It is the best of times and the worst of times in medical information technologies. Both the potential benefits and potential risks are great. The outcome is up to the individual medical practice. In July, The editor of Healthcare IT News was “optimistic about the promise of health information.” Yet, on August 4, the publication reported that only 1 percent of eligible providers had met Stage 2 goals of ‘meaningful use’ of the HITECH Act, which “seeks to improve American health care delivery and patient care through an unprecedented investment in Health IT (HIT).”
Even for the other 99 percent that have not fully implemented Electronic Health Records, the data of a healthcare practice is an investment that can reap benefits or wreak havoc. Outside of the painful consequences of data breaches, when computerized systems fail or records become unavailable, it can cripple the daily operation of a practice. The problem strikes close to home. Recently, an Alabama medical clinic experienced a catastrophic failure of their server due to electrical storms. Even with on-site backups, the data was corrupted and unrecoverable, at a cost that could have been minimized and recovered with the right preventive medicine. In Alabama and Tennessee, 16 HIPAA regulated facilities have made the “Wall of Shame” for electronic data loss, published by the U.S. Department of Health and Human Services. For these practices and others that make news headlines, it is the “worst of times.” But, there are steps that can not only protect practices, but also improve quality of care and revenues, making the best of the technologies and resources available.
In a recent technical audit conducted for a large medical clinic, it was discovered that the outsourced IT vendor had not backed up off-site records that could have resulted in a catastrophic loss. As this case illustrates, there is value in an independent IT audit to assess risks, just like a regular medical checkup. Here are just a few items that should be on the checkup list:
Encryption: Data for portable computers and storage devices should be encrypted. Verify with your IT service provider that off-site backups are encrypted, too.
Backup Off-Site Daily: Backup critical data to an off-site provider each night to allow for recovery of data that is accidentally deleted or corrupted.
Laptops and Portable Devices: Mobile devices require additional measures and protocols, and are not suited for Cloud backup solutions as a primary backup.
Contracted Providers: Not all contracted providers have the medical background to ensure their HIPAA compliance. A recent breach involved the contracted transcriptionist company, which was immediately fired, but the damages and fines had already occurred. Even the IT service provider should have medical experience. Many IT providers use public cloud storage companies, which increases the risk of a breach and improperly protected information.
There are necessary steps and best practices to minimize risks of fines, data breaches, and data recovery costs. But, information technologies are more than just a “necessary evil.” Beyond protecting a healthcare practice, good information technologies and management solutions can be an investment in improving and growing the practice. Whether it is the “best of times or worst of times” depends on the practice.