|
|
|
Search
06/09/2015 Michael L. Brody, DPM
Computer Security (David E. Gurvis, DPM)
Dr. Gurvis has a number of valid concerns about the difficulty securing our records and the illusion of security. Most hackers and thieves of information are looking for financial information; this information is found in our practice management systems.
Most of us have used practice management systems for many years. Blaming the issues we face protecting our data should not be laid at the feet of EHR. We need computer security to protect our billing records as well as our EHR systems.
Completing a HIPAA Security Risk Analysis is a government requirement. We need to identify the risks to our data, and then address those risks. We must do everything that is REASONABLE to protect our data. We will need to spend reasonable amount of time, effort, and money to address those risks.
Reasonable means that we must take all steps that are within our resources. We should expect to spend approximately 10% of our IT budget on Cyber Security. Ask the question “What is my IT Budget? And how much is 10% of that?” That is the amount that we should spend on cyber security technology.
This process will not completely protect us from cybersecurity attacks, but it will make us compliant with the HIPAA Security Rule. The HIPAA Security Rule clearly state that if we have a HIPAA Breach, and we remediate that breach within 30 days we cannot be fined as long as we have properly completed our HIPAA Security Risk Analysis.
We carry malpractice practice because even if we do everything right something can go wrong. We need to look at the cyber risks in the same way. One of the best ways to manage that risk is with Cyber Security Insurance. My malpractice carrier, PICA, has started including Cyber Security Insurance with the policies that they are providing.
I recommend that each and every podiatrist consider checking with their malpractice carrier to see if there is any Cyber Security Insurance with their policy and what those limits are. If you find that you do not have this insurance or that the limits are below what you are comfortable with, you should consider purchasing this insurance for your practice.
If you have not yet completed a properly executed HIPAA Security Plan, there are many consultants that can assist you. The Manta Group and my company, TLD Systems both advertise on PM News and both can provide this service. Michael L. Brody, DPM, President and CEO TLD System
There are no more messages in this thread.
|
|
|
|