Business Resources
by Category






Try our "Virtual Buyers Guide!"
-flip through the pages!
-search by keyword!
-download to your desktop!
-forward to a colleague!
< Home  < Articles  < Article Details

 
 
Technology: Do You Know Where Your Data Is?
Five easy steps to total tech security
By Robert Anthony

Your practice has implemented an EMR, and the software vendor has made it compatible with your practice management system. Maybe you even submit claims and receive lab results and EOBs electronically. And why shouldn’t you? It’s fast, easy, and automated.

It can also be dangerous.

In the rush to move practices into the 21st century, security is sometimes the first casualty. Every practice wants the electronic tools that will make it the most efficient, but — let’s be honest — most practice administrators and physicians don’t know much more about computers than how to plug them in.

“As more and more of us convert to the electronic environment, we’re really entering some unknown territory,” says Susan Miller, administrator for Family Practice Associates of Lexington, Ky. Miller, whose practice has been using electronic management tools since 1999, knows just how daunting a task Internet and computer security can be, but she also knows how important it is.

Under HIPAA regulations, every practice must take steps to protect the confidentiality of electronic patient information. Failure to take those steps not only exposes your patients to risk and potential fraud, but it can also result in some pretty steep penalties: Civil penalties for noncompliance can cost you $100 per violation (that’s per patient record!), or up to $25,000 per year; criminal penalties could cost you as much as $250,000 and ten years in prison!

The good news is that electronic security doesn’t have to be complicated. Follow these five easy steps, and you’ll be on your way to an efficient electronic environment that is safe for you and your patients.

1. Use a firewall
Most of us have probably heard this term, but how many really know what a “firewall” is? Yet in a busy medical practice running multiple workstations, “the basic foundation of a network is [having] a good firewall,” says Kyle Chang, manager of IT services with The Coker Group, a healthcare management consulting firm in Alpharetta, Ga.

Basically, a firewall is a software application that monitors information passing into and out of your network. Based on a set of rules that you define, your firewall determines whether certain network traffic is allowed to pass. If someone tries to access your network without a password or network key, the firewall stops them. If another program or application attempts to establish an unauthorized connection to your network, the firewall blocks that connection.

It can work in reverse, too. Say an employee tries to access a personal Web site during work hours. Or maybe he or she wants to download an instant messaging program to talk to friends. Depending on how your firewall is set up, you can restrict access to certain Web sites and prevent employees from downloading and installing specific programs on your office computers. Not only does that help keep employees focused on their work, it can also protect your computers from falling victim to incoming viruses that might disable your network completely.

Chang recommends that practices use some of the better-known firewall software packages from reputable manufacturers such as Cisco, 3Com, or SonicWALL. The important thing is to have a firewall that you know will work — and to use it.

And since we’re on the subject of viruses, make sure you run antivirus software on your system. “I don’t care if you have just one laptop, and you are a solo doc,” says Cynthia Dunn, senior consultant for the Medical Group Management Association Health Care Consulting Group. “That’s fine, but it better have antivirus software on it.”

The best antivirus software runs continuously and can automatically detect and download updates so your network is always protected against the latest viruses. Check out some of the more popular programs like McAfee VirusScan or Norton Internet Security to keep yourself safe.

2. Encrypt it
If you use e-mail, chances are that your practice is sending sensitive patient information electronically. The problem is that e-mail gets routed to a lot of different places before it travels from your practice to a patient’s inbox. Along the way, anyone could intercept that e-mail and read what you have written.

“You’re going to have to talk to a vendor about encryption if you’re going to send patient information,” says Dunn. “You are required to protect that e-mail if somebody else has the ability to get it.”

There are a number of programs you can use to encrypt e-mails. All of them involve the same basic principle: sharing a code with patients so that they can decipher the e-mail messages you send to them. If they send e-mails in return, then you also want to make sure they’re encrypting their own information. So not only will you need an encryption program for your e-mails, but you should also advise your patients to install one of their own so they can send and decipher e-mails from you. Once you set up the encryption program, it’s a good idea to give your patients written instructions or let them call with questions about how to download and install an encryption program on their personal computers …



Additional Resources
View more articles from the April 2008 issue

View more articles related to Technology

 
 


 

Home | Contact Us | Subscribe  | Site Map | Disclaimer | Privacy Policy | Change Zip Code
CancerNetwork | ConsultantLive | Diagnostic Imaging | Psychiatric Times
 SearchMedica

 Subscribe to Physicians Practice RSS

Connect with Physicians Practice on

           

Copyright © 2009 CMPMedica LLC, a United Business Media company.

 
 
-- Advertisement --

What do you think?
Comment now!

In Summary
The world of computer network security is confusing and always changing, but medical practices don’t need IT certification to understand how to keep their patient and practice information secure from prying eyes. Be sure to:

  • Install a firewall to restrict outside access to your system.

  • Encrypt e-mails when sending messages to people outside your network, and establish a Web site where individual patients can log in to access their personal information.

  • Ask your existing software vendors what security measures they offer.

  • Back up your practice’s network data to multiple sources both on- and off-site.

  • Establish firm guidelines for employee computer use and stick to them.

  •  
    Read More About It
    For more information on securing your electronic data check-out the following articles:

  • Plug security gaps you may not know exist by reading “Data Security for Non-Techies.”

  • PCs aren’t the only potential portals for information leaks. What about portable devices, like cell phones? See “New Technologies in the Workplace: Blessing or Curse?” to get the whole story.

  • How safe are your computers from external attacks? Read “Hack Attack” to find out.