If you ask a patient what “PHI” or “EMR” stands for, they’d likely answer with a blank stare. But, if you’re the HIPAA officer at your facility, you know all about “Protected Health Information” and “Electronic Medical Records.” In fact, those two acronyms may keep you awake at night.
Health Informatics is not a topic to be taken lightly, but it also doesn’t have to be your source of your sleepless nights.
If the decisions around your company’s health information management systems rest on your shoulders, here’s what you need to know:
There are some key things to look for in a Managed Service Provider.
Take the pressure off of yourself and/or your internal staff and rely on a trusted Managed Service Provider (MSP) to operate your IT for you. Keep in mind, MSPs are a dime a dozen these days. Make sure that yours has a good track record, meets all of your compliance needs (there are a lot), handles break/fix problems, provides proactive support (like routine backups, updates, etc.), and offers excellent customer service. After all, no one wants to call and talk to a grumpy help-desk guy when their email crashes.
Understand where your data is being stored.
There’s a difference between storing your data locally, in a private cloud, or in a public cloud like Amazon Web Services or Microsoft Azure. While any one of those options may be acceptable it’s important to know where your data is being stored. If your data is in the cloud, ask your managed service provider what other applications they’re using. There are a lot of compliance issues related to data security. To avoid major breaches, fines, and potential lawsuits, make sure your sensitive data is only stored in places that follow all of your necessary compliance requirements.
Cloud-based solutions and subscriptions don’t have to be feared.
Some healthcare facilities insist on keeping everything on-premise. But, the security and compliance around cloud-based solutions have matched and in some cases surpassed that of on-site infrastructure. Plus, you get added bonuses like cheaper storage, better support, and less downtime. If you think it’s too costly to migrate to the cloud, remember to consider the costs of your on-site hardware, additional support, and potential downtime.
If you go with a cloud solution, you should absolutely spring for a secondary Internet Service Provider.
If your internet service goes out there is a chance the service provider won’t be able to send help right away, especially in the case of a storm or a major outage. If your internet is down, your business suffers. Invest in a secondary internet service provider so that you don’t experience downtime. Trust us, it’s worth it.
Encryption is a MUST.
One common cause of security breaches is lost and/or stolen devices. If someone snags your laptop or tries to help themselves to your hard drive and it’s encrypted, you won’t have to worry. If it’s not, you will have to report it and could face very large fines and other consequences.
Two-factor authentication should be required.
Setting up two-factor authentication on your email, applications, and your devices is one of the easiest ways to protect your business (and your patients) against stolen passwords and data. With two-factor authentication, if you or someone on your contact list clicks on a link in a phishing scam, it will be a non-starter. Trust us, we respond to A LOT of trouble tickets from people who are worried they accidentally gave their password away.
Getting full server and database backups in place will help you breathe easy.
Everything, and we mean everything, needs to be backed up. Make sure you or your managed service provider is backing up all of your data on- and off-site. Keeping about seven days of data backed up to an onsite device and 30-days of data in an off-site database should have you covered.
Simple staff training will pay off.
When you have your IT systems in place, make sure your staff receives basic training on how to use them. Communicating things as simple as saving files is important. For instance, a lot of people will simply save files to a desktop without realizing that those files don’t automatically get backed up. Then, when something goes awry, everything on that desktop could be lost.
We understand healthcare professionals usually go into their line of work in order to protect the physical health of their patients. But today, protecting your patients’ data is also crucial. Since technology changes almost daily it’s easy to get stuck in outdated tech and experience major problems. Navigating the entangled web of applications and solutions while ensuring your practice remains compliant is a very tough job.
Healthcare facilities are naturally susceptible to security breaches of all kinds. There is a big difference between being vulnerable and being prepared. Make sure you fall into the “prepared” category. That way, when a rogue employee or phishing scam strikes, you can brush it off without reporting it because your IT systems were up to the task. On the other hand, if you miss one backup, or forego encryption or two-factor authentication, you could be facing business-altering fines and lawsuits. That’s just not worth it.
If you are looking for New York IT services to make sure your IT is set up, backed up, and kept up as it should be, check out our services list to see what we can do. Or, even better, contact us today. We would be happy to discuss customized solutions for your particular healthcare facility.
