Physician ITWhy “Set and Forget” Can’t be Your Practice’s

Approach to Health Information Security and Continuity

Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE

www.konsultek.com847.426.9355

Physician IT: Two Primary Concerns

• Pracitce Continuity– Front Office– Back Office– Diagnostic Equipment

• Practice Security– HIPAA Security Rule– EHR

www.konsultek.com847.426.9355

What is Practice Continuity?

IT Practice Continuity• Practice Continuity refers to an organization’s

ability to keep vital business operations running at or near normal capacities in the event of infrastructure failure.

www.konsultek.com847.426.9355

Source: Strategic Research Corp.

Leading causes of BCDR disruptions, by percentage

44% Hardware Failure

32% Human Error

14% Software/Firmware Errors

7% Virus/Security Breach

3% Natural Disaster

Source: Strategic Research Corp.

Leading causes of BCDR disruptions, by percentage

44% Hardware Failure

32% Human Error

14% Software/Firmware Errors

7% Virus/Security Breach

3% Natural Disaster

www.konsultek.com847.426.9355

Leading Causes of Continuity Disruptions

Physician IT: The Security Timeline

• 1996 Health Insurance Portability and Accountability Act (HIPAA) enacted

• 2003 Health and Human Services Develops the HIPAA Security Rule

• 2009 Obama administration declares that a Cyber Czar will be appointed

www.konsultek.com847.426.9355

Physician IT: The HIPAA Security Rule

• Designed to ensure the confidentiality, integrity, and availability of electronic protected health information (EPHI)

www.konsultek.com847.426.9355

Physician IT: The Security Rule has 3 Controls

1. Technical safeguards designed to protect data and control access to information by individuals as well as guarding unauthorized access via an information network.

2. Physical safeguards designed to protect data from the hazards of fire, weather, environment, or intrusion.

3. Administrative safeguards designed to document formal policies and practices for data protection, including the organization's security management process, and implementation specifications.

www.konsultek.com847.426.9355

Physician IT: Technical Safeguards encompass 5 specific areas

1. HIPAA Access Control Standard2. HIPAA Audit Controls Standard 3. HIPAA Integrity Standard 4. HIPAA Person or Entity Authentication

Standard 5. HIPAA Transmission Security Standard

www.konsultek.com847.426.9355

Physician IT: An Iterative Process

"Each time you add new functionality to your Physician IT infrastructure you must

reassess your security and continuity"

www.konsultek.com847.426.9355

Physician IT: Have You Added Functionality?

• New billing software• Practice management software • Hardware such as servers, workstations• New diagnostic equipment• Laptops or PDAs,

You must reassess the environment and make changes to ensure security and compliance!

www.konsultek.com847.426.9355

Physician IT: Practice Continuity is Imperative

"Disruption of service even for just a few minutes can have potentially life-

threatening implications"

www.konsultek.com847.426.9355

Avoid Security and Continuity Problems!

Make more sense of the HIPAA Security Rule and get a full appreciation of practice continuity challenges by

requesting the 12 page white paper below.

“Is There an IT Doctor in the House?”

Dealing With Continuity and HIPAA Security Rule

Challenges in a Small Healthcare Practice

Get it herePhysician IT

www.konsultek.com847.426.9355

Konsultek

We take the pain out of your healthcare practice’s IT security

and continuity.

www.konsultek.com847.426.9355

Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE