In our last blog article, we took a look at how human behavior is the most frequently encountered threat to data security.
So, what to do? You can’t have 100 percent control over every problematic aspect of human behavior, after all.
However, there are some ways for you to simply remove the human element from your data security equation, such as purchasing a private, HIPAA compliant Cloud or adopting a SaaS-based EMR/EHR solution.
HIPAA Compliant Cloud Hosting
One thing needs to be made clear when it comes to discussing Cloud usage for PHI data—public Clouds are not HIPAA compliant. We are discussing private clouds, which have undergone the proper HIPAA audits by HHS, which can be purchased from certain vendors (Nextech now offers Cloud hosting through our Peak10 provider).
With a Cloud, your data is stored off-site, and all infrastructure and data security is handled by the vendor/provider. Also, since the data is not being stored on your office hard drives or on-site servers, there is far less likelihood of your data security being compromised by anyone in your office. For example, even if your office network was to be breached by hackers, there would be no way for the infiltrators to steal your PHI data. This is because, even though your EMR/PM data is being accessed from your office computers, it is not being stored on the hard drives.
The benefits of Cloud hosting are not restricted to data security either. There are also some financial benefits.
According to a study by the Aberdeen Group, organizations that use private clouds (in comparison to public clouds which, admittedly, does not apply when handling PHI) experience 25 percent fewer data security incidents and their security and compliance costs (per application) are 38 percent less.
That’s because having a private Cloud means no longer having to concern yourself with a lot of the usual infrastructure requirements—running data backups, disaster recovery plans, secure/encrypted data storage, on-site server maintenance, and critical data recovery. Instead, the private Cloud provider assumes responsibility for all of these tasks.
Also, a 2014 survey conducted by HIMSS Analytics found that 83 percent of IT executives in healthcare (responding to the survey) reported that they were using Cloud services.
Adopting a SaaS EMR/PM Solution
Software as a Service (SaaS) is a Cloud-based software distribution model that has been around for quite a while, and is quickly replacing the traditional software models (which had software being installed and run on office computers, with data being stored on on-site servers). Similarly to Cloud hosting, a SaaS solution is hosted and maintained by the vendor/provider and made available to clients/users over a network. The most popular medium for accessing SaaS solutions is via the Internet, though there are other options (such as VPN connections).
Simply put, SaaS simplifies data management and security for clients/users. This is because subscribers to SaaS solutions simply pay the vendor/provider a fee (usually annual or monthly), and said vendor/provider manages all hardware and software aspects, including data backups, software updates, and data/server security. As a SaaS user, all you have to worry about is using the software.
Needless to say, this simplicity has led many healthcare providers to choose SaaS solutions for EMR and Practice Management in recent years. According to a study by Software Equity Group, SaaS companies grew at a rate of 38 percent in 2014. Also, a 2014 survey conducted by HIMSS Analytics found that 66.9 percent of IT executives in healthcare (responding to the survey) reported using SaaS-based applications.
In keeping with this trend, Nextech provides customers with a number of SaaS-based tools and solutions—IntelleChart (Ophthalmology), Nextech Analytics, MyPatientVisit (patient portal), and the newly-acquired SupraMed (Plastic Surgery).
While human behavior may be greatest threat to your data’s security, it no longer has to be. Adopting Cloud hosting or SaaS solutions can help you to remove the human element from the problem, leaving you free to treat patients and run your practice without being bothered by IT concerns.