SlideShare ist ein Scribd-Unternehmen logo

How To Build A Secure Foundation For Electronic Health Records Cm101244

E
Erik Ginalick
1 von 2
Downloaden Sie, um offline zu lesen
How to Build a Secure Foundation for Electronic Health Records An Interview with Healthcare IT Expert Mark Rein Healthcare providers have been dealing with the Health is going to be moved to electronic form. With Information Privacy and Accountability Act (HIPAA) for EHRs, your systems have to be available 24/7, so more than a decade. Now, new requirements designed you have to have a higher-performing network, to protect electronic health records (EHRs), including the much more diligent security methodologies and HIPAA Security Rule and HITECH Act, are adding another technology and an enhanced ability to perform set of challenges. As an IT executive with extensive backup and recovery. You also need a business experience implementing new technologies and processes continuity plan to ensure that your practice can for healthcare organizations, Mark Rein has seen the stay up and running and maintain access to patient challenges from the inside. In this interview he provides records even if something like a power outage some important pointers for keeping records secure. occurs. Q Most healthcare providers are focused on taking care of patients, not technology or Q What is the biggest risk? data security—where do they begin? A Wireless networks are a frequent source of A vulnerability. Someone from the outside might One of the important early steps is to establish be trolling for information. Another problem, your policies and procedures for voice and data unfortunately, is that someone on the inside could services. You need to know who has remote steal the information. Credit card information can access to patient data and how you can securely be stolen and sold on the Internet, and someone grant them that access. Service providers can help who taps into patient records can take Social with this, because you want to make sure you have Security numbers and dates of birth, and sell them multiple inroads via the Internet to your facility. or use them to apply for credit cards and loans. Q What particular issues are there for practices that are using or moving toward electronic health records? Q So where should a doctor’s office or lab start when it comes to protecting their data? A A Well, here’s the scary thing: Many of them haven’t Providers need to have their network environment started at all. If we entered any medical office prepped well before they ever move to EHRs. A building right now, I guarantee that I could break lot of changes need to take place, beginning with into 20% of their wireless networks because they the fact that you can’t have an inexpensive, non- have no wireless network security. redundant network if all your patient information ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101244 07/11
Q None at all? Q Health care providers are facing new, more stringent regulations related to data security. A None. Small offices and laboratories have to What is the best way for them to ensure recognize that spending money to secure their continued compliance? networks is the cost of doing business. It’s something that has to be done, like buying a desk and buying a chair and paying the electric bill. If A Initially, they are going to need to hire someone to help them set up and configure their network. Today, data security and compliance are simply you don’t spend money upfront to protect your too complicated for small and midsize practices to networks, you can become liable for the loss of go it alone. It’s not something you can learn from patient data. a book or trust to a non-professional. A number of managed service providers can set up networks Q It’s tempting for smaller practices to avoid and ensure compliance with security regulations, those expenses, but you’re saying it’s a risk which allows healthcare providers to focus on the they can’t afford to take. needs of their patients and their practice. A Exactly. And that’s especially true now, as we’re moving to electronic health records and other systems that automate transactions and enable Q What should healthcare providers look for in a vendor if they want to hire a managed health facilities to share information. Just one hole security service or bring in consulting in your network could give someone illegal access support? A to private patient data. They need to look at which compliance arm they’re under, whether it’s HIPAA, Sarbanes-Oxley or Q Some practices are now using portable PCI, and then find an organization that specializes devices like tablets and smart phones. What in helping them meet their specific compliance security precautions do they need for those regulations. I would start with an overall security portable devices? assessment that looks at your current architecture. You’ll probably catch 80% of HIPAA-related A Anytime you have a device with access to information, you have to make sure that it is password protected. That’s usually the first infractions through that analysis. problem. Doctors take the devices with them from Mark Rein, Vice President of office to office or hospital to hospital, and they Information Technology, ACDI/VOCA often keep the passwords inside the device or With nearly two decades working in physically taped to the device. The first step is you information technology, including seven have to make sure the passwords are secure. A years in hospitals, Mark Rein brings unique more sophisticated method of authentication may insights to the issues that are important be called for as well, in which case they could look to healthcare providers. His expertise spans voice and at using smart-card technology. A smart card is like data voice networks, security, call centers and disaster an ATM card for a computer or portable device, recovery/business continuity. In his current role as Vice which can be inserted or put in proximity to your President of Information Technology for ACDI/VOCA, a device to authenticate the user and provide secure private non-profit organization, Mark leads the strategy to access. Another option is biometric technology, provide IT and telecommunications support for 200 offices which relies on a personal characteristic, such as a in third world countries worldwide. thumbprint, to verify the user’s identity. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101244 07/11

Empfohlen

Rotary seal series
Rotary seal seriesRotary seal series
Rotary seal series
Banana Yuan
 
Mb
MbMb
Mb
p3771
 
Agra
AgraAgra
Agra
Fabrizio Pontiggia
 
02.09 o sr. aparício
02.09 o sr. aparício02.09 o sr. aparício
02.09 o sr. aparício
Masterliduina Moreira
 
Lepra
LepraLepra
Lepra
Espaço Emrc
 
Guidance en publico 30 ene20120001
Guidance en publico 30 ene20120001Guidance en publico 30 ene20120001
Guidance en publico 30 ene20120001
Anselmo Sánchez Héctor
 
Spg
SpgSpg
Spg
Banana Yuan
 
Correlación
CorrelaciónCorrelación
Correlación
Pamee Garcia
 

Empfohlen

Rotary seal series
Rotary seal seriesRotary seal series
Rotary seal series
Banana Yuan
 
Mb
MbMb
Mb
p3771
 
Agra
AgraAgra
Agra
Fabrizio Pontiggia
 
02.09 o sr. aparício
02.09 o sr. aparício02.09 o sr. aparício
02.09 o sr. aparício
Masterliduina Moreira
 
Lepra
LepraLepra
Lepra
Espaço Emrc
 
Guidance en publico 30 ene20120001
Guidance en publico 30 ene20120001Guidance en publico 30 ene20120001
Guidance en publico 30 ene20120001
Anselmo Sánchez Héctor
 
Spg
SpgSpg
Spg
Banana Yuan
 
Correlación
CorrelaciónCorrelación
Correlación
Pamee Garcia
 
Teoría general de las obligaciones
Teoría general de las obligacionesTeoría general de las obligaciones
Teoría general de las obligaciones
dario gutierrez
 
Presentación1 francisco
Presentación1 franciscoPresentación1 francisco
Presentación1 francisco
Francisco Franco
 
Secuencia biologia kelly kerly
Secuencia biologia kelly kerlySecuencia biologia kelly kerly
Secuencia biologia kelly kerly
kellis alvarez yepes
 
Acampada libre en españa gr 11 ruta transpirenáica
Acampada libre en españa gr 11 ruta transpirenáica Acampada libre en españa gr 11 ruta transpirenáica
Acampada libre en españa gr 11 ruta transpirenáica
Jorge Gimeno M
 
FINAL DOC f
FINAL DOC fFINAL DOC f
FINAL DOC f
Ayush Kumar
 
Surviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul IntactSurviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul Intact
James Parks
 
Lapres 2
Lapres 2Lapres 2
Lapres 2
Abrianto Nugraha
 
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
 
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
 
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
 
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
 
The Worry Free Network Wp091050
The Worry Free Network Wp091050The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
 
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
 
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
 
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Erik Ginalick
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
Plan For Success White Paper
Plan For Success White PaperPlan For Success White Paper
Plan For Success White Paper
Erik Ginalick
 
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Erik Ginalick
 

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (7)

Teoría general de las obligaciones
Teoría general de las obligacionesTeoría general de las obligaciones
Teoría general de las obligaciones
 
Presentación1 francisco
Presentación1 franciscoPresentación1 francisco
Presentación1 francisco
 
Secuencia biologia kelly kerly
Secuencia biologia kelly kerlySecuencia biologia kelly kerly
Secuencia biologia kelly kerly
 
Acampada libre en españa gr 11 ruta transpirenáica
Acampada libre en españa gr 11 ruta transpirenáica Acampada libre en españa gr 11 ruta transpirenáica
Acampada libre en españa gr 11 ruta transpirenáica
 
FINAL DOC f
FINAL DOC fFINAL DOC f
FINAL DOC f
 
Surviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul IntactSurviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul Intact
 
Lapres 2
Lapres 2Lapres 2
Lapres 2
 

Mehr von Erik Ginalick

Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
 
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
 
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
 
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
 
The Worry Free Network Wp091050
The Worry Free Network Wp091050The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
 
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
 
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
 
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Erik Ginalick
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
Plan For Success White Paper
Plan For Success White PaperPlan For Success White Paper
Plan For Success White Paper
Erik Ginalick
 
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Erik Ginalick
 
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Erik Ginalick
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
 
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Erik Ginalick
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Erik Ginalick
 

Mehr von Erik Ginalick (20)

Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
 
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
 
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
 
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
 
The Worry Free Network Wp091050
The Worry Free Network Wp091050The Worry Free Network Wp091050
The Worry Free Network Wp091050
 
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
 
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
 
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Plan For Success White Paper
Plan For Success White PaperPlan For Success White Paper
Plan For Success White Paper
 
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
 
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
 

How To Build A Secure Foundation For Electronic Health Records Cm101244

  • 1. How to Build a Secure Foundation for Electronic Health Records An Interview with Healthcare IT Expert Mark Rein Healthcare providers have been dealing with the Health is going to be moved to electronic form. With Information Privacy and Accountability Act (HIPAA) for EHRs, your systems have to be available 24/7, so more than a decade. Now, new requirements designed you have to have a higher-performing network, to protect electronic health records (EHRs), including the much more diligent security methodologies and HIPAA Security Rule and HITECH Act, are adding another technology and an enhanced ability to perform set of challenges. As an IT executive with extensive backup and recovery. You also need a business experience implementing new technologies and processes continuity plan to ensure that your practice can for healthcare organizations, Mark Rein has seen the stay up and running and maintain access to patient challenges from the inside. In this interview he provides records even if something like a power outage some important pointers for keeping records secure. occurs. Q Most healthcare providers are focused on taking care of patients, not technology or Q What is the biggest risk? data security—where do they begin? A Wireless networks are a frequent source of A vulnerability. Someone from the outside might One of the important early steps is to establish be trolling for information. Another problem, your policies and procedures for voice and data unfortunately, is that someone on the inside could services. You need to know who has remote steal the information. Credit card information can access to patient data and how you can securely be stolen and sold on the Internet, and someone grant them that access. Service providers can help who taps into patient records can take Social with this, because you want to make sure you have Security numbers and dates of birth, and sell them multiple inroads via the Internet to your facility. or use them to apply for credit cards and loans. Q What particular issues are there for practices that are using or moving toward electronic health records? Q So where should a doctor’s office or lab start when it comes to protecting their data? A A Well, here’s the scary thing: Many of them haven’t Providers need to have their network environment started at all. If we entered any medical office prepped well before they ever move to EHRs. A building right now, I guarantee that I could break lot of changes need to take place, beginning with into 20% of their wireless networks because they the fact that you can’t have an inexpensive, non- have no wireless network security. redundant network if all your patient information ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101244 07/11
  • 2. Q None at all? Q Health care providers are facing new, more stringent regulations related to data security. A None. Small offices and laboratories have to What is the best way for them to ensure recognize that spending money to secure their continued compliance? networks is the cost of doing business. It’s something that has to be done, like buying a desk and buying a chair and paying the electric bill. If A Initially, they are going to need to hire someone to help them set up and configure their network. Today, data security and compliance are simply you don’t spend money upfront to protect your too complicated for small and midsize practices to networks, you can become liable for the loss of go it alone. It’s not something you can learn from patient data. a book or trust to a non-professional. A number of managed service providers can set up networks Q It’s tempting for smaller practices to avoid and ensure compliance with security regulations, those expenses, but you’re saying it’s a risk which allows healthcare providers to focus on the they can’t afford to take. needs of their patients and their practice. A Exactly. And that’s especially true now, as we’re moving to electronic health records and other systems that automate transactions and enable Q What should healthcare providers look for in a vendor if they want to hire a managed health facilities to share information. Just one hole security service or bring in consulting in your network could give someone illegal access support? A to private patient data. They need to look at which compliance arm they’re under, whether it’s HIPAA, Sarbanes-Oxley or Q Some practices are now using portable PCI, and then find an organization that specializes devices like tablets and smart phones. What in helping them meet their specific compliance security precautions do they need for those regulations. I would start with an overall security portable devices? assessment that looks at your current architecture. You’ll probably catch 80% of HIPAA-related A Anytime you have a device with access to information, you have to make sure that it is password protected. That’s usually the first infractions through that analysis. problem. Doctors take the devices with them from Mark Rein, Vice President of office to office or hospital to hospital, and they Information Technology, ACDI/VOCA often keep the passwords inside the device or With nearly two decades working in physically taped to the device. The first step is you information technology, including seven have to make sure the passwords are secure. A years in hospitals, Mark Rein brings unique more sophisticated method of authentication may insights to the issues that are important be called for as well, in which case they could look to healthcare providers. His expertise spans voice and at using smart-card technology. A smart card is like data voice networks, security, call centers and disaster an ATM card for a computer or portable device, recovery/business continuity. In his current role as Vice which can be inserted or put in proximity to your President of Information Technology for ACDI/VOCA, a device to authenticate the user and provide secure private non-profit organization, Mark leads the strategy to access. Another option is biometric technology, provide IT and telecommunications support for 200 offices which relies on a personal characteristic, such as a in third world countries worldwide. thumbprint, to verify the user’s identity. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101244 07/11