|Posted on October 15, 2015 at 8:40 AM|
Rid Your Practice of Old Operating Systems (Windows XP and Server 2003):
Since April 2004, Windows XP has been left unpatched by Microsoft. You may notice on newer operating systems that updates are periodically installed when you restart or shut down - these come out every 2 weeks to patch security flaws that allow hackers to access your system remotely. If your office is even running one XP or Server 2003 computer, hackers have had almost 2 years to find holes in the system and those will never be patched (unless you are the US Navy and you pay Microsoft $30 million to extend it!). Even if the rest of your office is Windows 7-10, and Server 2008-2012, if hackers get access to one older computer, they are inside your network and the battle is lost.
Email Hosting, Email Encryption & Business Associates Agreement Best Practices:
While it is not mandated that your practice have email encryption if using a personally hosted email server, it is required if you use a public provider like Gmail, Yahoo, MSN/Hotmail, etc. Hackers can fairly easily get patient information that is sitting on the public providers’ servers. Also, using a public provider would only be HIPAA compliant if you signed a Business Associates Agreement (BAA) with Google, Yahoo or Microsoft. The problem is that none of these providers will not sign a BAA and take on the liability. Also, companies like Google automatically scan your email and generate ad traffic off your patients’ info, which is also a privacy violation. The best practice is to encrypt all emails – and better yet – it doesn’t break the bank at around $10-$15 per month.
Best Practices – Firewall Edition:
Using a firewall (i.e. Sonicwall) in between your modem and switch is mandatory for HIPAA. A proper firewall monitors all internet based activity in and out of the office. Even if you have a firewall, many offices fail to update their devices after the initial installation. Much like XP and Server
Categories: dental insurance