Secure Online Shopping Tips for Healthcare Practices

With online holiday shopping season underway, healthcare information security best practices need to be enforced as workforce handling patient data is actively engaged in online shopping as well. When making a purchase requiring account information, including credit cards or personal identification, users should be confident their computer is acceptable for banking account access. Basic minimum precautions include firewall, anti-virus, review of installed programs, with any discrepancies remedied before further use.

A computing device designated to handle sensitive patient information should not be used to download questionable software (i.e., “exe” files) or perform high-risk activities, including the use of certain websites and “plugins.” Visitors, including friends and relatives who may use the computer, should not be granted admin access. The admin profile can setup a limited/guest account to prevent other users from accessing unauthorized information or inadvertently installing malware. It is advised to use a separate computer for at-risk activities; for instance certain online games can provide an opportunity for players to “inject code,” including viruses, into other players’ command console; malicious software can also be disguised as a discount/savings “toolbar.”

Shopping online from a healthcare-compliant computer or mobile devices, whether personally-owned or company-issued, would be considered among the more secure methods; however users must make sure such activity is permitted under their organization’s information security policy. A company information security policy document should specify which activities are acceptable on a computer or mobile devices designated for company purposes, and stipulations will vary between different companies. Employees should be aware provisions in their employment contract may allow the company to install and operate centralized management software on any home computers or personal device used for handling Protected Health Information(PHI). Centralized management software can ensure firewalls and anti-malware software is properly configured and operating system updates/patches are applied promptly, and the software may be able to monitor activity. If unclear on the details, employees are advised to use a separate device for non-work purposes.

Useful links for healthcare staff who wants to learn more about patient data security best practices are provided for your further reading:
http://www.consumer.ftc.gov/articles/0020-shopping-online
http://us.norton.com/yoursecurityresource/detail.jsp?aid=secure_shopping
http://usa.kaspersky.com/internet-security-center/internet-safety/online-shopping
https://blogs.mcafee.com/consumer/10-tips-to-safe-online-shopping/
http://promos.mcafee.com/en-US/PDF/shopping_eBook.pdf
https://www.microsoft.com/security/online-privacy/finances-rules.aspx

EHR 2.0 provides customized information security policy and procedures for healthcare providers as part of our HIPAA/HITECH Compliance Consulting, feel free to contact for more details.
Share this in :
  •  
  •  
  •  
  •  
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.

Subscribe for Updates

Upcoming Events

  1. Managing the Risks of a Healthcare Data Breach

    April 6 @ 12:00 pm - 1:30 pm