Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them. After all, staying out of trouble is half the battle.
Mistake #1 - Using P2P file sharing software at work.
Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks. Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing. The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.
Mistake #2 – Sending confidential information via an email attachment, USB stick or CD
Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA. Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.
Mistake #3 – Forgetting to cleanup files on un-secure FTP servers
Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs. In the hands of business users, FTP servers become a security breach waiting to happen. Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers. Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.
The good news is that managed file transfer can keep you out of trouble in all these areas.
Not to be outdone by Avaya, Cisco is also showcasing its Unified Communications (UC) healthcare offering at the Healthcare Information and Management Systems Society (HIMSS) conference this week. True to form for a company that calls its telepresence offering ‘Telepresence’, their healthcare system is called HealthPresence.
The system combines Cisco’s Telepresence with their Internet call center solutions and digital diagnostic devices and allows doctors and other healthcare providers to make consultations with patients via video conferencing. Patients will be able to provide doctors with various health indicators using a digital stethoscope, an ear-nose-throat camera, and a vital signs device–passing on blood pressure, temperature, pulse rate, and blood oxygen levels information to caregivers. In addition, the system can also be linked to electronic health records so that doctors and patients can review health information and update records through the system.
For more:
- read this article
Posted by FerrumIT Blog | Posted in Healthcare EMR, Uncategorized | Posted on 04-03-2010
0
The rush to deploy comprehensive EHR systems to meet federal deadlines could create a “perfect storm” for healthcare IT: security gaps, system integration troubles, certification issues and clinician education issues, according to a two-part Computerworld report. To get it right, hospital IT pros first have to understand the technology they already have.
Erica Drazen, a managing partner in Computer Sciences Corp.’s healthcare group, told Computerworld that her company routinely asks prospective clients if they know where they are in EHR rollouts. Most have no idea.
A CSC survey found hospitals are just halfway to meeting federal standards for EHR reimbursement. There’s both good news and bad in the CSC survey, Computerworld said. For example, about 70 percent of hospitals already can support CPOE, one of the most basic elements of an EHR, and might not need to buy new hardware or software to move ahead there. But just 8 percent have such systems throughout their facilities.
“The issue is the timelines,” Denver Health CIO Gregg Veltri said. ”I wonder if anybody understands the reality of IT systems and how complex they are, especially when they’re integrated together.”
For more:
- read part one and part two of the Computerworld report
- check out the CSC survey report
Posted by FerrumIT Blog | Posted in Healthcare EMR | Posted on 04-03-2010
0
The American Medical Association is busy lining up partners for a new IT marketplace for physicians that will include EMR offerings. It announced a deal with UnitedHealth Group subsidiary Ingenix to offer the Ingenix CareTracker, a web-based EMR system, on the new online platform and a separate deal with Dell to provide consulting and support services to physician.
The yet-to-be-named AMA platform is scheduled for launch later this year. Now being beta-tested in Michigan, the platform will offer a variety of products and services to help physicians improve their practices.
According to InformationWeek, Dell initially will provide consulting and support for e-prescribing and CPOE, addressing the first wave of federal criteria for meaningful use.
For more:
- read the AMA/Ingenix news release
- check out the InformationWeek article
Posted by FerrumIT Blog | Posted in Healthcare EMR | Posted on 04-03-2010
0
Just how fast EMRs might spread among U.S. physician groups, given the push of federal regulations, is mind-blowing. But at least smaller physician groups hope for, and appear to need, some major help from their hospital partners, according to a new survey.
Accenture, teaming up with Harris Interactive and the New York Academy of Medicine, surveyed 1,000 U.S. physicians in smaller group practices ( those with fewer than 10 practitioners). If the survey results bear out, within two years, almost 65 percent of those groups will have bought an EMR system. Just 15 percent of survey respondents currently have one. Of the about 850 who don’t, 58 percent said they would purchase an EMR in two years.
Current non-users hope for more help than just federal incentive payments. The majority liked the idea of buying an EMR from a local hospital or health network, but on average would expect the hospital or health network to subsidize about half the cost. And survey results hint that even more help, in terms of implementation assistance, might be a good idea. Physicians tended to underestimate the expense and time needed to implement EMRs, but also saw EMRs as more difficult to use than they generally are.
Interestingly, EMR adoption appears to be a case of the “stick” being more powerful than the “carrot.” Some 61 percent of survey respondents cited federal penalties for non-adoption as a motive for buying an EMR, compared with 51 percent who cited federal incentives.
