SAFETY
THINKSTOCK
ProtectYour
PRIVACY
Why you should keep your personal health information safe
Did members ofthe royal family go under the knife at an upscale London plastic surgery clinic ? Ahack at London Bridge Plastic Surgery may reveal the answer to that — and many other questions you never thought to ask .
Setting aside the obvious follow-up questions ( Do you care ? Is it any ofyour business ?) and regardless of your curiosity about seeing the picture proof of royal rearrangements , you should be paying attention . The hack speaks to our collective vulnerability when it comes to protected health information ( PHI ).
Why it matters
Youmay think , “ This can ’ t happen to me .” But how do you know ? Consider how your medical provider stores your PHI ( personal health information ). Have you ever seen a physical file ? Do you know where it ’ s stored and who has access to it ? That sort of physical information is vulnerable . It could easily be stolen or duplicated . What about
WRITTEN BY ADAM LEVIN
electronic data ? Everyone knows that just because an entity stores information digitally doesn ’ t mean that it ’ s secure from compromise .
We all have something to lose
Granted , you may not have had any work done at a fancy plastic surgery clinic , but you ’ ve probably been to adoctor — and most likely at least once for an ailment that you ’ d rather not have broadcast to others . The victims of the data breach at London Bridge Plastic Surgery are just like you and me for that reason , even if they are royal . We all have something to lose : our privacy .
The sensitive data theft lottery definitely discriminates — high-end targets pay upper-class ransoms — but you can ’ t rely on your relative obscurity to protect your PHI .
As far as plastic surgeons getting compromised goes , this isn ’ t the first time a high-profile doctor has gotten rolled for photographs and other PHI . And it probably won ’ t be the last , which should be reason enough to get you tocall your doctor and ask how your information is protected . ❖
5STEPS FOR SAFE- GUARDING YOUR PHI
Securityiscomplex andrequires constant maintenance . Hereare five stepsyou should taketo keep your personal health information safe from hackers and others whoare up to no good .
ASK IF YOUR MEDICAL PROVIDER
1 IMPLEMENTS ADATA SECURITY SOLUTION . While it mayseem likea simple question , many providers don ’ t have aclue about data security . The only waytofindout if yours does is to ask .
2
FIND OUT IF YOUR MEDICAL PROVIDER USES AVENDOR . If your medicalprovider uses a vendor , get thename and check out its reputation online .
3
ENSURE THAT YOUR MEDICAL PROVIDER DOUBLE ENCRYPTS YOUR PHI . Your doctor maynot knowwhether your PHI is double encrypted — especially if they usea vendor as theirdatasecurity solution . Either way , push the point . The onlyway we all become moresecureisifwe all demand ahigh datasecurity IQ from our peers and serviceproviders .
4
INQUIRE ABOUT WHO HAS ACCESS TO YOUR PHI . By asking this question youmay be pointing your provider to saferrecords . Only your doctorand other medically trainedstaff with areasonto be looking should have access to your PHI .
LOCATE WHERE YOUR PHI IS
5 STORED AND HOW IT MOVES AROUND . Does your medicalprovider usea cloud server or onsite hardwaretostore your PHI ? Howare the servers connectedtothe network ? Makesurethere ’ sasecure network used solely forPHI and anotherfor lesssensitive trafficorsmartdevices used in the office .
( 201 ) HEALTH | 2018 EDITION 41