Keep Your Patient Data Off the Dark Web

You may think that there is little to no chance that your patients’ data will end up on the so-called “dark web,” a part of the world wide web where the work of operators is untraceable. But why take any chances, two experts asked during the American Society of Cataract and Refractive Surgery’s 2018 annual meeting in Washington, DC. 

Renee Bovelle, MD, an ophthalmologist at Envision Laser & Eye Center in Annapolis, MD, and Rob Campbell, MSc a cryptologist and cyber-security specialist, provided best practices for network protections, as well as HIPAA considerations. For starters, train staff and employees to recognize that attackers try to deceive users into clicking on malicious links from otherwise normal-looking emails. Consider contracting with a security team that can test your organization’s awareness with simulated phishing emails. 

To ensure HIPAA compliance:

• Request audit and breach notification from software companies.
• If using web-based platforms, make sure patients sign separate HIPAA authorization and informed consent forms.
• Develop specific procedures to cover video conferencing and messaging.
• Don’t use these platforms with vulnerable populations.
• Limit such platform usage to certain clinical conditions.
• Only use secure platforms with if you have an audit trail and breach notification. 

Bovelle R, Campbell R. How to keep your patients’ data off the dark web. Talk presented at: 2018 ASCRS-ASOA Annual Meeting; April 13-17, 2018; Washington, DC.

Chichirez C, Purcarea V. Interpersonal communication in healthcare.  J Med Life. 2018; 11(2): 119–122. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6101690/