Whether you work in a medical office or are a business associate, they all rely heavily on the software they use for patient care. The reason software developers send out periodic updates is because more than likely a vulnerability has been discovered and the “patch” or “update” will mitigate the issue. Vulnerabilities come in a variety of types including electronic health records (EHRs), operating systems, custom software, databases, email, and even Java and Adobe Flash. Each program will have its own type of vulnerabilities. Unpatched software poses to a threat to ePHI and updating is required under HIPAA. Routers, phones, servers, and even some refrigerators have firmware that must be updated as well.
When discussing routers, it is important to mention that all routers come with default settings, including a username and password. These must be changed, otherwise they can be hacked. Routers also need to be rebooted or reset sometimes, depending on the type of vulnerability that has surfaced. Malware can infect not only your phone and computers, but also your router. It is imperative that you have an experienced IT professional that is current on these issues. Long gone are the days of plug and play. Although it is not difficult to set up a computer or a network, securing it is a whole new game.
Even if you utilize a cloud based system, the devices you use to access your system can be compromised. If you haven’t done so already, you should invest in a qualified IT vendor that will secure and monitor your computers and network. The data that your patients have entrusted you with is sought after in many areas. It is required under HIPAA to have reasonable and appropriate safeguards in place, but besides that… it’s the right thing to do!
For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467.
“Simplifying HIPAA through Partnership, Education, and Support”