As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts, often react with questions about what they are doing to fight this specific threat. Are they doing the right thing? What else could they be doing? How exposed are they?
WELCOME TO OUR BLOG
WE ALL AGREE THAT it is essential to the operations of modern medical practices,
but I find that often these investments in technology are reactionary.
Ten to 15 years ago a major push for moving to Electronic Medical Records
(EMR) inspired a number of practices to make significant investments in
IT infrastructure that most of them had never considered before. It was a
brave new world for most practices, and decision making was often done in
a spur of the moment fashion. Even more disconcerting was the fact that
many of the investments from these early adopting practices ended up being
overhauled for a variety of reasons, many of which had to do with not
“right sizing” the solution in the first place. Needless to say, this was not a
pleasant experience to be a part of, either internally or as a service provider
like I have been. The costs were out of control, unpredictable, and stressful
to deal with.
EVERYONE WHO MANAGES staff in a medical environment immediately becomes
a key decision maker when it comes to HIPAA compliance, whether
they realize it or not. Many data breaches do not occur because of technical
failures that come from a conscious attack on security systems, but by the
failures of personnel to properly control the access to patient health information.
Practice managers hand the keys to the vault of patient data to staff
members every day. Just like money in your bank account, sensitive data has
a real value, and anyone with access to it holds a serious responsibility.