The Three Pillars of Security

The security risk analysis is one of the big pain points for providers participating in meaningful use, but it doesn’t have to be. In fact, implementing a yearly security risk analysis is a good business practice, whether or not you are participating in meaningful use. While you will never be able to completely protect your practice from every security risk, you can take steps to minimize foreseeable risks.

Security risk analysis is like a three-legged stool. If any of the legs is missing, the stool will fall over:

  • Confidentiality —Keeping health information secure, preventing unauthorized disclosure or access
  • Integrity—Ensuring information is complete, current, and accurate
  • Availability—Making sure information is available when it’s needed

Confidentiality is typically the primary factor considered when conducting a security risk analysis. You must take reasonable steps to protect your patients’ information from unauthorized access, either intentional (hackers/theft) or not (untrained staff). To protect confidentiality, be sure to use secure computer passwords, encrypt data, put locks on doors, and train staff on properly handling patient records.

Integrity is the second leg of the stool and is equally as important as confidentiality. You must ensure that your patients’ data is a true and accurate record of their health. If a patient’s record is tampered with, intentionally or not, that unreliable record undermines your ability, and other providers’ ability, to properly treat that patient. Consider, for example, how disastrous it would be if someone accidentally deleted a documented allergy from a patient’s record. How would it affect your ability to care for your patients if you could not be confident in the correctness of your patients’ records? To protect the integrity of your patients’ records, implement role-based security and audit logs in your software to help ensure only authorized and qualified personnel have access to update patients’ health information.

The third leg of the stool is availability. Your patients’ records, no matter how secure and accurate, are useless if they cannot be accessed by authorized individuals when needed. Consider what would happen if your office were damaged by a fire or a flood. How would you restore and access your patients’ records and how long would it take? And how is health information accessed, if needed, while you’re unavailable? You need to take steps to ensure health information is accessible in a timely manner to authorized users when needed. To ensure availability, maintain current offsite backups, replace and update computer hardware, and enable emergency access features in your practice management and EHR.

In our next article on security, we’ll discuss how to determine what steps you must take to protect patient data given limited time and resources. In the meantime, check out the Department of Health and Human Services’ tools and videos to help you complete your security risk analysis

Have questions about meaningful use? Contact us at meaningfuluse@eyefinity.com

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Get Out of the Fog – Solution Models for Every Need

Andrew H. Lee, Senior Product Manager fogblog

Let’s consider the main solution model categories in practice management and how to best accommodate workflow needs.

It’s not one-size-fits-all, so you need the right information to make the right decision for YOUR practice.

  • Paper—Exactly as it sounds, all records are maintained in paper files. This can allow vulnerability to a number of risks, from theft or loss, to disasters such as flood or fire.
  • On-Premise—Software is installed on a server in your office. This provides more efficiency than a paper system, but can be very expensive and it limits access to your data. Plus, it can still leave you vulnerable to theft and disaster, as well as computer viruses, hardware failure, required software updates, and dedicated staff for IT needs.
  • Cloud-Hosted—3rd party hosting can alleviate many of the issues associated with paper-based operations or maintaining software in your office. Vulnerabilities are reduced, but this option can still be expensive depending on the solution.
  • Software-as-a-Service—Monthly subscription-based solutions can provide a highly economical and efficient means of practice management, and allow flexibility to access patient records anywhere, at any time, from any device.

In upcoming posts, we’ll take a more in-depth look at each of the models outlined above, so stay tuned.

Interested to see how easy and efficient practice management can be? Request a demo for Eyefinity Practice Management.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

EHR Optimization: Making the Most of a Disruptive Opportunity

“Physicians that move into the world of EHRs are reminiscent of when Dorothy entered Oz, going from a black & white world into color, says Steve Baker, president of Eyefinity. ‘Moving from paper

Steve Baker, President, Eyefinity

Steve Baker, President, Eyefinity

charts to EHR technologies is a very different world indeed, one that has new and strange things much like what Dorothy experienced.’” Read more for tips and ideas on how to optimize your EHR and make the most of a disruptive opportunity in this The Progressive Physician Article.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

 

EHR: Streamline Staff Work Flow, Improve Patient Care

cooper

Michelle Cooper, OD

Electronic health records systems can eliminate duplications and streamline the daily routines of your staff—letting you concentrate on improving patient care.

Read the entire article: EHR: Streamline Staff Work Flow, Improve Patient Care

Reprinted with permission from Review of Optometric Business.

Request a FREE demo of Eyefintiy EHR today!

Get Out of the Fog, Stay Safe in the Cloud – Part 2

Andrew H. Lee, Senior Product Managerfogblog_security_150px

You know that cloud-based solutions add greater protection from security risks, but it’s important to consider the correct criteria to be sure you select the solution that best fits your needs.   Here are five key takeaways:

  1. Password Policies –Strict password policy requirements are imperative to protect your data. For greater security, password requirements should include a minimum length, alpha-numeric character combinations, and lock-outs after failed login attempts. Be clever when setting your passwords.
  2. Time-outs when idle – Make sure your system automatically times out if you leave your system idle for more than 10 minutes.
  3. Encryption – Make sure your cloud solution encrypts the patient data. Look for encryption of at least 128 bit.
  4. Enterprise-Grade Hosting –An Enterprise-grade hosting facility such as Amazon is recommended to assure greater security.
  5. 3rd Party Audits – Find a vendor who has taken a proactive approach to security by arranging to be audited to identify areas of risk and has made the investment to secure all backdoor vulnerabilities (i.e.: PLYNT Security Testing Verification & Certification).

While there are no guarantees in protection from hackers, it is important to reduce the risks associated with maintaining patient health information. The right cloud solution can significantly reduce the risk.

Next in our cloud series, we’ll look at cloud models, so stay tuned.

Is your practice management solution living up to your needs for today and beyond? We’d like to hear from you as we shape the future of practice management.
Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Cloud Technology in a Flash

blog_stopwatchThe second installment in our series of posts about cloud technology. Now let’s look at speed and bandwidth.

by Eyefinity Senior Product Manager Andrew Lee

Better Use of Time
A cloud-based system can save you time, by removing hardware issues from your practice and providing readily accessible records, but what’s required?

The Need for Speed
Internet speed can be a significant factor. Before taking the leap to the cloud, ask providers about bandwidth requirements for their solutions. This is important when evaluating the cost of a practice management solution. If you’re required to subscribe to a very high-speed internet service, that’s a red flag. This could add hundreds of dollars every month, and suddenly what seemed like a low monthly cost for the practice management system, is drastically inflated.

We recommend a minimum of 3 Mbps (Megabits per second) download and 1.5 Mbps upload speeds. For optimal performance, you’ll want 3 – 6 Mbps, depending on the number of doctors and staff in your office.   Check your current speeds at www.speedtest.net.

Ask the Right Questions
Some practice management solutions require speeds up to 20 mbps, and have response times up to 30 seconds, so be sure to ask what’s required, and how fast the system will respond. A web-based system should respond within a couple of seconds, and an optimized system should average less than one second.

Up next, unlocking the secret to security in the cloud.

We want to hear from YOU.
With your input, the next level of practice management solutions will be everything you want and need it to be. Learn more.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

The Potential of Google Glass

MattAlpertOD_IMG2

You’ve heard of Google Glass, right? Been thinking about how it might be used in your practice? Check out the article in EYE2 to see more about one of the most exciting technologies in the last decade with so much potential for VSP network providers. Matthew Alpert, OD and VSP board member shares that, “Glass has many potential benefits for the profession of optometry and the patients VSP serves.”

Read article here.