Whether you are thinking about purchasing a client-server software, or already have one, making sure that your data (especially your patient’s data) is secure should be a priority. In fact, when using your EHR software, you need to be HIPAA compliant according to government regulations.
A client-server requires a lot of knowledge about hardware and software installation and a lot of practices don’t factor in the need for servers and IT infrastructure when shopping for an EHR software. So if you do not know how to manage a network of servers and keep them secure, you will need to hire an IT person, unless your EHR software vendor provides support for computer systems, but most don’t.
If the extra expense of hiring an IT technician doesn’t sound appealing, just look for a solution that doesn’t require in-house servers. Cloud solutions are options to consider as they completely remove this burden. However, if you are still convinced that a client-server solution is best for your practice, it’s important to take these steps to ensure that data in your practice is safe.
Hire an IT Technician/Company
Client-server software requires a lot of IT set-up. And as mentioned, if you do not have extensive IT knowledge, you should just hire an IT technician to make sure that everything is done correctly and securely. A few things to look out for when hiring an IT company include: making sure that the IT technician is Microsoft certified (if you are using PCs in your practice), is familiar with optometry practices, and can quickly respond when something happens. Another thing to keep in mind is that IT services do not come cheap. You can expect to spend approximately $10,000 a year on IT service needs, and that doesn't include the cost of the equipment.
Install a Firewall
A firewall protects your network from users of other networks and prevents unauthorized access to your data. Firewalls may alert you of suspicious activities, such as repeated attempts to access the network. Firewalls are customizable and it’s definitely a possibility to install one yourself, and even for free. It can, however, be a lot of work and require some IT knowledge. This would be best to leave to your IT technician.
Encrypt Data
Encrypting data is the process of coding messages in a way that only authorized parties can read and understand. Encrypting data that will be transmitted to and from your practice is actually not part of the HIPAA security standard. It is however required that you assess the risk of unauthorized access to unencrypted data. It is still best practice to encrypt data that you send and receive, especially billing information, emails between practices, and patient health information. Again, encrypting data within the software is going to be hard to do by yourself, and can be costly. Either your IT technician or software vendor will be able to help.
Purchase Anti-Virus Software
Anti-virus software scans and cleans your computer for viruses in email attachments and internet downloads, and prevents it from infecting other computers. Installing an anti-virus software on your computer is a good idea whether you are using a client-server or cloud-based solution. However, if you are currently using a Mac, you might be less susceptible to malware attacks. In that case, you should pick a cloud-based solution if you don’t want to deal with servers. And if you already have an anti-virus software, make sure that you keep it up-to-date. New types of malware appear all the time, so the anti-virus software needs to be updated frequently – which might require you to purchase the upgrade every time a new version comes out.
Have Secure Physical Controls
Do you keep the door of your server room locked? Who has access to the key? Though it is unlikely that someone will have the intent to extract data from your servers, you might want to monitor access to the server room as data now resides in your practice and you are responsible for it. Speaking of server rooms, does yours have temperature controls to ensure that your server doesn’t overheat and destroy data? Also, do you have a back-up server in another location if something happens to the one in your practice?
If you ask me, it sure seems like getting a client-server solution is costly and too much work. And you’ll be working even harder thinking about the measures it takes to keep data secure. Check out Uprise, a cloud-based practice management and EHR by VisionWeb. There’s no hardware and servers to install, and you can be rest assured that we are 100% HIPAA compliant. See how we ensure the privacy and security of your data at all times!