Can you spot the 4 IT security vulnerabilities in this medical office?
We’ve blogged quite a bit about healthcare and IT topics — everything from frightening medical data breaches to what HITECH is and disaster recovery planning for doctors. Let’s put that newfound knowledge to work. Can you spot the four IT security vulnerabilities in this medical office? Give it your best shot. We’ll wait. Then we — your friendly tech experts at Frontier IT in Colorado Springs — will fill you in on what you missed. (We wouldn’t leave you hanging!)
Take your time. We’re waiting.
Ready? Were you able to find all four? Let’s review.
The router (fourth floor): In the IT world, routers are known for their vulnerabilities, including their ability to be exploited for denial of service (DoS) attacks and data breaches. Given the crucial nature of medical data, doctors, hospitals and other medical providers must ensure their routers are secure and that their data is backed up offsite in case of disaster.
The patient-facing monitor (second floor): On the second floor a monitor displaying a patient’s medical record is facing another patient. This is a breach of HITECH, the tech portion of HIPAA. Violations can cost businesses anywhere from tens of thousands to even millions of dollars each year.
The thumb drive (fourth floor): It seems innocent enough, right? But a thumb drive with patient data, left unsecured, can spell big trouble for medical providers. Case in point: In 2015, a backup drive belonging to Akron Children’s Hospital in Ohio was misplaced. On it: the voice recordings of dispatchers and hospital workers during the medical transport of nearly 8,000 pediatric patients. Data potentially exposed included names, dates of transport, chief medical complaints and physician names — a potentially expensive HIPAA violation that was, no doubt, personally devastating to patients and parents.
The sign-in clipboard (second floor): Asking your patients to sign in on a clipboard with name and medical condition? That’s a HIPAA violation, according to the U.S. Department of Health and Human Services (HHS), which states that a “sign-in sheet may not display medical information that is not necessary for the purpose of signing in (e.g., the medical problem for which the patient is seeing the physician).”
What’s a medical provider to do? You’re fantastic at medicine; you can’t be expected to excel at everything. Our advice: Contact a managed service provider, or MSP. MSPs partner with small- to mid-sized businesses to offer IT services like disaster recovery/backup, help desk support, server/network monitoring and HITECH-compliance consulting in an affordable, à la carte fashion.
Don’t risk your reputation, your business’ profitability and your patients’ lives by being lax with IT security. Contact an MSP experienced in working with medical providers like Frontier IT today.
About Frontier IT & HIPAA/HITECH
Frontier IT is a Colorado-based B2B managed IT services provider trusted by hundreds of customers and their employees throughout the Front Range. We provide a powerhouse of technical capacity and experience to our customers, who outsource their mission-critical IT requirements.
Frontier IT’s extensive security policies and procedures are audited by a third party to ensure HIPAA compliance. These policies and procedures are put in place to protect customers’ ePHI. All employees of Frontier IT are individually tested annually to verify that they understand HIPAA guidelines and follow all policies and procedures implemented by Frontier IT.
Like what you read? Looking for additional tips and tricks to help small business owners succeed? Check out more of our blog posts here.