Chiropractic software obviously plays a vital role in any successful practice, as do software updates, licenses, security features, servers and firewalls.
Providing quality healthcare to your patients is your top priority, so it makes sense to rely on chiropractor software providers to handle these things, whenever possible. After all, maintaining records and keeping your data safe is non-negotiable. But are providers forthright in their products, services and advice? Maybe not.
Here are the things you need to know about data, data protection and liability that your software company might not be telling you.
1. You have a choice.
While your software company might only stress one type of data storage, there are two systems available:
Sometimes called an in-house server, this type of system is located in your office. All your computers are connected to that server, software is loaded onto those computers, and the data that is loaded onto your computers is stored to the server at your location.
Rather than data sitting in your office server, this type of system is in the cloud, and operates similar to online banking. Your data is accessible 24/7, so you don’t have to worry about when you access it, or where you are when you access it.
2. You own cloud-based data.
There’s a common misconception that once your data is stored in the cloud, you no longer own it. This simply isn’t true. You always own your data, whether it sits in the cloud, or is stored on a server in your office building.
3. You can still access data, even if you switch companies.
If you switch chiropractic software companies, there are laws out there to protect you and your access to data.
Under U.S. law, Protected Health Information (PHI) is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual.
Software companies must provide PHI by law, so if you choose to leave and switch providers, you still own and can access that data. Too many legal issues would arise if they didn’t give it back.
Incidentally, the advantage to having a cloud-based system is that it’s easier to access data. So when you choose your provider, make sure you partner with a company that has a long track record with cloud-based data storage and security.
4. A cloud-based company cannot hold your data hostage.
It’s a myth that you’ll only have ownership to your data that’s saved on in-house servers. If you’re on a cloud-based server and you switch companies, your data will be easily accessed and transferred. It is illegal to withhold data in any way.
Client-based servers actually present a different set of potential problems in this scenario. If you want to switch to another client-based server with a new provider, your data will stay on your old server, which means that you have to keep that old server sitting in your office somewhere. Down the road, if you need records from the older system, you’ll have to attach it to a computer and hope the software fires up and can safely interact with your new system. This means that you will need to maintain old servers, even if you don’t use them, plus keep up with software updates and licensing fees.
If you switch from a cloud-based system to another cloud-based system, you won’t have to worry about these obstacles. You can easily access it in a HIPAA-compliant data system, and it’s more secure to switch from cloud-to-cloud, versus between in-house servers.
5. Cloud-based storage is safest from hackers.
In terms of data, one of the biggest concerns chiropractors and office managers have is related to hackers – and not wanting to be targeted. In response to that, many software providers will tell you, “Don’t worry! They target the biggest data centers, not small chiropractic offices.”
The truth is that they will target the easiest system they can get in. And unfortunately, that means client-based servers are the most vulnerable. Here’s why:
Why Cloud-Based Data is Safer
- Stored in a HIPAA-compliant data center
- High-level, 24/7 security
- Utilizes the most-advanced technology
- In case of disaster, data centers have power backup with generators – data will not be destroyed or lost
- Every keystroke is encrypted with banking level encryption, and they are updated as new developments are made
- Includes HIPAA-compliant portal, which is safer
The bottom line? Hackers have the most difficulty getting data from highly secure data centers.
Why Client-Based Data is Vulnerable
- Computers are networked to each other, and connected to the internet
- Without frequent updates and the latest technology, they are easy targets
- Hackers will attack small practice after small practices to retrieve data
- Because online intake forms are on a client-based server system, there’s a big hole in the network
- Hackers can easily access those online connections
The easiest place for hackers to target is the single chiropractic practice provider with a client server that is not in the cloud.
6. Client servers make you liable.
When a hacker gains access to client data, someone is going to be liable, and depending on how you’re storing that data, that someone could be you.
Liability includes fines, and each patient record that is compromised accounts for one occurrence. Fines also apply per occurrence for every year you have records for that patient. So the fines are per patient, per year. Fines can range anywhere from a $100 minimum, to up to $50,000 for every single occurrence.
This can add up to hundreds of thousands of dollars if you are hacked, which could put you out of business.
Liability for Client Server System
- If your data is stolen because of negligence (like outdated firewalls or network security), you are 100% liable.
- The software company is not liable, but in worse case scenario, they will still have insurance protection.
- As technology changes and data security options improve, legal expectations and requirements for client server systems will likely increase.
- As the environment changes for data security, you’ll start to be held more accountable.
Liability for Cloud-Based system
- A HIPAA-compliant data center will have the highest security measures against hacking from the very beginning.
- If it does get hacked, your provider is liable, not you.
- Once you outsource your data, you outsource liability.
If you don’t keep your data safe, and keep up with firewalls, security measures and current software, you’re liable. Hiring out your liability and switching to cloud storage is much safer.
What Should You Do?
Take the following steps to decrease your data storage vulnerability.
- Have a HIPAA compliant expert evaluate your data to identify weaknesses, and help make a plan to safeguard your practice.
- Consult an insurance company regarding business liability insurance, and have some level of data coverage.
- Hire a company that can put that plan in place, and make sure that plan includes moving to the cloud (if you haven’t already).
Find out how outsourcing your insurance billing will save you time and money.