Jun
28
Written by:
tanyamack
6/28/2010 9:27 AM
Healthcare IT is everywhere this month. Last week was National Healthcare IT week and the ONC announced that they had posted the final ruling on temporary certification goals and requirements in the field. (Check out the rulings here). With all of this activity the word coming up repeatedly is: SECURITY. In physician practices, I still see computers with no password protection, multiple users sharing the same admin password, providers making enterprise wide decisions with little thought or knowledge on how to build their security module, and workstations in common clinical areas that remain logged on after the providers left! On top of all this, Health Information Exchanges (HIE’s) are repositories that will be yet another convoluted “pipeline” where Protected Health Information (PHI) will flow between systems. I visited a very well known national entity this past week and found they had no written internet/communication policy for system security. Meaningful use continues to be a hot topic, as all are waiting for the imminent arrival of standards, yet few of the standards are related to security and protection of the PHI itself. It is time to check out your policies and hold users accountable for adhering to them. Here are a few tips to get you started:
- Review and update your organization’s communication/security/ IT policy
- Set your system so passwords are routinely changed
- Make sure your firewall is working and up to standards
- Perform a spot check audit to see if users share a common password inside of clinical applications
- Train users to logout when they are finished at a work station
- Have System Admin and Human Resources work together to remove former employees from the EHR security system and document the changes
- Forbid jump drives to be used on computers that are in your network (email virus protection will not catch these and they effectively bypass your firewall)
- Discuss and make conscious decisions in your practice about who needs access to what data.
Take the time to make security corrections now before there is a problem with a HIPAA violation!