In a world where an ever-increasing amount of patient information is becoming digital, it is important to ensure the information contained within your EHR and the network it operates on is secure. No one wants to be the source of the next data breach or to lose an entire patient database to a ransomware attack. So, how does one determine if the information they are responsible for is safe?
Beyond your HIPAA policies and procedures, a great way to start is by answering the five following questions.
1. Are data and application configurations backed up and are hardware systems redundant?
2. Is the EHR hosted safely in a physically and electronically secure manner?
3. Are clinical applications and system interfaces tested individually and as-installed before go-live and are they closely monitored after go-live?
4. Are computers and displays in publicly accessible areas configured to ensure that patient identifiable data is physically and electronically protected?
5. Is there a role-based access system in place to ensure that all applications, features, functions, and patient data are accessible only to users with the appropriate level of authorization?
If you answered no or are unsure of the answer to any of these questions your data and network may be at risk. Don’t worry though, there are resources to help.
Begin by visiting healthIT.gov/safer. Here you will find self-guided worksheets (SAFER Guides) that walk you through every aspect of your practice’s EHR safety and redundancy. You can also watch videos, get the latest news and updates from healthIT.gov, sign up for online classes, and much more.
Next, reach out to a local group that specializes in practice consultation. Look for a group that offers free consultations and can offer referrals of satisfied clients that have previously used their services. In your face to face meeting make sure to address any of your concerns. Refer to your completed SAFER Guides and ask how they will specifically address weaknesses you discovered.
Remember your patients trust you and every member of your organization to protect their data. Make your information safe today.