How I protect your confidential health information.

Our security policies protect your health information.

In light of the recent disclosures of the U.S. government engaging in massive data collection of private information about its citizens, I am sure that many people are concerned about the security of their medical information, and whether it can be accessed by the NSA or other government surveillance organizations.

The short answer, here at the Center for Alternative Medicine, is no. The health and medical information that we have is protected from government and other unauthorized access in multiple ways, which I will describe below.

Because of the location of my practice and my somewhat unique skillset,  I have  long taken a security-conscious approach to my patient’s records, an approach which informed the choices I made when we began digitizing patient data. In light of the news over the past couple of days, I have already made some modifications to the Center’s security policies which will further protect my patients’ health records.

Operating System Security

As a first step, as we began to put patient charts into digital form, I migrated all of the office’s computers to the Linux operating system. Linux is a far more secure operating system than either Windows or MacOS. In fact, because of its secure nature, Linux is the operating system that is used by the vast majority of internet data servers, many of which are under daily multiple attack.

Linux security goes far beyond firewalls and passwords. Linux is designed from the ground up to be largely immune to viruses and “trojan horse” programs. Security is built-in to the system’s design, preventing the rather massive security holes which Windows has always exhibited. Furthermore, since all of the software on my Linux systems is open, no secret back doors into the system can exist. They would be immediately spotted by the community which develops and maintains these systems.

 Backup and Online Security

The Center’s secured and encrypted local network is also protected by software which immediately informs me if unidentified devices are attempting to access it, even as that access is being denied. Furthermore, none of the computers which store patient data are accessible to any device outside of our local network.

Off-site backup is handled via encrypted VPN and the data is stored on servers outside of the U.S., in a country where data privacy laws are considerably more stringent than in the U.S. The companies operating these servers cannot be coerced by the government into releasing any information.

Email and Patient Communications

Similarly, the email server I use is located overseas in a country secure from U.S. governmental interference or access. Connection to that email server uses end-to-end data encryption, eliminating the possibility of passive data acquisition of both content and metadata.

Though I have not made a habit of it thus far, I have for years been equipped with the ability to send and receive email using PGP encryption. One of the changes I have made in the Center’s policy this week is to begin providing my public secure key to patients who wish to use PGP to protect our doctor-patient communications. This provides a second level of security.

And while I have on occasion answered patient questions via Facebook messaging, it is something I have never been entirely comfortable with, and have never initiated. One of the policy changes this week is that neither I nor my staff will communicate health information or discuss health issues with patients via Facebook messaging.

How You Can Protect Your Health Information

There are several steps which you can take to protect your health information, and they are relatively simple.

The first is to drop Gmail like a rock. It is clearly insecure, and Google has been part of the PRISM data collection system for years. There are several other systems which offer free email accounts and which are secure and will not disclose your data to the government. The one I recommend is Zoho, though there are several others.

Second, use a VPN for all of your internet activities. The end-to-end encryption of a VPN prohibits anyone from from watching your passage through the internet (and, yes, disable cookies on your browser!)

Third, use an alternative search engine. The amount of data Google collects on you — and provides to the government — is enormous. Your interests are determined by your search habits, and this information is a gold mine for those interested in your health data. There are, however, other search engines that do not collect or store your search data. At the Center, we use DuckDuckGo, a flexible and powerful search engine which also enables you to perform anonymous Google searches. Another popular privacy-oriented search engine is ixquick.

How Secure Are These Measures?

With regard to your health data, I have taken steps to protect your data far and above most other health care providers. Nobody is immune to hacker attack, and I make no claims to that, but I have done my best to ensure that your data remains secure from more than the passive data acquisition that the government appears to be engaging in, as well as typical commercial skullduggery.

Over the summer, I will continue to test and refine our security measures. But rest assured that even at this moment, your confidential health information at the Center is as protected, if not better protected than at any much larger organization.

 

How I protect your confidential health information.

5 ways to absolutely not get hired by me.

None of us really want to be here, do we?

It’s official. My office manager of 13-odd years, Teresa, is moving on. She will be missed, and I’ll write about that later. But right now, I’m in the throes of a replacement search, knee-deep in a swamp of semi-legitimate candidates. And it’s getting uglier by the minute.

If I were smart and good, I would probably get a professional, someone like my friend Bob Corlett at Staffing Advisors, to help me find a new admin. But, like an overambitious homeowner with a dull saw, I’m engaging the project by myself. The trouble is, so are the job candidates. And the results are beginning to look ugly:

This is how my search for a new office admin is going.

So, in the interests of humankind, my sanity, and to bolster the increasingly faint possibility of actually hiring somebody before the next equinox, I am going to share with you, dear candidate, the errors that your predecessors have made that have guaranteed them a place in my personal Hall of Amazing Ineptitude, or in other words, the Would Not Hire Ever file.

 

1. If you make an appointment for an interview, SHOW UP FOR IT.

No, seriously. Wednesday night I scheduled two candidates to interview. Neither of them showed up. Neither of them called.

If I wanted to interview myself, I’d at least get a Mountain Dew and a bag of pork rinds.

 2. Don’t wear yoga pants to your interview.

So long as it isn’t loaded with enough metal to give the TSA the fantods, I really don’t care about your body. I do, however, care about what my patients would think about being greeted by someone in the universal I-didn’t-get-out-of-bed-in-time-to-get-dressed outfit. How would you feel if you came to the interview and I was wearing my bike shorts? Ewww.

A job interview is not a booty call.

3. For the love of all that’s holy, please clean up your email address.

When I am emailing a candidate to schedule a job interview, and I have to send the email to sweaty_pole_dancer@yahoo.com, I’m not going to do it. I’m just not. You could have the best resume in the world, have all the right experience, be willing to sign a 10-year contract and work for $8/hour with no days off, and I’m still not going to do it.

4. And while you’re at it, clean up your social media.

You can bet that the first thing I’m going to do if I may hire you is google the heck out of your name. If 37 of the 40 pictures you’re tagged in have someone holding a handle of marshmallow-flavored vodka, I’m not going to call, because of the very poor judgement such pictures indicate. Marshmallow-flavored? Really?

“I am a responsible, reliable, hard-working employee. And sometimes sober.”

 5. Do not tell me your chiropractor horror stories.

I don’t know even why I have to say this, but it’s happened. More than once. If you’re being interviewed by a chiropractor (me), it is generally regarded as Bad Form to tell me how you, or your nephew, or your Aunt Myrtle had their head almost ripped off by a chiropractor who – gasp! – ADJUSTED THEIR NECK! OMIGOD THE HORROR!

Odds are, I probably adjusted someone’s neck less than an hour before seeing you, and that was probably the umpteenth time I had done a neck adjustment that day. It’s not dangerous. In fact, it is quite beneficial for many people.

No, this is not how chiropractic adjustments are done.

If you follow these relatively simple guidelines, I can guarantee your chances of getting hired by me will go up exponentially. Of course, then you have to deal with the whole working-with-Dr.-Jenkins-issue. But that part is easy. Just ask Teresa.

 

5 ways to absolutely not get hired by me.