Through the passage of time, doctors have wielded incredible power to heal, comfort, and institute change to improve the quality of our lives. In the last 25 years, they have created an artificial heart, mapped the human genome, and harnessed the power of information technology. Digital access of critical data, vital records, and important research have led to improved safety, better care, and the ability to instantly interact with other physicians, caregivers, and hospitals when every second counts.
The technology is a tremendous leap forward, but are the security measures advancing at the same rate of innovation to protect your critical and private data? In many cases, independent medical practices, public and private hospitals, and residential care facilities lack or are lax in instilling the basic and fundamental IT security protocols necessary to safeguard your medical histories and records. It’s like receiving a heart transplant without knowing all the names, dosages, and schedules of the medication you need to keep the blood pumping. It’s not a matter of if there is a problem, it’s a matter of when the problem strikes and how catastrophic is the damage.
Dr. Harris (not his real name) has a small pediatric practice in the state of Connecticut. Over the last 20 years, he has built a solid reputation in the community administering to sick children, providing preventative care, and guiding kids toward healthy, nutritional, and exercise based lifestyles. He converted his intake process and medical record-keeping to a digital platform in order to provide better care, increase patient flow, and eliminate wasted time looking through paper files. The process was a success! He delivered better care, saw more patients, and said good-bye to the days of looking through the medical mountain of paper for the needle-in-the haystack until… his practice was hacked.
The good doctor skimped on the security function of his platform and believed that basic firewall protection utilized on his home computer was sufficient to safeguard his practice. Dr. Harris (not his real name) lost his practice within six months and faces multiple civil liability legalities because of the dissemination of private information and patient records. Hackers target small businesses, like medical practices, because they are easy targets and often lack the basics when it comes to online security protection.
In today’s marketplace, security breaches are the cost of a digital business platform and the penalties for non-compliance with HIPAA (Health Insurance Portability and Accountability Act) are only increasing over time. Through the 2009 HITECH (Health Information Technology for Clinical Health) Act, people with protected health information (PHI), including covered entities and 3rd party business associates, were found liable for fines up to $1.5 million dollars and potential criminal imprisonment.
What is a breach? A breach is an "unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information." It’s a broad definition and in the digital age it can be applied to numerous tragic situations that all begin with the click of a mouse and end with the closing of business doors. IT security is not only a legal obligation, but a necessity to ensure business survival.
A successful IT business protection platform can be broken down into three main facets: perimeter, enterprise, and endpoint security. Perimeter security comprises Unified Threat Management (UTM), Layer Seven Firewalls (NG), real time email scanning, email encryption, and a comprehensive suite of Web Filtering and Web Application protection to ensure a “defense in depth” layered security approach at your point of contact. Enterprise security entails database protection at home or traversing the web, network vulnerability assessments, and IP video surveillance to monitor potential employee and customer liabilities. Endpoint security provides a security solution for mobile users outside the bounds of your internal network through antivirus and malware protection, whole disk encryption, and secured remote access from any location.
Dr. Harris (not his real name) is a sad but unfortunately very common example of the pitfalls of doing business in the 21st century. Many businesses in multiple industries resort to bankruptcy within six months of a security breach incident. Medical practices and practitioners are held to extremely high codes of conduct regarding patient records and privacy, but like many business owners they often do not have the expertise or knowledge to know how to safeguard their information and liability comprehensively and economically.
As technology evolves and services to patients, clients, or customers improves over time, the liabilities for security non-compliance will continue to far outweigh the costs of implementing a secure, stable, and productive network infrastructure. Security is not an “if” problem, but a “when” reality and without a structured and layered solution every keystroke you enter could signal the attack that ends your business.
If you are a small business, educational institution, municipality, or any group looking for the best security products and services in Connecticut, please contact TBNG Consulting at (855) 512-4817 or fill out a customer service form to let us know how we can help you develop a security plan or evaluate your current security situation today.