into digital data for clinical settings has been slow, but more and more clinical settings have started to incorporate some sort of digital data that includes patient health information. Although each clinic may have their own security policies, the policies are often not enough and more can be done if it is managed by someone who is current on data security (which I have to say that a good number of the people in charge of IT in clinical settings are not very well versed for various practical/financial reasons). This does not mean you are at their mercy. You can take your own steps to step up your data protecting game. Here are some of the common ways to protect files. One of the best ways to protect your data is to utilize some file encryption. Here are some popular ones. For MacOS: VeraCrypt, GNU Privacy Guard. For Windows: Bitlocker, Veracrypt, GNU Privacy Guard.

Built-in disk encryption. This is very technical in how the software and hardware work together to encrypt your entire hard drive from certain types of data attacks. In a nutshell, if you have it turn it on, if it is not on by default. MacOS (FileVault), Chrome OS, iOS, Android, and Windows 10 Professional has it built in.

Emails

When it comes to securing your emails and files in your emails, the rule of them is that assume that your emails can be easily compromised. This means that do not send any patient health information or anything you want private unless you have utilized some type of end to end encryption. End to end encryption typically means that both you and the recipient have some way to lock and unlock, which often times most people do not do this or know how. Simply protecting your end is not enough to ensure that a file is protected.

This article serves as an introduction to the importance of security, especially for a clinician. This is important not only for clinical setting but also in your personal life. I will help to simply each of the sections briefly discussed to make it easier to digest and for you to come up with your own data protection management plans.

If you have any questions on the topics discussed in this article, please comment and I will do my best to answer.

There are no comments yet