Protected Health Information (PHI)

HIPAA requires I.T. controls to protect patient information at rest, during transmission and storage. This includes measures such as encryption, passwords and audit logging of access to all records. The patient records no longer consist of a chart of papers that would typically make its way through a physician’s office from storage, to the nurse, then to the physician, followed by billing and insurance. The new patient information is now each individual record that builds the full patient chart. Name, SSN, DOB are each a record as opposed to the previous paper chart which in its entirety was the record. To meet compliance each field in the electronic chart needs to be protected. Controls must be put in place to log access to electronic records.

But my EHR is in the cloud, aren’t they responsible for that stuff? The answer may surprise you!

Your cloud-based EHR vendor is only responsible for the data while it’s in their custody and control. But your network and systems can become an attack vector and give a hacker access to that data if they’re not protected adequately.

Non-stop EHR Access

Rapid access to patient information in case of an emergency has become the de-facto standard of care. The patient has access to an online portal with all their personal records, labs, diagnosis and results. They can choose to forward, review and give permission the physicians to help treat and diagnosis illnesses. Since the data can change daily, the traditional means of data protection no longer apply. We can’t wait on daily or weekly backups that take one snapshot in time. New systems allow backups as often as every hour and capture the significant changes in patient information as they are entered throughout the day. Furthermore, EHR access allows Dr’s full access to information during non-office hours in case of an emergency.

Innovation & Regulation Forces Growth in Healthcare

Regulations are driving Health Care Organizations (HCO) to implement and make larger investments in technology. Value-Based Reimbursement (VBR) and new ICD 9-10 requirements require systems and data analysis in place to review and managed charts and diagnosis. Billing is based on the accurate diagnosis and recording of the information followed by the secure transmission of data to insurance companies. Different EHR software force the development of new technologies to improve accessibility, integration and sharing of information betweenEHR/EMR systems.

Security & Compliance

While the benefit of easy data access for physicians has been a game changer it has also introduced great risk. The information in the patient charts is quite valuable as Cyber-criminals continue developing software to infiltrate physicians EHR systems and steal information. Cyber-criminals use the data and sell the information on the Darkweb. The Darkweb has become one of the world’s fastest growing industries. The option to pay and purchase information and the value of identity-theft transactions have increased significantly which puts intense pressure on HCO‘s to stay HIPAA compliant. HCO’s are now a prime target for cybercriminals.

Actions that are putting your Healthcare IT at risk.

System instability, slow performance, lack of protection all cost you time and money when there is a compromise or downtime. You can no-longer protect a practice by buying the cheapest firewall, the least expensive server and count on luck and prayers as your protection. There is a cost associated with everything, as a practice manager you have control of one. If your practice is compromised, you will pay for data recovery, lost revenue and downtime. Without minimizing the cost associated with anything having control and preemptively protecting your data, reducing downtime and data loss is much more controllable and ultimately, cheaper in the long run. A breach that exposes data and finds you out of compliance will cost your practice significant fines. Current fees up to $1.5 million are not out of the realm of possibility.

How IDACOMP makes the difference

IDACOMP provides a full set of IT services that cover everything from the end workstations, through the network, servers, into the cloud. Ongoing education of staff in the most current technologies allows our clients to benefit from state-of-the-art advances while minimizing their in-house spend on IT staff. Our clients can take advantage of outsourcing the mundane and labor-intensive maintenance of systems so that their staff can focus on important projects. Our staff can step in to assist with new projects and installs which your staff may have little experience. We are experts in new server technologies, cloud migrations, security and data protection. IDACOMP can provide the exact IT solutions that your practice needs.