HIPAA specifies a number of standards providing for patient health information (PHI) portability between providers and accountability for errors and data integrity. Much of compliance falls on your computer network and the procedures that you follow to ensure the security and privacy of your patient information.
A simplified list of compliance that your computer systems must meet is:
-Access to that network, and therefore to the patient information, must be restricted, with some sort of confirmation of identity.
-Information transfer of information must be controlled and restricted.
-Disposal of any computer media that contained patient information must be controlled.
-When an authorized user ceases access, or is fired from your organization, their access must be removed.
-Procedures must be in place to protect terminals against mistakes by users, such as an automatic time log off.
-All access to data must be logged, giving information on the point of access and the user who made that access.
-Methods must be in place to confirm data integrity, including both on-site and off-site backups.
-Every transfer of data must be secure, meaning at least encrypted.
-Data storage must be secure, meaning at least encrypted.
Recently Congress passed the high-tech act. This act imposes very large penalties for failure to comply with HIPAA.
Does your current IT company ensure your compliance? Have you regularly reviewed their work, to see that they meet the above basic checklist?
If you are not confident that you meet the electronic requirements of HIPAA, contact us. We’ll walk you through some basic checklists, review your network, confirm encryption and backups, and give you a roadmap to compliance.
Computers are at the core of how your business makes its money. That’s been true for decades, but in the last ten years the Internet has moved from useful through essential to critical. Invoices, communications, and new orders are moving through your Internet connection. When your Internet connection goes down, so does your business.
Even a modest-sized business can benefit from two Internet providers. The expense of an Internet connection has dropped to where each provider might cost $150 a month. While this expense is not trivial, it’s small compared with the money you make by having the Internet running. So the questions are:
-How often does your Internet provider drop service during the hours when you’re trying to do business?
-How long does your Internet provider leave the service down?
-And how much does it cost you?
-How many employees are doing nothing productive?
The first ten or fifteen minutes they go for a cup of coffee, they review some notes, but after that they are not producing. You’re giving them a paid vacation until your Internet service comes back on. How soon has this cost you more than the $ 2,000 a year that you can save by not having a second Internet provider?
Just like you’ll have a duplicated server, a backup and then a cloud backup, a spare computer, so also you should consider a second Internet provider. The money that you spend on that second Internet provider won’t be wasted. If both of your Internet providers are up and running you’ll be getting the bandwidth from both of them into your network. You’ll be downloading twice as fast. While this may not be crucial to your business, it will be a productivity and speed increase that could pay for the second Internet provider.
But you should have two Internet providers so that, when one of your Internet providers drops, all that happens to you network is that documents and connections are a little slower. You won’t be out of business, you’ll just be slower.
If you have experienced frustration and lost money because your Internet provider has dropped service in the past months for ten minutes or a half hour or two hours, contact us. We’ll set up your network so that it constantly draws from two separate Internet providers, and so that you can automatically and seamlessly continue to make money when one of them drops service.
By now you’ve realized that you have no choice about hiring an IT company. You have no choice about having computers, about having them networked. You probably also have no choice except to have a server. Your computers are connected to the Internet, so you have to have security. You have enough computers that someone’s cousin isn’t going to be able to take care of them all, and they’re complicated enough that he or she couldn’t do it if they wanted to.
How do you pick your IT company? Which one is the best choice for you?
Price matters, but as your company grows you’ll notice that what you pay for your IT services is small compared with the productivity boost they offer. Well-run computers neither harm your business through security vulnerabilities, nor get in the way of your employees doing the jobs that make you your money. IT companies charge different fees because you’re buying a difference in expertise, response time, staffing – but mainly you are buying a difference in customer service.
Customer service is crucial, because customer service is how you are given information about your computers and your network that allows you to choose how to make them better. Your computers are some of the most valuable investments that you can make. A well-run computer network gives you a far greater return than almost any other investment you can make, and your IT company knows what are the next steps toward an even more productive computer network investment.
Does your IT company communicate that potential improvement with you? Do they sit down with you and lay out what your options are: investing in faster computers, increasing your level of security, improving home access for your employees, restructuring your information so that everybody involved in a project accesses all of that project information? This is customer service.
Customer service is something you pay for in an IT company. If you’re saving money on an IT company, one of the first things that you are saving money on is customer service. That’s because it’s a lot cheaper, and a lot more profitable, for an IT company to have remote techs sitting at computers in an office connecting into your network and resolving those problems that can be resolved remotely. Sending a person to your office is expensive: imagine sending one of your key employees out for hours at a time several times a day – you get the idea.
If your IT company doesn’t have a person coming into your office regularly, to maintain contact with your employees and ensure that issues are resolved as soon as they come up, or even better, issues are foreseen and addressed before they become problems, then you are losing productivity. You’re not giving your IT company an incentive to help you grow your computer system and make it more productive. That conversation, every few months, or perhaps twice a year, in which your IT company suggests changes to your computers or to your network, or introduction of a new system of of software, is a conversation you want. On the other side of that conversation are increases in productivity for your company that reward your investment.
If you’re not having that conversation with your IT company regularly, ask us how you can improve your network. See what it can be like to partner with your IT company and increase your productivity!
If your IT company is acting like all threats to your data and to your business’s computers are external, they’re missing the largest threat. Most intrusions into computer networks are made by, or made possible by, employees.
If your IT company isn’t taking steps to protect your network from your employees, while of course in no way blocking or slowing their work, you’ve got the wrong IT company. Not only should your IT company be preventing intrusion via email, regularly finding and removing viruses, and implementing one or more levels of firewall between the Internet and your internal network, but your IT company should also be locking your employees’ computers.
What is locking a computer?
Employees use the same software again and again. They might use as few as four programs. This makes it possible for your IT company to lock their computers to those programs, and a few other known and trusted applications. If your employee inadvertently or deliberately loads in a hostile program, one that might, for example, encrypt your server, snoop out and copy away your information, or log the passwords used by all employees, your IT company should have software resident on that employee’s computer that will prevent this unknown software from running. This is locking a computer.
No one measure can protect your network completely. If your IT company is telling you that they have one piece of software that does the complete job, they’re wrong. Your IT company should be speaking in terms of increasing security, measures that you can take that are almost invisible to your staff but individually give you good protection against intrusion and data theft. Together these measures make it very unlikely that ransomware, data theft, and password logging will succeed.
Call or email us. We understand network security. We’ll send a professional to your office to tell you how secure you are, and more importantly, what vulnerabilities you need to have fixed.
Ransomware takes your data from you and charges you to give you back access. Often your data isn’t removed, but encrypted in place, because moving will take too long, even on fast
Before they became our customers, a number of business owners walked into their businesses one morning and all of their customer information, all of their solutions to old problems,
all of their plans and documents, were encrypted and unavailable to their business. They had an email asking for many thousands of dollars to return access.
Worse, while ransomware attackers often do restore access when paid, sometimes they don’t. No guarantees.
In short, ransomware is a catastrophe to your business, a setback of months, and many thousands of dollars. And paying may not solve the problem.
Ransomware prefers to target small businesses. Small businesses don’t have the same security as large businesses, but small businesses have more money, and more data, than private
individuals do. This makes a small business a logical target for ransomware. Since ransomware often enters a network through email, and your employees often open emails, ransomware has an easy time getting into a small business
A secure email with a browser add-on that only opens an email if its contents are verified is helpful, but is no guarantee. One or more layers of firewall, preferably monitored, also
helps. Monitoring matters because an intrusion may happen weeks or months before the ransomware attack itself. The program inserted into your network or server may move your data or may scout out and bring in the ransomware
attack. Monitoring is helpful for noticing that initial intrusion, and the unusual traffic as your network is scouted.
Some businesses think that cloud data is automatically secure from ransomware. It isn’t. While cloud services make every effort to exclude ransomware, they are not immune. You may
login to your server on the cloud and discover it encrypted.
Many small businesses have a backup, but don’t update it regularly. Some business don’t even backup every few months. While a three month or six month old backup is better
than nothing, using that to recover from ransomware will still be damaging to your business and to your profits.
What can you do?
1) Back up your data, preferably in two locations. Your first location is always local. There must be a drive of sufficient capacity sitting near your server. This is because that data
has to be reloaded to your server after the ransomware attack. You must load (potentially) several terabytes of data back onto your server so that your business can resume operation. This can takes days or longer on even
a fast internet connection, and these are days in which your business is handicapped.
2) Ensure that every backup has a history of at least a few days, so that if your server is encrypted on a Saturday, that Monday morning your IT company can restore you to Friday evening.
A simple backup is great in the case of a lightning strike (if it survives), but may itself be encrypted by the time you discover the ransomware, because it backed up the encrypted data, and didn’t have a history.
3) A remote backup is also necessary. The backup that sits in your server room is subject to many of the same hazards as your server itself. A physical break-in, a fire, an electrical
surge of sufficient force, all could be hazardous to both. Remember, the remote backup is neither as fast to reload nor as convenient – it’s best to think of it as the backup of the backup.
Consult us to ensure that your backups are being made automatically, every night, and with a history that will protect the backups themselves from ransomware. Don’t be one of
the businesses that lose tens of thousands of dollars to the growing threat of ransomware!
The 21st century is a great place to live in. We have bathrooms everywhere, food on every other corner and a vast amount of data accessible all the time at our fingertips. When it comes to internet connectivity there is no doubt that the possibility of staying in touch all the time is a relief, specially without the need for any of those cumbersome wires that are so ugly.
One of the marketing geniuses of our generation is the
realization by companies that business owners are also people, what a
breakthrough. They have then adapted a sort of “if it works for your home then
it should also work for your business” marketing strategy. So, when business
grade setups are required and the IT person recommends a wired office, the
business owner believes it to be a splurge. After all, if it works for my home
it should work for my office, right?
What they are not considering is the fact that when the WiFi system fails, and there is no secondary backup for the internet on the computers, then the entire office is without a connection. This not a problem when the case is the home, since you can just connect to your phone’s service provider and at least Netflix from there. No, in the case of the business you cannot work from your phone, and there is the entire office not having anything to do during billable hours. This is an unnecessary strain for both you and your IT company.
That is why every single office should be wired, and then the WiFi can be used as a secondary source of internet in case the cable fails. But do not hold your breath, cables rarely, if ever, break.
We hope you enjoyed this weekly piece of IT insight! Let us
know if you liked it!