Like it or not, we live in a connected world. Half of us check the email on our mobile phones before we even get out of bed in the morning. We do everything from get directions to a restaurant to get recipes for cooking at home online. Some of us order dinner to cook at home online. Our lives are online or at least on digitally connected devices. So too are our businesses. With all the recent stories about online hackers and inadvertent and surreptitious sharing of information online, we thought it a good time to revisit software security.
A majority of eyecare practices today are using client-server practice management and EHR software to run their practice. Whether you choose to house your software and date locally or in the cloud, you must be equally as vigilant about securing your network and your data. We are talking about more than meeting HIPAA regulations. We are talking about working to ensure your data, your livelihood, your income, is protected.
Are you housing your own server and software? Great. Where do you keep the server in your practice? Is it behind locked doors with limited access? Is it located in a locked server cage? While these may seem like extra cautious steps in the process of keeping your server secure, it’s a good place to start. The chances are probably pretty slim that someone will intentionally take data from your servers, but it’s not a bad idea to monitor access to the server room, because if anything were to happen it’s still your responsibility. Even if you aren’t hacked from the outside, a disgruntled employee can steal all your data or destroy it in minutes.
Remember, putting your computer in a locked closet or cupboard sounds like a secure idea, but is it getting plenty of ventilation and cooling? You can fry a motherboard in seconds, possibly taking along all the data on your computer if it isn’t adequately cooled.
If you are housing your own server, you should also purchase and install a firewall on your network. A physical firewall (versus a software firewall) can be purchased for as low as $200 and can dramatically cut down remote attacks by blocking access from all but those IP address you trust. If you don’t want to invest in a separate firewall, many of today’s modern routers have scaled down firewalls built into them.
Are you backing up your data? What would happen if your server fried tonight? If the hard drive suddenly stopped working? What happens if there is a hole in the ground when you come into work tomorrow. Your insurance will help you open a new office, but what about all those records? All that data? You should be backing up your data daily. Back in the day we used to switch out portable hard drives every night, so one was always home. Inevitably hard drives were either dropped or forgotten and the daily routine became weekly, then monthly, then almost nonexistent. Today, we suggest an online cloud service that is HIPAA compliant such as Carbonite or Mozy. There are many others as well, so do a little research as to who you want to use. Protect your login passwords so only your most trusted staff has access to the data.
What about anti-virus and anti-malware? Online thieves and hackers are becoming ever more sophisticated. Opening the wrong email or clicking on the wrong link or download can unleash a nightmare of problems onto your computer and your network. Antivirus software is a very cheap insurance plan to help protect you and your data. No software will guard 100% of the malicious actors and intents out there, but having it will certainly help. We also suggest setting up rules in your employee handbook or manual as to what websites are appropriate to visit on store computers. Since everyone nowadays has their own smartphone (OK…70% of us do) employees can check their personal emails on their smartphones instead of store computers. It should also go without saying (but of course we will still say it) that visits to any websites on company computers should be for company business and websites like hotnakedchickswitheyeglasses . com is against company policies even if they are wearing eyeglasses.
Are you using tablets or laptops to access your data over Wifi? Are you using Wifi? Is your signal encrypted? Do you change your password every so often? A hacker can sit in their car and record all the data going across your Wifi network if your network and your devices are not secure. What if one of those tablets or laptops walks out of your store? Any portable connected device should be able to be wiped remotely. Rest assured that HHS won’t take too kindly to know that a tablet that walked out of your front or back door can still access your medical records.
Does all of this sound like you need to hire an IT expert? Good. You should have someone who knows IT and network security on call. Just as anyone can research eye diseases and make their own self-assessment, so too can you become an amateur IT expert. However, hiring someone who knows their stuff, can save you a tremendous amount of time and headaches down the road. An independent IT consultant can do a complete audit of your system, recommend fixes and updates, and periodically come in to do checkups to help keep you in business.