With the amount of Protected Health Information, or PHI, stored and secured on electronic media increasing exponentially every year due to government regulations and the industry-wide acceptance of digital media as a cost-effective and powerful tool for the storage and manipulation of medical data, HIPAA Security is now on the forefront of every practice's agenda. This change in priority is not simply a choice, but a mandated paradigm shift for the medical industry as a whole. The HIPAA law clearly states the responsibilities of a practice in regard to protecting the vital health information and history of its patient base, as well as defining penalties for a failure to do so. With networking and internet connectivity becoming a standard and necessary part of your medical practice's day to day operations, some new challenges are also brought to the forefront.
Are your computers and network secure?
This is a question with much broader implications than a practice manager might realize at first. HIPAA covers more than just the basics of security, such as physically restricting access to patient data with locks, keycodes, and procedures, but also the more nebulous areas of security that are now a source of potential breaches with your data stored on computers. Your computers rely on a network for your business to function efficiently. Every device connecting your computers is a potential source of a breach, if software and firmware for those devices are not kept up to date.
Do you have a secure password scheme for each network device?
It is staggering how many offices leave default settings on their newly installed tech, with no idea how easy it is for anyone with a bit of technological knowledge to access and completely reconfigure network devices. With wireless networking becoming increasingly popular, now a potential criminal attempting to access PHI doesn't even need a physical point of entry into your network. Outdated security protocols on your wireless network can make breaking into your system simply a matter of time for even a poorly educated cyber-criminal.
Are your computers' operating systems up to date?
HIPAA law requires your computer software to be up to date with the latest security patches. If you're still running Windows XP, your computers are no longer HIPAA compliant, because Microsoft has ended support for that operating system and it is now a major risk for intrusion if that computer has any connection to your network or the internet at large. Even one outdated machine on the network is technically a HIPAA breach, and needs to be addressed.
Are you aware of all the places your Electronic Health Record saves its data?
Many products store data locally on your hard drive, and if your machine is not properly encrypted then that data is easily accessible to any type of criminal. Many of the worst HIPAA breaches on record were caused by a criminal walking out of an office with a misplaced laptop or hard drive. Those breaches all could've been prevented with proper security measures, such as encrypted hard disks.
A HIPAA security audit is now more than a recommendation, it's a necessity. With the launch of the CMS EHR Incentive Program, a HIPAA security audit is a yearly requirement for your practice to achieve Meaningful Use. The experts at Junction PC bring decades of inside industry knowledge of medical software and cybersecurity together in an efficient and effective analysis of all the potential vulnerabilities of your medical office, from the most mundane to the most complex. We will provide you with a clear path to HIPAA compliance, recommendations for the future, and offer full-service solutions to your problems, whether it be office-wide disk encryption, elimination of messy paper trails, or anything in between.
Let our knowledge and initiative be your greatest tool in the struggle to achieve peace of mind knowing your network and your vital PHI are secured, and your business is compliant with all of the latest rules and regulations. Junction PC will provide certificates documenting your completion of a successful yearly audit, which you can proudly display to your patient population, giving them one more reason to feel satisfied with you as their choice of provider. The safety of personal information is a growing concern of patient populations as well, and our technological expertise and stamp of approval can provide you one more way to assure them that they're safer than ever in your hands.