Surfing the internet leaves behind a trail — everything you typed and every site you visited was tracked. Even when you click the “X” button to close out of the web, your search history and personal data will often linger. Companies can then purchase this information for commercial reasons, or worse, hackers can steal it and use it in any number of ways. You need to remain vigilant in protecting your privacy, especially when it comes to your protected health information (PHI). These five tips can help:
1. Store your PHI on an encrypted flash drive.
Using cloud-based storage sites can put confidential medical information at risk. These companies don’t have signed agreements to keep your PHI secure, and they allow users to open and trade files with ease. To move your PHI from one hard drive to another, use a secure tool like an encrypted flash drive for further protection.
2. Send secure emails.
Many email programs (such as Gmail and Outlook) offer built-in or add-on features to send secure messages — which requires the recipient to have a special code to unlock — providing greater security than a standard email message. A simple online search can tell you if your email client offers these features. When communicating with your doctor, use a secure online patient portal. Many Sharp doctors participate in FollowMyHealth
, a web portal where patients can safely and securely send and receive messages from their health providers.
3. Create strong passwords.
Do not ever use first names as passwords. Names of friends, family and pets require little effort to find online. A strong passcode contains at least seven alphanumeric characters. Answers to security questions are often deduced from your social media profiles. Entering a different name for a typical question like “What is your mother’s maiden name?” can help. When accessing PHI online, avoid entering passwords when using unsecured Wi-Fi connections — like at an airport or coffee shop.
4. Beware of phishing emails and do not share your login credentials with anyone.
Phishing refers to fake emails that ask recipients to click on links or “claim a prize.” “Oftentimes, these emails are used to trick the recipient into providing login username and password, sometimes without the recipient even knowing it,” says Bryan Kissinger, VP of IT risk management and chief information security officer (CISO) for Sharp HealthCare. If you think an email might be phishing, reach out to the sender via telephone or in person to verify its authenticity before you click or respond.
5. Take precaution when posting in forums.
If you’re asking about your medical condition in an open forum, do not use your real name. Never post anything online that you don’t want made public. The Health Insurance Portability and Accountability Act (HIPAA) protects your PHI when held by your doctor or health insurance, but what you personally post online is not protected by federal security rules.
For additional tips on how to protect your PHI, visit the Federal Trade Commission’s OnGuardOnline