How MSPs Can Help Medical Firms Protect Their DataBy Guest Author | Posted 2015-04-17 Email Print
The Myths and Truths of Building a World-Class Cyber Defense REGISTER >
Physician, encrypt thyself. Guest author Doug Truitt, Kalleo Technologies CEO, offers his take on how MSPs can safeguard medical firms from costly data breaches.
By Doug Truitt
As the health care industry becomes increasingly technologically grounded, the oath taken by medical professionals to "do no harm" should extend to protecting patients' personal data.
For doctors' offices, pharmacies and other medical facilities, taking precautions to safeguard the sensitive information under their care is not just ethically sound in that it spares patients from harmful breaches in privacy, but also financially prudent as Health Insurance Portability and Accountability Act (HIPAA) violations and fines can severely impact the health of a business.
They say in the medical industry that an ounce of prevention is worth a pound of cure; in this case, one government fine from a HIPAA violation can easily cost in the mid-five figures, which can be about 1,000 times the expense of the monthly fee for an encryption service. And that's not yet addressing what is actually most deadly to a medical business: loss of reputation.
For hardworking doctors with enough on their mind, investing in low-cost data security coverage can prevent being blindsided by a breach. Unfortunately, a basic barrier keeping many medical businesses from properly securing data is that they simply don't know where to begin or how to implement the protections they need (and ought to schedule a check up with an HIPAA-focused managed service provider.)
In our day and age, with information carried on portable devices, it's too easy to lose data. A doctor may think nothing of taking a laptop containing work that includes confidential patient information home for the weekend. But when that laptop is lost—whether stolen or simply misplaced—these medical practitioners need technology solutions that quickly resuscitate their prospects of avoiding embarrassing and costly calls to government agencies (to which the reporting of data breaches is required).
As we've observed, symptoms of data loss can include regret, severe anxiety and even breaking out in a cold sweat. When it comes to situations such as this—which do, inevitably, arise—doctors are under managed service providers' (MSPs') orders to have data protection and encryption solutions in place before these events to prevent them from occurring.
Of course, terribly cumbersome encryption can be a bitter pill to swallow, and with the wrong solution, doctors can't be blamed for believing the cure is worse than the disease. We've seen firsthand, though, that it is possible to ensure a clean bill of health for your data security without those burdens that disrupt business.
Doctors and other health care professionals need the devices they use to be protected without ever having to think about it or even realizing the protection is there. Ideally, the method must be both dependable and invisible.
Using a Web-based encryption management tool, MSPs can remotely deploy and manage computer security with ease. This system is pretty painless from an everyday device use standpoint, and remains so even on those occasions when data loss does occur.
In the event of a medical practice coming down with a case of a lost device, MSP techs can remotely quarantine (temporarily deny data access) or wipe sensitive patient data from the device. The medical practice easily pulls through with no risk to its monetary or reputational health, and without even needing to alert government agencies, because there is no breach.
One more important point on the topic: MSPs serving medical businesses must be aware of their own risk and liabilities as well. If a data breach occurs while an MSP is holding electronic personal health information on behalf of a client, the MSP is the liable entity. Even in cases where the client is the sole holder of the breached data, their MSP will certainly be included in the subsequent regulatory audit to explain the technological portion of the situation as it happened, and that is by no means an appealing scenario to be involved in.
As with medical businesses and their patients, MSPs serve their medical clients and themselves best when providing comprehensive data security protection. When data encryption is what the doctor ordered, both doctor and MSP need not worry about data breaches, giving a booster to their mental health and peace of mind, as well.
Doug Truitt is the CEO of Kalleo Technologies, a managed service provider specializing in highly efficient remote IT management support for the health care, government and transportation industries.