- CATEGORIES: Answerstat,Data and Research,Doctors and Hospitals,News,Ravi Raheja, MD,Research,Research for Providers,Technology,Technology for Providers
- No comments
By Dr. Ravi Raheja, CEO
As hospitals and practices are racing to implement electronic medical record systems, their IT departments have less time to work with other technology projects.
While the benefits of working with a hosted call center are abundant, call-center IT is not on the priority list of the information technology division of any organization. One way to work around this is by using hosted products or SAAS (Software As A Service) solutions. These hosted solutions decrease, or completely remove, the burden of maintaining call-center functionality.
- The security of the actual server
- The security of the data center
Both of these aspects have standards that can be followed to ensure that the hosting company is providing the high level of quality security required of a medical system.
SERVER SECURITY: The “Digital Dozen”
- Install and maintain a firewall configuration to protect PHI data.
- Do not use vendor supplied defaults of system passwords and other security parameters
- Protect stored PHI data
- Encrypt transmission of PHI data across open, public networks.
- Use and regularly update antivirus software or programs
- Develop and maintain secure systems and applications
- Restrict access to PHI data by business need-to-know.
- Assign a unique ID to each person with computer access
- Restrict physical access to PHI data
- Track and monitor all access to network resources and PHI data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for employees and contractors.
Data Hosted and Stored in the Continental US. Not all countries adhere to the same strict standards as the United States. If you need to follow US security standards, it is important to make sure that the data is continually hosted and stored in the US to avoid data and privacy corruption.
Disaster Recovery Plan. Make sure a plan has been developed to optimize server up-time, and provide a back-up server that is less likely to encounter the same circumstances as the primary.
o Backup server in another physical location on opposite coast
o Live database replication to backup server – within seconds
o Daily and hourly database dumps
o Replication logs of every data change can be re-run to rebuild databases.
- Do your servers meet all 12 PCI-DSS standards?
- By whom and how often is your data center audited and certified?
- Is your IT staff ITIL Certified?
- Are your data centers SSAE-16 Certified?
- Is your data center ISO Certified?
- Is your data hosted and stored in the Continental United States at all times?
- What is your disaster recovery plan as it relates to data?