Many small medical practices are more susceptible to health data breaches because they rely on out-of-date technology and overlook adequate data security protections, according to Kroll Fraud Solutions' annual cybersecurity trends forecast, American Medical News reports.
According to Jason Straight -- managing director of Kroll's Cybersecurity and Information Assurance unit -- many small practices do not have the technical expertise to adopt tools that help prevent breaches. Straight added that other practices have the tools but do not implement or monitor them appropriately. For example, some practices might install data encryption tools incorrectly.
In addition, Straight noted that some smaller practices might not perform routine maintenance of a system if they are planning to install a replacement or upgrade.
In comparison, large organizations often spend more money to protect their data, according to Beth Givens, founder and director of Privacy Rights Clearinghouse.
To avoid health data breaches, Straight recommends that small practices:
- Emphasize a culture of data security that includes training on and enforcement of security policies;
- Create an incident response plan and team that is involved in daily operations of the organization; and
- Establish a document retention policy that describes how an organization handles patient information (Dolan, American Medical News, 1/16).