Are Patient Portals the Weakest Link in Your Technology?

By October 17, 2019 Blog
Patient Portals

Patients expect the utmost in convenience, with easy access to their personal health information and a quick way to create or update appointments and stay in touch with their preferred medical providers. Unfortunately, these uber-connected accounts may not be as secure as your they need to be — leaving your practice with a significant vulnerability that can be easily overlooked by internal staff members and IT services providers.

Traditional cybersecurity measures are rarely robust enough to provide the level of protection for Electronic Health Records (EHR) required by the federal government. With more than 25 million records breached so far in 2019, it’s increasingly obvious that healthcare organizations need to be more aggressive in instituting security measures for their patient portals. Patient identity management is becoming a growing priority among healthcare practitioners and their IT managed services providers.

Challenges with Patient Portal Security

In one of the rare instances where standard HIPAA requirements may not fully protect patients, these standards do not require multi-factor authentication (MFA) for patient access to electronic protected health information (ePHI). There are significant standards and requirements in place, but are they always enough? The expanding universe of healthcare data breaches points to a need for additional security measures for access to this type of high-value digital information. Data is not only at risk when it’s at rest — or being passively stored within a practice database — but also when it is being transmitted between providers and other staff members. The few moments when the patient data is being accessed by a physician’s laptop, for instance, is a critical moment. The WiFi network, the device being used to access the information . . . each of these components of your security infrastructure must be fully protected to ensure a high degree of security for your information. This is also true of information stored on your patient portal. As practices implement time-saving devices such as WiFi-enabled tablets for check-in or the ability to make updates on a patient’s personal mobile device, the security concerns grow incrementally.

Boosting Security Levels for Patient Access

Unfortunately, patient portals are not being utilized as effectively as physicians would like. A recent study shows that patient access to portals may be increasing, but it’s happening quite slowly. This is an unfortunate situation, notes senior study author Denise Anthony of the University of Michigan in Ann Arbor, “Previous research has shown there are real benefits to portal use. Patients become more engaged in their own health and really stick to their treatments”. Creating a more potent security mix starts with understanding the way your practice will use the information, and how patients will be accessing their information — as well as the information that they will need to view and modify. A few tips that practices can use to improve security include:

  • Encourage use of password manager software
  • Require multi-factor authentication for login
  • Reduce internal access to protected health information
  • Create separate WiFi networks for the exclusive use of connected devices

Defining these rules requires dedicated attention to your patient portal and a strategic understanding of the core cybersecurity concerns in healthcare.

Patient portals may be one of the best ways to stay in touch with your target audiences, but they can also cause a serious security problem for your practice. Don’t let your healthcare business fall prey to the dangers associated with patient logins that are a direct line into the wealth of personal, financial and healthcare-related data that is stored by your practice. At On-Site Computers, we provide your practice with the proactive support that you need to ensure your practice stays fully protected from cybercriminals.

Contact the experts at On-Site Computers today at 833-250-7170 to claim your free initial consultation or to learn more about our cybersecurity recommendations for your practice. You can always chat online with our friendly service staff or submit an online request for consultation, too.

Design & Developed by Himel Shahriar