How Do You Do Security Risk Analysis?
One of your security management tasks is to do risk management. So, where do you start?
- first identify all your assets
- find out which threats are associated with each asset
- look for damages to your assets due to these threats
- how much loss is involved with each threat
- put a budget together to address the potential threats
- make sure your security policies help you with security activities
- educate your employees with your security policies
- make your security goals clear to every employee
With a little planning, your security risk management could give you a starting point and let you move forward with your security plan.
What is Security Management?
Take care of the following and you should be in good shape with your security management.
- know what risks are out there and how to manage them
- make sure you have written security policies and are enforced
- classify your information and secure them accordingly
- you must have procedures and standards to clarify what needs to be done
- without proper security organization, who knows what to do
- users, IT staff, and management must be educated about security
With a little bit planning, you could manage your security the way you want.
Check Prescription/Ordering Functions in EMR
Probably Prescription/Ordering functions in EHR/EMR is one that get a good attention when selecting EHR/EMR. Let’s see what functions you should look for when reviewing EHR/EMR.
- manage medication formularies
- write prescriptions
- approve refills/renewals
- receive refill notifications
- drug, food, allergy, lab interaction checking
- drug-condition/indications checking
- patient-specific dosing and warnings
- order diagnostic tests
- order referrals
This should be a good start to look for some of the functions available in EHR/EMR. Review all the functions available and make sure you see what you would like your next EHR/EMR to have.
A little planning could give you more functions in your next EMR/EHR.
Can Your EMR Manage Patient Data?
As you are looking for your first EMR/EHR, you need to know if your chosen EMR can manage Patient Data. Some of the features to look for are as follow:
- manage problem list
- manage medication list
- manage allergy and adverse reaction list
- manage patient-specific care plan
- capture variances from standard care plans
- trend data from multiple sources
Just having the patient data is not enough, you need to know how the EMR/EHR will manage the data and present it to you.
A little planning could save you time and money. Pay attention.
Where Else You Could Impelement Security
You may have installed some of the following security measures already, or maybe you have not. It is good idea to review them and be sure you have done what you could.
- Network Layer – Firewall
- Application Layer – Proxy
- Network Layer – NAT
- Physical Layer – STP Cabling
- Network Layer – IDS
- Network Layer – IPSec
- Application Layer – Web Server configuration
- Network Layer – Just enough services and ports, DoS
- Application Layer – Anti-virus for Email, DoS
- Transport Layer – SSL
- Network Layer – Network Scanner
- Application Layer – XML, DCOM
Not every organization needs all the security listed above, and in some case these are not enough. It depends on organization what they want to protect and how important information is to their business.
With a little planning, you will not be surprised and can keep your security working for you.
Does Your EMR Capture these Patient Data?
When you are in process of selecting Electronic Health Records (EHR), you need to know which patient data you would like to capture. This will help you in process of selection of the right EHR. Here are some of your options:
- capture and record patient medical history
- capture and record patient medication history
- receive diagnostic studies results
- record clinical documentation
- record temporary notes to self or others
- capture key health data for minimum datasets
- capture images from PACS
- capture patient-originated data
You may or may not need all these data. But when you know what data you are interested to have, then you could examine the EHR and look for these functionality and you could get the application that suits your business and operation instead of a complicate application which you will never use all the features.
A little planning could save you time and money. Think about it.
Is Your Security Solutions Fragmented?
Just because you have installed IDS, Anti-virus, and Firewall, doesn’t mean you have secured your network, data, and files on your infrastructure.
You need to do more. You must know the flow of the data, where it comes from and which road it takes , and how it gets to the destination.
You need to know who access the data, who modifies the data, and keep your eyes on the data at different stages to detect any unusual activities.
Your IDS, Anti-virus, Firewall might do a great job as individual, but your goal is to make sure all you individual security solutions work together and enhanced your overall security.
Think of the big picture, your ultimate goal is to secure your network, files, and data. What tools do you need to make it happen? How can you integrate different security solutions into one to give you secure environment and yet provide acceptable performance .
A little planning could save you security headaches.
How To Protect Your Files.
It is not enough to group users and apply security and permissions. You should do the following as well.
- Configure security on applications, files
- Configure system default users security
- Secure physical environment and computers
- Group users in different specific groups and implement security
- Avoid using generic logins
- Monitor and audit your security logs regularly
A little bit planning could prevent major and undesirable disaster. Think of Security as a process and you should be monitoring it constantly.
You Think You Have A Good Security?
You have installed the right network infrastructure, configured firewall, disabled many ports and services, and running Intrusion Detection Services (IDS), but still you could lose control of your security. Did you take care of security patches?
Don’t forget to check the following again:
- correct firewall configuration
- lock down the web servers
- middle-server security configuration
- limit access to databases and back-end servers
- install extra firewall for databases and back-end servers
- make sure IDs is running
- disable what ever protocols you are not using
- disable services not used on your desktops
- keep applying security patches
The list goes on. In order to have a secure environment, you need to know every detail about your infrastructure, applications, servers, desktops, and any other device. You should also know how each one is configured and how they function before you could secure them.
Keep learning about security, it is a never end story.
What Functional Features Are Available In Your Chosen EMR/EHR?
You MUST know what you want and like to have and if your chosen EMR/EHR can deliver the features.
Here are some questions to answer when you are in the process of choosing EMR/EHR.
- Can you identify and locate a patient?
- Can you manage patient demographics?
- Can you schedule appointment?
- Can you schedule admissions, surgery, or procedures?
- Can you identify patient relationships?
- Can you manage patient administrative requirements, that is ABN, NPP, or consets?
- Can do electronic eligibility and benefits transactions?
- Can you do billing and accounts receivable management?
- Can you do prior authorization/pre-certification transactions?
- Can you capture and record patient medication history?
- Can you receive diagnostic studies results?
- Can you record clinical documentation?
- Can you record temporary notes for minimum datasets?
- Can you capture external clinical documents?
- Can you capture external clinical documents?
- Can you capture images from PACS and other medical devices?
- Can you capture patient-originiated data
It is not important if the EMR/EHR has all the features. What is important which of the features work better with your day-to-day operation. Knowing ahead of time what features you are interested could narrow down your choices and may even save you money, and less time to implement.
In next article, I will write about Patient Data Capture Functions.