12
|
Volume3 Issue2
CDA
at
W
ork
Inwhatwaysdoespersonal computerusecreatea
security risk forpatienthealth information?
Malware (malicious software) canbeused togainaccess toyour patient
data, andpersonal computer usecancreatea riskof introducingmalware
toyour business. Thebiggest areaof exposure that I see is emails
coming into thepractice. Evenhavingyour owndomain, like
dentist@
mypractice.com
, doesn’t ensure security. You reallyneed tohaveemail
securityon topof that; otherwise,weendup relyingonhumanbehaviour
todecidewhether theattachments coming inare safe toopenor not. A
goodalternative toemail is theuseof a secureportal that dentists could
use todropX-raysor reports and theyget pickedupat theother end.
Generalmisuse related toweb surfingor downloadingfiles canalso
exposeyour practice to security risks. Peoplewho sharefiles—not files
within thepractice, but fromhome—alsocreatea security risk. Photoson
aUSB key, filesonanexternal harddrive, dataonour phone; anything that
plugs inwithaUSBcordcanpotentiallybringmalware intoyour business.
Are thereanyparticularquestionswe shouldask
vendorswhenwe’reacquiringnew technology?
Beforeacquiringanew technology I recommendconductingaprivacy
impact assessment; it’smandatory toperform theseassessments for
hospitals andgovernment institutions.Whenmycompany is called todo
anassessment,wemake surea technologycanbe safely implemented.
Weconsider how thedeviceconnects,what dataor partsof thenetwork
it accesses,whohas access,whether data is exposed tovendors, and if so,
howdo they keep that data secure.
Whydoyou think somedentalofficesdon’t take
suitableprecautions?
Inmyexperience, therearea few reasons for this. One is
naiveté.
Dental officesgenerallyoperate in isolationof hospitalsor government
institutions and thereforedon’t haveaccessor exposure to the training
and security infrastructureof these larger centres. There is also sometimes
denial
, acomplacencyabout privacyand security issuesbecausedentists
don’t thinkhackerswouldbe interested in their data. But adental office
is a treasure trove for ahacker—therearecompletehealthhistories,
mother’smaidenname, birthdates andevencredit card information. I
think somepractitioners feel sobombardedwithcompliance issues that
maintaining theconfidentialityof patient health informationendsup
takingaback seat. And lastly, thereare
budgets
toconsider. Sometimes
there’s a sense that onceall theequipment isbought and inplace, there’s
notmuchmore that needs tobedone.
a
VisitOasisDiscussions
to listen to the seriesof
interviewswithAnneGenge
on these topics.
Dental staffcomputeruse, safepractices
Strengtheningyour ITsystemandcomplying
withprivacy laws
What isRansomwareandhowcanyouprotect
yourpracticeagainst it?
Whatarethekeysecurityquestionsyoushould
askwhenacquiringnewofficetechnologies?
Whataretherisksassociatedwithdigital
communications?
...adental office is a treasure trove for ahacker—there are complete health
histories,mother’smaidenname, birthdates and even credit card information.
This interviewhasbeeneditedand condensed.
Theviews expressedare thoseof theauthor anddonot necessarily reflect theopinionsor official policiesof
theCanadianDental Association.
How secure isyourpractice?
Access freeassessment toolsat:
