Physician IT: Security & Continuity Advice for your Practice
-
Upload
konsultek -
Category
Technology
-
view
810 -
download
1
description
Transcript of Physician IT: Security & Continuity Advice for your Practice
Physician ITWhy “Set and Forget” Can’t be Your Practice’s
Approach to Health Information Security and Continuity
Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE
www.konsultek.com847.426.9355
Physician IT: Two Primary Concerns
• Pracitce Continuity– Front Office– Back Office– Diagnostic Equipment
• Practice Security– HIPAA Security Rule– EHR
www.konsultek.com847.426.9355
What is Practice Continuity?
IT Practice Continuity• Practice Continuity refers to an organization’s
ability to keep vital business operations running at or near normal capacities in the event of infrastructure failure.
www.konsultek.com847.426.9355
Source: Strategic Research Corp.
Leading causes of BCDR disruptions, by percentage
44% Hardware Failure
32% Human Error
14% Software/Firmware Errors
7% Virus/Security Breach
3% Natural Disaster
Source: Strategic Research Corp.
Leading causes of BCDR disruptions, by percentage
44% Hardware Failure
32% Human Error
14% Software/Firmware Errors
7% Virus/Security Breach
3% Natural Disaster
www.konsultek.com847.426.9355
Leading Causes of Continuity Disruptions
Physician IT: The Security Timeline
• 1996 Health Insurance Portability and Accountability Act (HIPAA) enacted
• 2003 Health and Human Services Develops the HIPAA Security Rule
• 2009 Obama administration declares that a Cyber Czar will be appointed
www.konsultek.com847.426.9355
Physician IT: The HIPAA Security Rule
• Designed to ensure the confidentiality, integrity, and availability of electronic protected health information (EPHI)
www.konsultek.com847.426.9355
Physician IT: The Security Rule has 3 Controls
1. Technical safeguards designed to protect data and control access to information by individuals as well as guarding unauthorized access via an information network.
2. Physical safeguards designed to protect data from the hazards of fire, weather, environment, or intrusion.
3. Administrative safeguards designed to document formal policies and practices for data protection, including the organization's security management process, and implementation specifications.
www.konsultek.com847.426.9355
Physician IT: Technical Safeguards encompass 5 specific areas
1. HIPAA Access Control Standard2. HIPAA Audit Controls Standard 3. HIPAA Integrity Standard 4. HIPAA Person or Entity Authentication
Standard 5. HIPAA Transmission Security Standard
www.konsultek.com847.426.9355
Physician IT: An Iterative Process
"Each time you add new functionality to your Physician IT infrastructure you must
reassess your security and continuity"
www.konsultek.com847.426.9355
Physician IT: Have You Added Functionality?
• New billing software• Practice management software • Hardware such as servers, workstations• New diagnostic equipment• Laptops or PDAs,
You must reassess the environment and make changes to ensure security and compliance!
www.konsultek.com847.426.9355
Physician IT: Practice Continuity is Imperative
"Disruption of service even for just a few minutes can have potentially life-
threatening implications"
www.konsultek.com847.426.9355
Avoid Security and Continuity Problems!
Make more sense of the HIPAA Security Rule and get a full appreciation of practice continuity challenges by
requesting the 12 page white paper below.
“Is There an IT Doctor in the House?”
Dealing With Continuity and HIPAA Security Rule
Challenges in a Small Healthcare Practice
Get it herePhysician IT
www.konsultek.com847.426.9355
Konsultek
We take the pain out of your healthcare practice’s IT security
and continuity.
www.konsultek.com847.426.9355
Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE