Most medical practices have permitted key business partners to access critical IT systems remotely. This is usually done to provide fast and efficient support of these systems. It could be an EMR vendor that needs to access a database, or perhaps a third-party IT service provider that will access systems for updates. Regardless of the requirement, every form of remote access that is provided to an outside party is a potential risk.
Many practices are currently leveraging Microsoft Office 365 for e-mail, file storage, and internal collaboration. Unsurprisingly, the number of threats targeting this information (phishing attacks, compromised credentials, etc.) continues to grow at a rapid rate.
As we enter into the last few months of this challenging year, many practices will be looking to perform a HIPAA IT Security Risk Analysis. When considering the approach to this year's analysis, it's important to consider any changes that may have been made to critical IT systems as part of the practice's response to COVID-19.
Over the past few years, you may have heard about companies, app makers, and service providers launching two-factor verification or two-factor authentication.
The importance of a having well-designed website and creating an online presence is crucial to your medical practice now more than ever, regardless of how the pandemic affects your marketing outcomes. You don’t want to risk deterring new and current patients from using your practice.
The National Institute of Standards and Technology has published a bulletin that provides several key reminders for people who have had to shift to working remotely as a response to COVID-19. The guidance, which can be found in full at the link below, summarizes previous NIST guidelines for working safely when out of the office.
On March 19, the Alabama Department of Public Health (ADPH) issued mandatory health orders to medical practices statewide to delay all elective medical and dental procedures until April 6th. On March 28, the order was amended such that non-emergency procedures are postponed further notice. Under these guidelines, Medical and dental practices have had to reduce office hours and/or close their office.
By now you have probably heard this and read it a thousand times. But one last time, we will cover it with some background on the whys and how’s.
Information Technology now dominates almost every part of our daily lives and in most cases, we do not have to think or worry the outcomes. We trust that what we input on our phones, keyboards and tablets will result in the right answer. With these repetitive motions it has allowed our business to grow and flourish. But what happens when those items break?
VoIP is a game-changer for the healthcare industry’s communication landscape, allowing for quicker, more reliable communication. However, it also brings with it a multitude of HIPAA concerns that can be confusing to navigate.
There is no one simple solution that will eliminate all business security risks. However, organizations can build a robust internal culture of security that can profoundly decrease those risks. This approach starts from the top down.
Over the last few years, cell phones have become computers, capable of much of the functionality that your office computer has. This is also true for small portable devices such as iPads, Windows and Android tablets. Are these devices and applications as secure as those you use from your clinic? In most cases, the answer is no.
Over the past several years the healthcare industry has become the number one target of cyberattacks. These attacks have exposed tens of millions of customers’ identities worldwide, costing an estimated $1 billion USD in losses.
A recent global study by the Ponemon Institute finds that the financial damage caused by a data breach has risen by 6.4 percent in the last year and now costs companies an average of $3.86 million each.
January 14, 2020 is a special day for Microsoft Corporation (you know that little company that controls 82.88 percent of the computer software market share). On that date, Microsoft will end the life of some of the major software that businesses use. End of life means that the manufacturer will no longer support the product. This list includes:
A look at the calendar tells us that we only have a short time left in 2018. That means many practices will be looking to complete their Security Risk Assessments in order to either qualify for the 2018 Merit-based Incentive Payment System (MIPS) or to simply fulfill their obligations to comply with the HIPAA Security Rule.
National Cybersecurity Awareness Month was created in 2004 by the Department of Homeland Security and the National Cyber Security Alliance to remind us that each we all have the power to make the Internet safer.
One of the most frustrating things PC users can experience is slow performance or freezing while using their normal programs. It can make even the simplest tasks take several times longer and greatly slow down your work day, which impacts patient care as well. While it will sometimes mean there could be hardware issues and your PC needs an upgrade, there are several steps that you and your IT support can take to speed up the performance of your PC through cleanup tools, anti-virus and anti-malware scans, or optimizing settings.
Is your EHR application in the cloud or are you considering moving to a cloud based provider? If so ensuring that you know the providers processes for data backup, disaster recovery and overall security are extremely important.
One of the greatest challenges facing the healthcare industry isn’t a political issue, it’s a geographic issue. What if I told you that approximately 50 million Americans (17 percent of the total population of the US) have limited access to high quality healthcare because they live in rural communities? Rural healthcare has a unique set of challenges including not only geographic but also economic and lifestyle factors.
Malware are created with the intent to damage or disable our mobile devices, computers or servers. These attempts can include disrupting computing or communication operations, trying to steal sensitive data, accessing our private networks, or hijacking our systems to exploit their resources. With the tremendous growth in email and internet use over the last couple of decades, we have seen a corresponding explosion of growth in malware
One of the greatest challenges healthcare organizations face today is clinical application interoperability – the communication between computer systems, applications, or software to allow them to work in conjunction with one another.
According to the Ponemon Institute – www.ponemon.org - the average cost of a data breach was $3.62 million dollars. This breaks down to $141 dollars per stolen record. International Data Corporation – www.idc.com – estimates that globally data storage will grow ten-fold by 2025 total of 163 zettabytes (a trillion gigabytes) by 2025. Data is stored in a vast range of devices including your smart phone, laptops, notebooks, workstations, tablets and even on your smart TV. Most businesses focus on the technical aspects of how to avoid data breaches (firewalls, anti-virus, security patches, etc.) and often how physical technical assets are destroyed at the end of their life are often overlooked or do not have a set process in place.
They were surprised, and you likely be will, too. Of the hundreds of healthcare organizations I’ve helped document HIPAA and meet compliance requirements, most are unaware that their Patient Health Information (PHI) is exposed in some way. If a cyber attacker took advantage of this situation, it could cause damage to your patients, bring giant HIPAA fines, and a loss of reputation.
If you surveyed managing physicians and office managers from the Birmingham area about their business continuity plans, how confident do you think they would be with their Disaster Recovery solution? Do they feel prepared? Have they even thought about it?
We hate to break it to you, but there's a HIPAA requirement you’re more than likely doing wrong. The Department of Health & Human Services’ Office for Civil Rights (OCR) is cracking down on requiring a true Healthcare Security Risk Analysis.
Most companies assume their cyber security is pretty good… until a breach happens and then you find out where the holes were. We often find that apathy and a lack of being proactive may cost you lots of money. An annual security audit is a necessity for all medical practices and companies in todays ever changing world of technology. It is a vital part of protecting your digital assets and cyber security plan for your organization. It’s not just about discovering any vulnerabilities or shortcomings, rather it’s about opportunities to strengthen your network security.
We all recognize that healthcare is evolving at a rapid pace. With this evolution, the need to share patient information to positively impact quality care, provide a seamless patient experience, plus save time for your staff to coordinate care is of critical importance. By making the most of new technology, today’s office equipment can easily and securely, help you do just that.
Your business' data could be compromised by the most unlikely of sources -- your own IT manager.
Over the past couple months, I’ve encountered multiple chilling examples of IT staff gone rogue. Of course, this isn't happening every day. But when it does, it's especially damaging to organizations with a one-person IT department. These lone IT managers often hold the keys to the kingdom. No one person - IT expert or not - should ever have complete control over passwords, access, processes, etc. Why? Consider these two recent incidents:
Did you know a single patient health record can earn cybercriminals 10 times the price of a stolen credit card number on the black market?
The Office of Civil Rights is auditing small and large healthcare providers alike, imposing multi-million dollar fines in some cases. Meanwhile, the same electronic storage, mobile devices, and cloud-based applications that patients, doctors, and healthcare staff want to use often compromise a practice’s ability to keep that patient data safe.
The internet is a necessary part of the healthcare world today. This forces us to deal with the issue of managing employee Internet usage which can be a drain on your organizations productivity. This holds true in the healthcare industry whether you run a small clinic, large practice or hospital.
Recycling electronics is a great way to help conserve and reuse valuable resources and materials found in many gadgets, including glass, plastics, and various metals such as copper, gold, palladium, and silver. Many electronics, especially computers and televisions, contain toxic materials such as cadmium, lead, and mercury. Recycling and reusing electronics helps to keep these toxic materials out of our landfills and water supply.
When choosing an IT company, you’re selecting a partner that will be yoked to your business. As such, it is not always the traditional, technology-related questions that reveal the most helpful insight into a potential partner.
Devices that store information are now everywhere and used multiple times by most people on a daily basis. From PCs, to laptops, to phones and tablets, to USB keys and external hard drives – the amount of data that a person can potentially store has grown exponentially over the past decade. While the convenience of near unlimited storage is very appealing, it also introduces new challenges.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: