During last weekend's movie night we watched Big Hero 6 (for the 10th time) with the kids; this time with critical eye I realized how Disney is able to portrait many common practices of medical facilities that are not HIPAA compliant.
At some point during the movie, Baymax (the good guy)projects Mr. Kabuki's (the bad guy) diagnostic chart to a crowd of people. The conversation denotes the medical scan was taken without authorization and viewers of the chart are assumed not to have a Business Associate Agreement.
- Every computer at a medical facility must have password lock and idle time out;
- If people other than the clinical employee can see the screen it is suggested to put a privacy cover that prevents prying eyes from seeing the screen from an angle.
Employees or associates being exposed to PHI must have a signed BAA
- Every person accessing PHI should be able to be traced with systems established by the practice.
Unencrypted PHI Containers:
Some scenes show how Baymax's hard drive is easily removed, plugged into a computer and read without needing a password.
- Rules dictate computing systems containing PHI must be locked down or stored in an area where they cannot be easily stolen.
- Mobile systems such as laptops and tablets must be encrypted and password protected.
Lack of Backup:
Spoiler alert; Baymax gets destroyed at the end of the movie, so is the medical data it carried within.
Medical facilities have the obligation of keeping medical records for a set number of years.
A backup solution managed by an Information Technology professional company is the best option (like iEple LLC) as they will monitor backup jobs and ensure systems can hold the data securely.
In summary, think about improving your practice security by taking care of these 3 simple steps, one at the time.
1. Protect Medical Records from prying eyes: Privacy shades on monitors and idle time out.
2. Encrypt your computer systems and set passwords for each employee
3. Obtain a backup solution adequate for your practice.
Call iEple today and finally get the peace of mind and savings your practice need.
1 (866) 781 4009
If you run your own Medical Practice, chances are, you spend quite some time figuring out which EHR and EMR was convenient for you, and among the options for Cloud (hosted somewhere else) or your own server; you had decided to host it in your own server for different reasons:
But how about Security?... yes, at this point you are hating this post as HIPAA, Meaningful use and all compliance nightmares may wake u up again; but let's embrace it, You need to know about this things and review it once in a while. Think of all your patients you wish they have taken the initiative to get a routine check instead of coming to your practice half dead and expecting you to bring them to their early twenties.
As I.T. Professionals with years of experience helping Medical Practices and I.T. Security, have come across several EMR and EHR plataforms hosted on premises at Medical Practices and we are sad to tell you, they are not safe out of the box; there are many loose ends that need to be covered in your network to try to stay away from data breaches that EMR and EHR developers not even consider because is not their responsibility.
We don't intend to say you will be fully protected and not liable by following this guide, but at least we try to cover the most typical areas where most common attacks are targeted.
Call us at 1-866-781-4009 for a free consultation and free no obligation on-site inspection.
Deploy dozens of computers in minutes with iEple's BioGreenPC
Enterprise I.T. Support for ALL