The healthcare industry is perhaps the most far behind in terms of adopting information technology. In addition to stimulating the economy, the American Recovery and Reinvestment Act (ARRA) allocates substantial funding to help the healthcare industry implement Electronic Medical Records (EMRs) and supporting IT infrastructure. Although the ARRA will help bring healthcare into the 21st century, it may create more problems.
The Time is Now, a recent study by Deloitte, finds the healthcare industry is not prepared to deal with security challenges that will result from the ARRA stimulus. EMRs and information technology, like computers, internet connections, and local office networks provide many benefits, and are critical for physicians that want to participate in the ARRA stimulus package. However, a computerized office introduces security risks that physicians and their staff will have to address.
Many people are familiar with stories about hospitals getting hacked, or leaking confidential patient information onto the internet. The risk of data theft or loss is real, even for small practices. Losing or having your data stolen can have terrible consequences for your practice. If a hacker or malicious software steals or destroys your data, you may not be able to see patients. As a result, you could go out of business or face prosecution for HIPAA violations.
This shouldn’t scare you away from implementing an EMR or participating in the ARRA stimulus package. Managing security risks is not difficult, but it does require some planning and foresight. HIPAA regulations require that your practice create a “security management process,” that includes a risk analysis and risk management plan.
A risk analysis will help you determine the information security risks your practice faces. The most common risks are data loss through hardware failure, malicious acts, or disasters such as fires or floods. Risk management plans typically include local and offsite backups, deploying antivirus software, keeping your computers and software up to date, as well as staff education plans.
If you currently have an EMR or think you may purchase one soon, be sure to spend some time reading up on risk management. Just like you wouldn’t drive your car without a seatbelt, you shouldn’t have a computerized office without a risk management plan. If you’re unsure about how to start, contact your local IT support professional or EMR vendor. They will be able to help you draft a risk management plan, or at least point you in the right direction.
Read the article.
 |
Ryan Ricks
Security Officer |
2 Comments
Anthony Niehaus (http://ehrtech.info) - Jul 30, 2009
As a security specialist, I agree that the healthcare industry is years behind on the technology risks new health IT initiatives are opening up. For an industry that his historically not present to technology security risks, there are many health professionals that are adopting weak and insufficient IT platforms.
Pedram Aslmand, M.D. - Oct 29, 2009
This was an area of concern for me, as we implemented an online presence for my practice. It really helped to interview several security consultants, before we picked someone to help us get the security right. This article is spot on: plan well.