I’m really going to talk about Dropbox and the recent security issue they had, but before that I want to illustrate something.
When I speak with medical offices about reducing the risk of a PHI breach I generally hear lots of frustration on the other side.
I get it.
Let’s look at this from a different angle.
When I was in college I had a mountain bike. This was my primary means of transportation around school. At that time the “U-lock” was popular.
This was a great lock that perfectly fit around your wheel tire and the bike rack.
The problem was, if you just locked your front wheel, somebody could easily undo the quick release hub on your front wheel and your bike is gone. All the thief had to do is buy a new front wheel.
Your other option would be to connect the u-lock around the front wheel and frame. This made sure nobody could use your bike, but they could pick it up and carry it away. To connect the u-lock around the front wheel, frame AND the bike rack could be a challenge, but was necessary to truly reduce the risk of your bike being stolen.
Great, now the bike is secure…oh, but now people are stealing seats. What? Yep, in order to make adjusting the seat height quick and easy, a quick release was added to seat posts. This made it quick and easy to adjust, but also quick and easy to steal.
I won’t bore you with the steps needed to now secure your seat to your bike, but I hope you are getting the picture – even something as easy as locking your bike really is not that easy.
Computer security is obviously exponentially more challenging.
Some companies have tried to make secure sharing super easy. The problem is, this gets screwed up.
The most recent example of this is Drobox. The details bet boring, but the gist is this: if you uploaded a document to your dropbox (like something to be transcribed, and shared that with your transcriber) that link that was sent to the transcriber (and clicked on) could be viewed AND used by anyone who has webmaster access.
You could easily shrug your shoulders and say, “heck, this stuff is just too complicated, how to ‘they’ expect me to keep up?” Just know, Dropbox found this important enough to turn off the capability to share content this way.
How do you make security easier? How do you reduce the risk of a PHI breach?
You do it by making things simpler in you office, by having clear policies in place (and following them).
It is challenging, but it is far from impossible. Just realize, you’ll probably have to change some of the ways you do business.