For some, the Security Rule is viewed as more federal mumbo-jumbo. More regulations calling for more expenditures calling for more penalties. For others, the Security Rule is viewed as a practical and necessary set of guidelines designed to protect their electronic patient data as well as their business.
Does the Security Rule help the small provider achieve better security? Read through this partial list of security problems we’ve uncovered in Colorado Springs over the past year and decide for yourself.
For small providers we’ve found
- Lack of Adequate Backups
- Unread Backup Logs Indicating Failed Backups
- Virus Definitions Severely Out of Date
- Transcription Tapes Left in a Hallway for Pickup
- Failure to Have Any Anti-Virus Software
- Former Employee Threatening to Sabotage a System
- Door to Office Left Open All Day on a Weekend
- Access Log Reveals Employee Attempting to Log on as the Office Manager
- Loss of Backup Tapes
- Lack of Firewall
- Windows Computers with No Built-in Security
- Passwords Taped to Monitors
- Man Posing as FedEx Driver Accessing Billing Area
- Thousands of Directed Hacking Attempts from Computers in Other Countries
- Doctor’s Laptop Containing PHI Given to College-Bound Sons/Daughters
- Weak Passwords Allowing Easy Access
- Spyware
- Viruses
- Lost Office Keys
- Stolen File Server
Applying the Security Rule helps uncover threats and vulnerabilities to your electronic records. Once uncovered, the Rule requires that you fix the cause of the problems with administrative, physical, and/or technical safeguards. In addition you must craft the appropriate policies and procedures. The security problems mentioned above were all discovered and mitigated by the reasonable application of the Security Rule.
Now, here’s the story of Mr. Squirrel. Mr. Squirrel decided that his shortest route home one crisp fall morning was to tip-toe along a high tension wire that stretched over the street. Mr. Squirrel did not know that this wire lead directly to a zillion watt transformer and that the transformer was old and weak. Mr. Squirrel stretched his little squirrel legs to climb on top of the transformer to pull his plump little squirrel body off the wire and out of danger. Mr. Squirrel knocked out the power for ten city blocks and had definitely cracked his last pecan.
What’s that have to do with the Security Rule? The answer is that the Rule also calls for contingency planning. What will you do without power to run your computers? Do you remember how to use the old paper system? Could you effectively provide patient care and provide accurate information to your doctors and patients? The Security Rule makes good sense for small providers. Don’t ignore its intent and requirements. Commit to establishing good security practices. And don’t forget that the Mr. Squirrel show may soon be coming to a block near you.
