Thursday, February 7, 2013
Envision an assistant seating a pig in your dental chair. Can you see that in your mind’s eye? That is the secret to keeping your dental records secure.
As we gather information (data) about our patients and record it electronically, we have a professional duty both morally and legally to protect that data. This includes personal and credit card information as well as medical information. We worry about HIPAA and protecting personal medical information however the average hacker is more interested in the basic personal information.
A name, address, social security number and a credit card account are pure gold to a hacker looking to steal an identity. On the other hand, hackers don’t really care about an occlusal lesion on tooth number three.
Can you absolutely prevent hackers from ever-ever breaking into your computer? No not really, if they can break into banks and department store systems, they can break into a dental office. On the other hand, can you prevent burglars from ever-ever breaking into your home? No, not really. What you can do is make it more difficult.
Home security starts with a simple lock on the front door and runs through dead bolts, an alarm system, bars on the windows, roaming Dobermans and armed guards. At some point the hassle and expense of that next level of security is not worth the effort. It is the same with computer security we don’t have to be totally impregnable, but we do need to make a reasonable effort.
The first level of security, the lock on the front door, is a password.
We need passwords for two quite distinct issues; internal and external security. Internal passwords limit what practice data staff members can access or manipulate. Having good internal security is all about fraud detection and protection. External passwords are for online accounts such as banks, suppliers, phone services, credit cards, e-services, labs and others. External security protects against unauthorized use by staff members, and more importantly from roving cyber hackers looking to steal your data or manipulate your accounts.
Start with a simple Windows logon password. A logon can do two things. First, it is a simple way to prevent an unauthorized person from using a workstation and accessing or changing information. Second, it can identify who made an entry. In theory an administrator can track every keystroke from any computer in your office. If a particular workstation is only used by one person and if that person has a unique and secret password and if that person never leaves their computer while it is logged on, then it is possible to determine who made every entry.
However, in the real world in a real dental office we don’t use our computers like that. Each workstation may be used by several people during the day, especially in the clinical area but even at the front desk. We almost always leave our computers on when we leave the area. It is too much trouble to log off and log on each time we get up to help a patient, check on a case or talk with a teammate.
Plus Windows passwords are seldom unique and rarely secret. After all if Mary at the front desk is sick today we still need to use her computer. As a result staff members share passwords regularly and usually pick a password they can easily remember. Or they leave a sticky note with the password stuck on the machine.
After the windows logon the next level of security comes from passwords that protect individual applications and even different levels within each application. For example QuickBooks has a password that limits access to the bank and accounting information. Dentrix has several layers of security that can limit access to patient information individual accounts or general practice data.
Again it is useful to think about computer security in relationship to physical office security. The first level of security, the windows log-on, it is the key to the front door. If you don’t have that key you can’t get into anything.
The second level is application passwords. These are like keys to the filing cabinets. This key allows you to get into the charts. However there is still a locked drawer in the Dr.’s office
The third level of security is like the key to the locked drawer where the cash and checkbook is kept.
Top Ten Worst Passwords According to SplashData
- password
- 123456
- 12345678
- abc123
- qwerty
- monkey
- letmein
- dragon
- 111111
- baseball
Computer security experts suggest we use unique passwords for each account, use at least seven characters with a mix of numbers letters, upper and lower case and even symbols. Do not use the same password all the time and do not use the ever popular “password” or equally common “12345”.
The website How Secure Is My Password? can help. You enter a password or potential password and the site evaluates it for you.
For example the word “password” is so common it would be hacked instantly. Something like “drsmith” is better. That would take a hacker 2 seconds to break. Changing it to “Dr.Smith” would require a hacker a full day to break. The best passwords containing upper and lower case, symbols and numbers such as “nX4#e@Lp” (three days to break) are in fact more secure but impossible to remember.
Another approach is to use actual words strung together in a nonsense order to create a long password that you can remember. Which brings us back to the dental assistant putting a bib on a pig in the dental chair. This vivid scene is a reminder for the password assistantbibsswine, which according to How Secure Is My Password? will take 233 million years to break.
The future is coming and it will be amazing!