Protecting Online Patient Data

At the time of writing this article news has just broken about a breach of data protection for TalkTalk’s customers, just the latest example of personal information stored online, being compromised. Barely a week goes by without similar stories hitting the news and there’s no area of our online life that’s immune. The situation is summed up by Eva Velasquez, CEO of Identity Theft Resource Centre who says “There are two kinds of consumers – those who know they’ve been breached, and those who don’t”

By its nature the healthcare sector deals with sensitive and personal information so there’s an inherent responsibility to protect patients’ right to privacy. However, according to a recent report by IS Decisions 87% of healthcare staff are still able to logon on to different devices simultaneously, 37% are required to manually log off and 44% do not have unique logins.

It’s often said if its happening in the US then the UK won’t be far behind and there are increasing reports of unauthorised people looking to extract protected patient information from health care providers. Scam artists will try any means to get access to patients’ billing and insurance information that can be used or sold on. Cases of uninsured patients using others insurance details and health care providers making fraudulent claims in insurers are on the increase and it all stems from a lack of security.

The challenge, then, is how to maintain security for sensitive patient information while ensuring the right healthcare professionals have the necessary access to provide the best treatment and service for their patients.

One area of patient data transfer we’ve recently been looking at is the proliferation of online patient appointment booking systems now available to orthodontists. As more and more patients shop online for information, products and services, it’s clear that offering a web experience that provides comprehensive and persuasive information should also offer patients the chance to book appointments once they’ve finished browsing. Some patients simply prefer to book without calling so why wouldn’t practices want to offer this option?

Typically, the patient is asked to register and supply personal details; name, age, address etc..and this will generate a unique ID with password and login details. The patient will then be able to book appointment slots, choose the practice and orthodontist they’d like to see and provide details of the type of appointment they’d like; first consultation, follow-up, type of braces they’re interested in etc…If there’s no credit card or payment information required then most people won’t think twice about supplying this level of personal information.

What most people are blasé about is the fact that data is now currency, traded between internet scammers and even reputable agencies who value it as a means to target groups and individuals for marketing and advertising purposes. The big question for orthodontists, then, is who has access to your patient data?

The answer to this depends largely on what software system you use to control online appointments. If the booking is made on your own website and the data transferred directly to the server your website is hosted on, then, in theory, the only eyes who can view it will be determined by you. You should be able to set the different admin user levels so you’ll know exactly which staff in your practice have access to patient data. You should also have the ability to set different admin user levels for different staff thereby controlling who sees what information, within your own organisation. This level of control, though not full-proof, at least gives you, the Principal, the opportunity to control access.

The online appointment system FooCo has recently launched is wholly designed to be configured on your website’s server; a simple & safe booking system that fits seamlessly on your website. Alternative systems often take your patient away from your website to a third-party website as soon as they click book an appointment. The problem with these systems is your patient data is compiled and stored on another company’s server before being transferred to you. It means there’s more potential for data abuse. How well do you really know the third-party controlling your patients’ information? What safeguards are in place to stop, say, a disgruntled employee from another company, someone you’ve never met, selling your patients’ data?

When The Pentagon’s website can be hacked it’s safe to say there’s no online security system that guarantees 100% data protection but that’s not say there aren’t precautionary measures an orthodontic practice can take to make patient information as secure as possible.

FooCo are offering all readers a free online demo of our new online patient appointment booking system, just call or email for details.

Author Biography:

Malcolm Counihan is the founder and MD of FooCo Video & Marketing. Launched in 2007 FooCo now helps over 600 healthcare clients with their marketing and communications. Orthodontic clients benefit from an array of products and services including; website design; video production for websites and waiting-rooms, brace care videos and other design and printing services.