What Makes a Great Pediatric EHR?
July 31, 2008
A great pediatrician is caring, attentive, available and knowledgeable; a great pediatric office is full of people with these qualities; and a great pediatric EHR allows the doctor and staff to demonstrate what makes them great. Being able to express a caring persona by adding an alert to a child’s record (reminding to ask about Tigger, the family cat) may seem like fluff to the doctor, but the family sees this as a good quality. Let’s consider the remaining qualities of a great pediatrician: attentive, available, and knowledgeable. Read more
Save to Browser Favorites
Ask
backflip
blinklist
Bloglines
BlogMarks
Blogsvine
BUMPzee!
CiteULike
co.mments
Connotea
del.icio.us
DotNetKicks
Digg
diigo
dropjack.com
dzone
Facebook
Fark
Faves
Feed Me Links
Friendsite
folkd.com
Furl
Google
Hugg
Jeqq
Kaboodle
linkaGoGo
LinksMarker
Ma.gnolia
Mister Wong
Mixx
MySpace
MyWeb
Netvouz
Newsvine
PlugIM
popcurrent
Propeller
Reddit
Rojo
Segnalo
Shoutwire
Simpy
sk*rt
Slashdot
Sphere
Sphinn
Spurl.net
Squidoo
StumbleUpon
Technorati
ThisNext
Webride
Windows Live
Yahoo!
Email This to a Friend
If you like this then please subscribe to the Open and Closed Medicine
July 31, 2008
Medicine is practiced essentially the same way now as it was several hundred years ago. There are new techniques, equipment, tools, materials, etc. However, the way a patient interacts with his/her physician is essentially the same.
A patient goes to see his/her doctor. The doctor gives the patient an examination and a diagnosis, documents this examination and diagnosis in the patients chart, gives orders or a prescription that they expect will be adhered to, and the patient leaves.
Essentially the same process followed for well over a hundred years. Some of you may say, of course, it is a refined and hallowed method that has been proven repeatedly. However, this scenario describes a “closed” form of medicine. “Closed Medicine” describes a healthcare system that is unable to openly share health-related information electronically, and in a timely, private and cost-effective manner. “Open Medicine” describes a healthcare system with openly available electronic patient health information shared freely between patients and their healthcare providers in a timely, private and cost-effective manner. Open Medicine has the potential to improve healthcare delivery in a dramatic way. Closed Medicine perpetuates the old model of healthcare delivery. Read more
Who’s Who – Vulnerabilities and Threats
July 21, 2008
As we saw last time, Section 164.308(a)(1) of HIPAA requires you to conduct a risk analysis. We covered some basic definitions to help you understand what a risk analysis is, and what it involves. This week, we cover some basic categories of vulnerabilities and threats, which you must identify as part of your risk analysis.
Identify potential threats – Threats are weaknesses in your computer systems, networking gear, your staff, and your office building.
Access Controls – Check all user accounts for strong passwords. Make sure your data is protected with file and sharing permissions. Make sure your staff has access based on the “need to know” concept.
Network Security – Make sure you have a firewall on each computer as well as between your network and the internet. Configure your firewall to deny all connections unless you explicitly approve them. Make sure your wireless network is protected with maximum strength encryption.
Malware Protection – Make sure your computers have anti-virus and anti-adware and spyware software. Make sure all your machines stay current with Windows updates.
Backups and Storage – Make sure you have local and offsite backups. They should be protected with encryption, file permissions, and other controls. Also consider purchasing battery backups for your computers and networking gear.
Physical Security – Make sure to secure your office against fire and theft by keeping your doors locked and installing security and sprinkler systems.
Staff Habits – Train your staff to be aware of fraudulent emails, instant messages, and never to give their password out to anyone.
Identify potential threats – Threats are forces that will exploit your vulnerabilities, and they can be difficult to determine. Threats can be broken down into four categories: natural, human, software, and environmental.
Natural - Natural threats are things like floods, earthquakes, tornados, and hurricanes. Unfortunately there is nothing you can do to prevent them. Adequate offsite backups will reduce the risk posed by these threats.
Human – Human threats are most commonly your own employees. They may accidentally delete your data or break your computer systems. Employees may also maliciously destroy or steal your data or computer systems. Ex-employees, hackers, patients, and pretty much anyone else could be a potential threat. Luckily fixing the vulnerabilities listed above will drastically reduce the risk posed by human threats.
Software - Software threats consists of viruses, worms, Trojan horses, adware, spyware, and any other malicious software. Adequate anti-virus, anti-spyware and strong firewalls will all but eliminate the risk posed by these threats.
Environmental – Environmental threats include fire and power outages. Like natural threats, there is little you can do to prevent these threats. Making sure your sprinklers, smoke detectors, and fire extinguishers work can help mitigate the risk. Consider also that most damage from a fire occurs from water sprinkler systems and the fire department. You may choose to cover your computers with tarps when the fire alarm goes off. Installing battery backups will help minimize the risk of data loss from power outages.
Identifying vulnerabilities and threats is key to performing a risk analysis, which you need to do periodically to comply with HIPAA. Vulnerabilities are the most important. They affect your computer systems, and luckily there are many controls you can use to fix them. Threats are almost always outside of your control, and they can be difficult to identify. Keep these basic vulnerability and threat categories in mind when you begin your risk analysis.
Join us next week for a basic how-to guide for conducting your risk analysis.
Ryan Ricks
Security Officer
www.xlemr.com