HIPAA... Have you heard of it? Has your IT vendor heard of it? I'm pretty sure that at this point in time you have heard of it. You may actually be very familiar with HIPAA and what it's intended for. You may even know the Privacy Rule like the back of your hand. But have you taken the time to delve into the Security Rule and what it's purpose is? What are the rules? How are they implemented? Or the Omnibus Rule which was passed in 2013? This is where having the right IT partner would be best for you and would save you a ton of time and headaches over the security rule and everything it entails as well as save you from the heartache of an actual breach and all the consequences that come with that.
The entire purpose of HIPAA in a nutshell is to protect patients from having their health information wrongly distributed either verbally, on paper or electronically to either a person who does not have permission or the worse kind, through a data breach.
While you are doing everything in your power to protect the verbal and paper health information, have you done enough for the electronic Health Information (ePHI)? Do you have someone on your side, helping to protect you and your business?
Here is why an IT Managed Service Provider who knows the Security Rule and technology like the back of THEIR hand would be the best IT partner for you:
- Antivirus software is NOT enough. This should be considered the first layer.
- Monitoring the antivirus software would greatly increase your protection by ensuring that the antivirus is doing its job. Think of it as a home alarm system. The panel in your home gives a signal but if no one is watching it, the panel is useless.
- Support or actions that need to be taken in response to the activity that comes up during the monitoring. Acting fast could be the crucial difference in a data breach or how much a virus can destroy. Because remember, ensuring that the wrong people don't access this data is only a part of it. Under HIPAA, you also have the responsibility of ensuring the right people can access the data as well. Which leads me to the next point:
- Having a backup is great... many think... well I have an online backup so I'm good... But what happens during a disaster and the internet is out? Having a number of backups is never a bad thing. Onsite and Offsite backups should always be put in place. Onsite backups will get you back up and running faster in the event of a disaster and offsite or online backups will provide the ability to grab a single file quickly if needed.
- So you have a both kinds of backups in place. Now what? Having someone that monitors the backups and ensures the data is healthy would be the next step. What's the point of having a backup that will have corrupt data or would have stopped working because of an error without anyone noticing!?
- Lastly, having support to fix these issues before they become a problem is the best way to protect yourself and your data.
- A unique user identification is required for every employee; when employees leave, their logins should be removed. When a new employee is hired, a new log in has to be created and it would be best if their user account had the right permissions of what they are or aren't allowed to access.
- Password control for each user is also highly important and can become time consuming to manage as well.
- Workstation protection with antivirus but also with items like automatic logoff so that a screen isn't up and visible when someone walks away.
- Maintenance on workstations to keep them up to date on security patches and vulnerabilities.
- Content management to ensure that workstations are being used properly and responsibly.
- And of course support for anything that may come up on any workstation from any spyware, pop ups or software errors that may come up during usage of a workstation.
All in all, managed services from the right IT vendor would not just save you and your employees time and headaches from dealing with any IT related issues, but it would keep you in control and ahead of any possible issues as well as give you access to fast acting support when an issue does arise. All things that would help you to be in compliance with the HIPAA security standards.
So, ask yourselves this; What is the worth of your network being protected? What is the worth of your practice being protected? What is the worth of the security of your patients information?