Many practices lament that they don't have the money or resources to manage the security of complex data systems and protected health information (PHI). According to security expert, Aaron Ross, owner of IT Is Prepared, a New York-based IT security firm, it is unnecessary for small practices to spend thousands of dollars on IT security. He says security involves simple things like installing virus protection and tracking software, limiting staff access to the Internet, and training them to think and act proactively about data security.
Ross' company has developed an easy mnemonic for medical practices to distribute to their staff members called "CHILLED." "The goal of the sheet … is to teach them how to keep [information] safe," he says.