Here’s a handy little blog item from health IT consulting firm Entegration. While many bloggers focus on big-picture issues, firm president Art Gross has offered three easy-to-understand, concrete suggestions on how medical practices should protect themselves when they’re first rolling out their EMR.
Gross suggests they consider the following steps:
* HIPAA security: Gross recommends hiring HIPAA security services to help train employees and implement protocols which will make sure protected patient information isn’t compromised.
* Off-site data backup: Few medical practices do more than back up their existing files to tape, but as he notes, data gets corrupted, backups are sometimes overwritten by mistake and disasters (fire, floods and more) can destroy on-site archives.
* Disaster recovery: To be prepared for all contingencies, practices must have more than one copy of current data available, methods for accessing that data and detailed procedures in place for accessing the duplicate data.
Sure, companies with big IT staffs would do these things as a matter of course, but many small physician practices don’t even have a single full-time IT employee, relying instead on consultants to do basic maintenance. That drive-by consultant is unlikely to be evaluating the practice’s overall readiness to keep an EMR up and running securely.
Reminding doctors that they must be careful custodians of their new digital data is a good idea. Let’s hope more consultants )and vendors) dealing with small practices are preaching this gospel.