Best Practices for IT Management for Doctors and Medical Offices

A recent security breach in the medical world has a lot of doctors and medical offices concerned about the security of their patients’ information. Though a thorough free IT assessment and managed IT services can solve these issues, it’s good to know the best practices for any medical clinic or office.

Just a few months ago, Anthem Inc., the second largest health insurance provider in the country, had a major security breach involving personal information for over 80 million of their clients. Leaked information included names, birthdays, home addresses, Social Security information, and work histories. Luckily, however, no medical information was breached in the very sophisticated and targeted attack on Anthem’s network.

That may sound like cold comfort to the people whose information was stolen, but to Anthem it is actually incredibly good news. Why? Because no medical information was lost in the hack, Anthem can still be considered to be in compliance with HIPAA (Health Insurance Portability and Accountability Act of 1996).

HIPAA and HITECH Compliance are Essential

To avoid major liability issues, all doctors and medical offices must be in compliance with HIPAA, but they must also be in compliance with HITECH, as well. Passed three years after HIPAA, HITECH (Health Information Technology for Economic and Clinical Health) was enacted to further protect patients’ information by increasing the penalties associated with non-compliance with HIPAA. This additional act was considered necessary due to advancements in technology and the fact that more and more data of all kinds is being stored digitally.

What does this mean for you and your practice? Essentially, it means that you need to ensure that you are compliant with both HIPAA and HITECH if you want to avoid major fines and other potential legal ramifications associated with loss or breach of patients’ medical information.

Why Hire Custom Runs Tech & A/V?

To do this, you have a choice. You can attempt to take care of all of the necessary security measures on your own, or you can turn to a company that specializes in IT consulting. If your practice is like most, you do not have the means or need for full-time, in-house IT support. This means that you and your staff – while you are all highly qualified in your fields – are not necessarily experts on information security.

So, to do it yourself, you will not only have to dive into all of the legal documentation surrounding HIPAA and HITECH, but you’ll also need a crash course in network security. In other words, it’s most likely time to call the professionals for an assessment.

When deciding on an IT consulting firm, you’ll want to make sure that you choose experts who are well-versed in HIPAA compliant hosting services and who will follow all of the necessary protocols involved with securing a medical office’s network. In addition to network security, these protocols include physical and technical safeguards, as well as specific technical policies. When you seek out IT consulting, look for a firm that will ensure that you have these elements in place and that you are both HIPAA and HITECH compliant.

Physical Safeguards

Believe it or not network and information security is not just about firewalls and anti-virus software. It’s also about the physical security of your office, as well. To be HIPAA compliant, you’ll need to ensure that your office has limited access to patients and the public with control over access to all workstations and electronic media.

Technical Safeguards

In addition to limiting physical access to workstations and other electronic media, you’ll need to ensure that all of your workstations and devices are access-controlled electronically, as well. This includes implementing encryption, user IDs, automatic log-off on workstations, password protection, and other electronic safeguards.

Those safeguards also include regular security audit reports and/or tracking logs of both hardware and software activity. These measures are put in place for forensic purposes, so that you can quickly find the cause or source of any violations of your security protocols.

Technical Policies

You’ll need to put policies in place concerning use of technical materials in your office, as well. These policies will prohibit any tampering, alteration, or destruction of electronic protected health information (ePHI). They’ll also cover plans for IT disaster recovery and call for off-site backups to ensure redundancy, as well. Basically, these policies will make certain that you and your patients can access their sensitive medical information after a crash or outage.

Are You in Compliance?

After reading through this overview of best practices and requirements for HIPAA compliance, you may be wondering whether or not you are actually in compliance at your practice. If this is the case, you should seek IT help immediately. Consultants who have experience with HIPAA compliance can cover all of your bases for you and ensure that you are not at risk for an even more devastating breach than the Anthem breach earlier this year.

Managed IT Services Keep Your Network Safe

Of course, as you may have gathered, staying in compliance with HIPAA and HITECH and keeping your patients’ personal, payment, and medical information secure is not a one-time service. Hackers are constantly testing exploits and network security weaknesses, and a single update to your safeguards and policies will only protect you and your patients for so long before a new virus or other piece of malware emerges.

When you choose managed IT services from Custom Runs, we will install monitoring software to allow us to keep an eye on your network 24 hours a day. For a flat monthly fee, we will ensure that you are HIPAA and HITECH compliant and that all of your data is safe from attacks. We will also be on-call to help you every day of the week with remote and/or on-site technical support. If you need IT assistance, you will be our top priority.

To learn more about HIPAA compliance, managed IT services, and other options for your network security, call us at 410-698-1219

Call Us Today


Services Needed

We chose Custom Runs to install our telephone system and wire our computer network. Our project was handled flawlessly and everything was running smoothly the day we moved in the new office. All of our questions and concerns are addressed immediately.
F. Preissler, Accountant, Preissler & Associates, Inc
For the last five years, Custom Runs has transformed our security systems, audio/video, IT and computer work at our apartment buildings throughout Baltimore County and Baltimore City.

Since our first involvement with them they have been top notch with customer service, product knowledge, loyalty and fair pricing in all respects of professionalism.

Our company’s partnership with Customs Runs is exemplary of the model to which we would like all of our vendors to aspire.

N. Sumner, CFO, Sumner Companies
I have worked closely with Custom Runs for the past 2 years.

They have supplied our shop with over 40 Windows replacement computers, telecom/energy savings and has also offered onsite repair assistant to several of our small business clients.

Jason Revit, Manager, Balt PC Repair
Read More Testimonials