Healthcare practices in Austin, like healthcare practices everywhere, depend on information technology to be able to run their daily tasks. Computer technology plays a vital role in the way you serve and interact with your patients. And thanks to huge advances in computing technology in recent years and concurrent reductions in prices, even the smallest practice can enjoy capabilities that only a short time ago were the sole province of large enterprises.
But the big leaps forward in today’s IT come with some major risks. Your networks and data systems have become your silent partners. If they fail, you’re exposed not only to the hassle and cost of restoring those systems, but also to the lost business during downtime and the potential liability for compromised patient data.
So, the idea for this blog is to take a look at ten commonly occurring IT risks–that can all be quickly resolved once addressed.
You wouldn’t just give every last person at your practice full access to your bank account. Yet many practices have lost control of their network’s user level access privileges, which exposes vital, often protected data to people without authorization. And as everybody in the medical field today knows, patient data is highly regulated: under the audit provisions of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH), the maximum penalty for breach of HIPAA compliance is up to $1.5 million. One of the first steps toward patient data security, and data security in general, is to be sure that the right people have the right level of access to appropriate applications and data.
Many Austin medical practices, like many small businesses everywhere, are allowing team members to bring their own mobile devices to work and to use them for office communications when off-site as well. On the one hand, smart phones and tablets can increase employee productivity and can save you money. But this new “bring your own device” (BYOD) environment brings new headaches, too. Mobile devices are easily lost and stolen–just think how easy it is to leave your iPhone at Starbucks or on the bus. And when these devices are left behind, any information available to the device – including confidential business and patient data – may be vulnerable to illegal access, leaving you liable. Yet many practices don’t have the mobile device management ability to use data encryption and/or remote data wiping to protect their valuable information.
Your network isn’t limited to your own systems. Today, more and more medical practices have team members using consumer-focused services like like Gmail and Dropbox to manage customer communications, share files and conduct business. While these cloud services offer convenience and little or no cost, it’s important to remember that every connection that reaches out from your network may lead to an opportunity for somebody to reach in to your network. It’s important to have a firm understanding of access to your network. A best practice is to run an external vulnerability scan that shows all the ‘backdoors’ that intruders might use to enter your network.
This seems like an easy one, but it is still something that needs serious consideration. Your password protections are only as strong as the passwords themselves. Using easy-to-guess passwords like “12345” undermines the very protection you’re after. Yet employees often fail to establish rigorous passwords. A good, easy practice to increase security is to review your passwords.
If you lost a lot of your data right now, would your practice be able to survive? Too many practices run without a safety net. Or they rely on haphazard, manual system backups which may or may not actually get done. Having an automated back up system that archives your data regularly is key.
There are numerous federal regulations in the healthcare industry that require you to protect patient data, including HIPAA and HITECH. Would your practice be able to withstand a regulatory audit today? The best way to prepare for a regulatory audit is to run regular compliance audits yourself and to correct any found weaknesses.
If you’d like more information on HIPAA compliance, please contact us.
Paperless offices, as we all know, are not quite here yet. And printing requirements can add up to a significant business cost. Having the ability to monitor and control access to printing devices is a best practice that can help you avoid the risk of runaway office costs.
Your network may have inactive users or inactive computers that are still part of the system but not adding any productivity. While these inactive users or computers present an additional cost to your network, the real risk is they may provide windows for unauthorized access to your network. It’s a best practice to run audits to see what’s active and what’s not and get rid of ‘dead’ accounts.
Contingency plans are only as good as the process and practices behind them. Your network not only needs redundancy, but your backup system like backup designated router or alternate domain control have to be tested to make sure they’re online and ready for action.
This is risk number one not only because it’s so fundamental, but also because it’s so common. Every doctor or practice manager has more important things to do then run IT. But not knowing the true status of your network and having real insight into its security or vulnerabilities is a real risk for any practice. By implementing regular monitoring and review procedures, however, you can make accurate knowledge of your healthcare IT status easy to stay on top of.
According Forrester Consulting, 89% of healthcare organizations have at least one team member working off-site one day per week. The realities of mobile computing and more dispersed networks are here to stay. At the same time, the realities of increased federal regulation and protection of patient data–along with mandated transitioning to Electronic Health Records (EHR)–are here to stay as well. Having a proactive, well-thought out IT strategy is key to staying on top of the situation and controlling and mitigating your practice’s risks.
Magnet Solutions Group is an Austin Managed IT Services company.