Tag Archives: All-in-one medical computer

How Technology Prevents HIPAA Violations

HIPAA violations are growing in number and cost, and have affected medical facilities of all sizes.

While training and vigilance on the part of administrators and staff is a vital component to HIPAA compliance, the right technology can turn an open book into a bank vault. From secure medical grade all-in-one computers to software to online tools, here are some of the best ways technology is making ePHI (electronic protected health information) more secure.

HIPAA violations and costly fines don’t have to be an inevitability.

How Bad is It?

HIPAA violations and fines are practically raining from the sky. 2018 saw significant data breaches, some that affected millions of patients.

In January of 2018, it was revealed that the data of 30,000 patients was stolen by hackers from Florida Medicaid when an employee fell for a phishing email.

Also in January, a medical group in New York had a record breach that had nothing to do with malicious intent. A misconfigured database with an unsecured port accidentally exposed the data of 42,000 people to anyone who stumbled across it. Social security numbers, patient notes, and even names of family members were all up for grabs.

In April, the Center of Orthopaedic Specialists in California got hit by ransomware that may have exposed 85,000 patient records to hackers. In September, three hospitals settled a $1 million dollar fine for potentially compromising patient privacy while they were filming a documentary for ABC.

And, of course, Anthem paid a record-breaking $16 million in fines and violation settlements for a breach that affected 79 million patients. They were given a hefty penalty for not only the breach itself, but for failing to implement adequate access controls, not conducting a risk analysis before it happened, and for not regularly reviewing system activity to keep an eye on red flags.

Almost all of these breaches could have been prevented or mitigated by better technology, more robust security software, and improved employee education.

Online Training Programs Can Educate Staff Members

Hacking is a multi-headed hydra that is more than just ransomware and worms. “Social engineering” describes all of the methods deployed by hackers to gain access to secure systems from regular people in an organization.

Social engineering tactics can vary wildly, from dressing like an electrician to get access to a sensitive area, to calling up an employee and pretending to be an IT tech who needs their information, or even just employing a malware program that requires a victim to click, open, download, or install something they shouldn’t have.

Consider enrolling staff members into an online HIPAA compliance course, or a general data security training program. If you’re afraid of employees falling asleep during a dry infosec video, try SecurED, a data security training course that was actually written in part by Hollywood comedy writers.

And if you want the real skinny from an expert, world-famous hacker Kevin Mitnick actually created his own security awareness training to help illuminate the best techniques for avoiding malicious software and social engineering.

Install Security Software on All Devices

Cloud storage attached to medical all-in-one computers, medical tablets, and personal devices must be encrypted. Any messages, data, or images that back up to a cloud service are just as susceptible to interception as messages sent from one user to another.

Dropbox, OneDrive, and Google Drive aren’t automatically encrypted, and expose a weak point in any system. The solution isn’t to stop using cloud services — backing up data has never been more important — but to instead use a secure cloud storage program like Sookasa to encrypt files before they enter a cloud storage folder.

It also may be wise to consider HIPAA compliance tracking software like HIPAATrek. This software, and other brands like it, create a one-stop-shop for all current HIPAA regulations, training, assessments, risk analysis surveys, checklists, and a whole host of compliance tools to keep any medical facility in the green and out of the fast-growing list of HIPAA horror stories.

Secure Accounts with Two-Factor Authentication

A single password and login for staff members aren’t sufficient for sensitive accounts. Passwords can be guessed, cracked, or collected fairly easily, especially if employees aren’t maintaining proper password etiquette.

Two-factor authentication is recommended by all security professionals at this point, and a failure to do so could have dire consequences for any organization under HIPAA authority.

Smart cards, custom RFID tags, and biometric scanners can provide the physical authentication, while a PIN or password can be used in conjunction to add an extra layer of security. Medical all-in-one computers or medical tablets with built-in RFID and biometric scanners are highly recommended for this purpose because they are far more reliable than a USB scanner plugged into an off-the-shelf office computer.

Plus, USB readers are portable and have a tendency to get lost or disappear. Misplacing an integrated medical panel PC is slightly more difficult.

Only Use Messaging Software with HIPAA Associate Agreements

Texting and easy picture-sharing have completely changed the way our society communicates, even in the workplace.

However, HIPAA’s security standards mean that doctors and nurses can’t be as free as the general populace. While texting a coworker a question might seem innocuous, it can lead to breached confidentiality and a hefty fine if it contains patient details. Ditto for sending pictures — getting a second opinion from another nurse about a suppurating wound isn’t a bad idea in theory, but may, in fact, be a violation of HIPAA standards.

For workplace communication, make sure work devices are installed with encrypted messaging software from a HIPAA associate. If your practice is using a BYOD policy, make sure those devices have the same level of encryption. Or, it may be a wise idea to abandon a BYOD policy altogether — they’ve been shown to invite massive security breaches.

A messaging app made by a business under a HIPAA associate agreement is certified to provide the necessary security to meet HIPAA standards.

There are quite a few HIPAA compliant texting apps, like TigerConnect and OhMD, that can make a major difference in cybersecurity. Many of these apps, or similar email encryption programs (like Barracuda or Virtru ) can also be installed on medical tablets and medical all-in-one computers, creating an easy, encrypted communication system for any facility.

Don’t Forget the Real World

Consider those hospitals fined for filming a documentary — not all patient confidentiality breaches come from computer hackers.

Even something as simple as the placement of a computer screen or patient monitor can have HIPAA implications. Medical all-in-one computers with built-in privacy screens can reduce the angle where a monitor is readable, while a computer on wheels can be rotated away from prying eyes.

Cameras and video recording are obviously off-limits, but sometimes staff can be tempted by the social media machine in their pocket. A perfectly harmless photo from the wrong angle can unknowingly capture sensitive information on a chart, or the face of a patient in the background.

Of course, a malicious low-tech data thief could also snap a quick picture of sensitive information while a doctor’s back is turned.

Technology can help, of course, but common sense is even more important. Keep an eye on your surroundings, especially when viewing ePHI, to maintain maximum data security.

Employ and Document Digital Security Methods Today

A three-pronged approach of education, technology, and vigilance should hopefully keep any doctor’s office, hospital, or clinic away from major HIPAA violations. Even should a lax staff member cause a breach, a thorough and documented history of implementing all of these techniques should also lower the culpability and any potential fines for the organization.

Contact Cybernet today to learn more about medical all-in-one computers and medical tablets with built-in two-factor authentication, Imprivata single-sign-on compatibility, and built-in privacy screens.

 

What to Look For In an All-in-One Medical Computer

Medical computers lie at the heart of modern day healthcare facilities. From handling core administrative tasks including appointment setting, bill preparation, account verification and medical auditing to choreographing intricate medical operations such as in-lab diagnostic testing, patient vital monitoring, clinical imaging and medical surgeries – medical computers  are used everywhere.

So, in addition to core computing prowess, what else is it that IT professionals in hospitals and healthcare facilities should look for when procuring all-in-one, medical grade computers? Here’s a roundup of the top features to probe into while making a purchase:

Antimicrobial Coating

Global-antimicrobial-coatings-market-to-grow-by-2018Medical computers are meant to be deployed in near-patient environment. To maintain a certain acceptable level of ambient sterility in a medical setting, the deployed electronic devices including medical computers need to be fortified with antimicrobial coating. This feature preempts the spread of germs and bacteria, reducing the odds of contracting infectious diseases to a great extent. It is highly recommended that the all-in-one medical computers you purchase are reinforced with antibacterial coating – curbing germ spread is definitely worth it.

Fanless Design

Why_FanlessDoing away with the traditional fan-based cooling system in a medical computer eradicates dust particle circulation, by that keeping the sterility levels in a medical facility exceptionally high. This is particularly important for scenarios in which highest levels of cleanliness are to be guaranteed. Additionally, removing the fan-powered active cooling system leads to a significant reduction in electronic and auditory noise levels, ensuring a serene environment for the patient. Fanless design is the core feature to look for in medical computer systems when deployment in operation theaters, labor rooms, diagnostic laboratories, blood banks and other critical-care medical spaces is planned.

IP Ingress Marking

IP65-TESTED-LOGOThe durability and longevity of an electronic medical device are greatly dependent on the International Protection marking specification it conforms to. The IP certification results in a sufficient degree of protection against intrusion, dust, accidental contact and liquid spills, making it a highly desirable feature in medical computing systems. To ensure thorough device disinfection by standard liquid wiping, it is important that the medical computer you choose be IP65 certified. A related certification, IPX-1, takes care of accidental splashes and involuntary liquid spills. It is only logical that medical computers with IP marking be preferred when making a purchase decision.

Medical Device Safety Certification

med_logo_148102251_stdEN-60601 is the global device safety standard that applies to electronic medical equipment. Compliance with the EN-60601 standard protects the medical device in case of power surges, short circuits, and other electric power-related hiccups. For medical computers, compliance with a global safety standard such as EN-60101 ensures workplace safety – a must-have for a contemporary healthcare facility.

Internal Battery   

Status-battery-100-icon (1)To give extra mobility to the medics and caregivers during high-stake ER and OR environments, an internal lithium battery is added to the medical computer. Enabling uninterrupted operations for a few hours without the need of plugging into the mains, a battery equipped medical computer is ideal for mounting on a movable cart. It’s worth a double check that the all-in-one medical computer you purchase comes with an internal battery.

Medical computers crafted by Cybernet pack all of these amazing features blended with superior ergonomics and raw computing muscle. Cybernet’s medical computer system are built upon a unique interplay of mobility and power-efficiency delivering the very best in next-generation, sterile medical computing. Simplify your medical computer buying decision by learning more about Cybernet’s medical computers at www.cybernet.us.