Seven Deadly Sins?
Many offices are now moving towards a chartless or even paperless environment. Practice management data, images, accounting data, documents, almost all of the critical data for the office is in an electronic format. The challenge for many practices is to make sure they properly secure and protect this critical data. New privacy and security rules (we’ll discuss these in future articles) have now attached significant fines and penalties for practices that don’t follow accepted protocols for securing the data.
Many practices will offload these requirements to their local IT company, assuming that most IT companies can handle all of the services needed for the average dental practice. However, in my experience, few of the IT companies put there have the experience to provide all 7 of the services that a dental practice needs. The next time you speak to your IT company, see if they are fluent in all 7 of these:
- Data backup and disaster recovery. Even people with little to no technical knowledge can set up a backup system, which often combines a local device that is removed from the office nightly with some sort of online backup. However, this doesn’t really address the issue that most dentists really need to ask themselves: if your server goes down, how quickly can you get back up and running? For many practices, the answer is around 2 days, that’s about 46 hours longer than it needs to be! That’s what a good disaster recovery system does, gets you back up and operational as quickly as possible, and it is often best handled by an IT company that can not only set it up, but monitor it daily and help you restore data as needed.
- Network monitoring. In a lot of way, computers are like teeth. There’s a reason we put our patients on 3-6 month recalls: to keep a close eye on things, to be proactive when we see problems, and ideally to be able to handle those problems more conservatively. Computers are the same way. By the time you call your IT company with a problem, it’s already too late. Wouldn’t it be better to have your IT company monitoring your computers in real-time, knowing when a problem starts in just minutes? I certainly think so!
- For dentists following the PIPEDA rules, they know that protecting the data is of the highest priority. Encryption is advisable for any office, especially for data at rest.
- The same applies for what’s called “data in motion”, and for most of us, that means e-mail. If you are emailing e-PHI to your colleagues, then you really need to consider using encrypted email software for this. These systems will integrate easily with Exchange-based e-mail like Outlook, or any of the web-based systems like Gmail and Yahoo.
- Staying with PIPEDA, you ideally should do a risk analysis and have all the necessary policies and procedures in place. The are printed manuals…which are basically outdated the minute the ink hit the paper! Web-based systems are an excellent alternative, as they can help you with the risk analysis and act as a repository for the documents.
- Antivirus and antimalware software. Not much to say here, if you’re IT company doesn’t provide this, time to find a new IT company!
- Finally, ongoing support. The better IT companies either provide unlimited support for a set monthly fee, or offers blocks of time that are deducted as support minutes are used.
If your IT company doesn’t provide most of these services, there are plenty of other providers who can help. Look for comprehensive packages, such as the Practice Byte Guard suite.