My wife, Susan, views computers much the same way she views garage-door openers. She’ll be the first to say that the only thing she really cares to know about either is that when she clicks a certain button, things will work as they have and as they should. I suspect she isn’t alone in feeling this way.
But because her laptop is an integral part of her work life today, Susan now accepts the fact that preventive maintenance is a must if her Sony Vaio is to stay healthy and functioning. Terms like “anti-virus software” and “operating-system patches” are now part of the everyday vocabulary of this woman who spent a good portion of her college days studying Elizabethan poetry and Renaissance art.
But no matter how much she or we might wish that hackers weren’t so busy or so clever, malicious software in the form of viruses, worms, and “Trojan horses” is out there. A fact of life in this cyber age. Today’s blog will talk about specific steps you can take to keep your system free from malware.
HIPAA compliance and virus protection
The HIPAA Security Rule says that you, as a “covered entity,” must “implement procedures for guarding against, detecting, and reporting malicious software.” To satisfy that rule, here are five things that should be a routine part of virus protection in your office:
1.) Regularly update your operating system with the latest patches
The tech world has a friendly term for “corrections;” they call them “patches.” Major operating systems — Windows, Linus, Unix — are constantly being revised and updated. Corrected, if you will. Patched. The reasons vary from adding new features to fixing “bugs” to plugging holes that hackers have used to get inside.
Many people don’t update their operating-system software regularly. Hackers know this, and it makes them very happy. They study the latest patches and devise new attacks based on those identified vulnerabilities. Neglecting to download these patches can give hackers an open door into your operating system and your Protected Health Information (PHI).
To stay on top of virus protection, update your operating system weekly.
2.) Implement business-class anti-malware protection
In today’s marketplace, all kinds of anti-spam, anti-virus measures are available. Some are delivered over the Web. Others are installed on local workstations. There are even appliances that sit on the network — like modern-day gargoyles — to keep out the bad guys.
Pricing for these virus protection measures is all over the place. A word of caution: Beware of “freeware.” Many such packages actually end up infecting systems. (Further proof of the adage, “You get what you pay for.”
No computer in a healthcare office should be without anti-virus protection. Some providers believe that if only one computer is online, then that computer is the only one that requires protection. But they are mistaken. Many viruses and worms can propagate easily over the network to any other computers connected to that online computer.
Installing a desktop-level anti-virus program on each computer in your practice is one way to go, but the best solutions deliver protection over your entire system, not just on individual devices. For protection like that, look into network appliances or integrated cloud services.
3.) Get a commercial security firewall for virus protection
The best method of protecting your system from outside attacks is to install a firewall. If your Internet connection is shared, odds are a firewall has already been built into the router. A router has the ability to hide the computer behind it, so that the only part of your network visible to the outside world is the router itself.
4.) Since new viruses are found almost daily, set your firewall programs to update themselves automatically online.
5.) Alert your staff to online dangers
Your receptionist opens a harmless-looking attachment. Your office manager inadvertently clicks on a pop-up ad that managed to get past the anti-virus software. And before you know it, your system is infected. Review with your staff the dangers to PHI of such seemingly innocent actions. Within your practice, work to establish a culture of vigilance when it comes to online threats.
An ounce of prevention vs. a pound of cure
The information patients entrust to you is too important — to them and to your practice — for you not to take every possible precaution to protect it. Educate your staff on how to use the Internet safely. And invest in quality anti-malware systems.
If technology isn’t your thing — and my wife can relate to that — don’t hesitate to call on the expertise of IT professionals to keep your systems updated and monitored. It’s an extra step well worth taking as you continue on the path to HIPAA compliance.