• first identify all your assets
• find out which threats are associated with each asset
• look for damages to your assets due to these threats
• how much loss is involved with each threat
• put a budget together to address the potential threats
• make sure your security policies help you with security activities
• educate your employees with your security policies
• make your security goals clear to every employee

With a little planning, your security risk management could give you a starting point and let you move forward with your security plan.

• know what risks are out there and how to manage them
• make sure you have written security policies and are enforced
• classify your information and secure them accordingly
• you must have procedures and standards to clarify what needs to be done
• without proper security organization, who knows what to do
• users, IT staff, and management must be educated about security

With a little bit planning, you could manage your security the way you want.

• manage medication formularies
• write prescriptions
• approve refills/renewals
• receive refill notifications
• drug, food, allergy, lab interaction checking
• drug-condition/indications checking
• patient-specific dosing and warnings
• order diagnostic tests
• order referrals

This should be a good start to look for some of the functions available in EHR/EMR. Review all the functions available and make sure you see what you would like your next EHR/EMR to have.

A little planning could give you more functions in your next EMR/EHR.

• manage problem list
• manage medication list
• manage allergy and adverse reaction list
• manage patient-specific care plan
• capture variances from standard care plans
• trend data from multiple sources

Just having the patient data is not enough, you need to know how the EMR/EHR will manage the data and present it to you.

A little planning could save you time and money. Pay attention.

• Network Layer – Firewall
• Application Layer – Proxy
• Network Layer – NAT
• Physical Layer – STP Cabling
• Network Layer – IDS
• Network Layer – IPSec
• Application Layer – Web Server configuration
• Network Layer – Just enough services and ports, DoS
• Application Layer – Anti-virus for Email, DoS
• Transport Layer – SSL
• Network Layer – Network Scanner
• Application Layer – XML, DCOM

Not every organization needs all the security listed above, and in some case these are not enough. It depends on organization what they want to protect and how important information is to their business.

With a little planning, you will not be surprised and can keep your security working for you.

• capture and record patient medical history
• capture and record patient medication history
• receive diagnostic studies results
• record clinical documentation
• record temporary notes to self or others
• capture key health data for minimum datasets
• capture images from PACS
• capture patient-originated data

You may or may not need all these data. But when you know what data you are interested to have, then you could examine the EHR and look for these functionality and you could get the application that suits your business and operation instead of a complicate application which you will never use all the features.

A little planning could save you time and money. Think about it.

You need to do more. You must know the flow of the data, where it comes from and which road it takes , and how it gets to the destination.

You need to know who access the data, who modifies the data, and keep your eyes on the data at different stages to detect any unusual activities.

Your IDS, Anti-virus, Firewall might do a great job as individual, but your goal is to make sure all you individual security solutions work together and enhanced your overall security.

Think of the big picture, your ultimate goal is to secure your network, files, and data. What tools do you need to make it happen? How can you integrate different security solutions into one to give you secure environment and yet provide acceptable performance .

A little planning could save you security headaches.

• Configure security on applications, files
• Configure system default users security
• Secure physical environment and computers
• Group users in different specific groups and implement security
• Avoid using generic logins
• Monitor and audit your security logs regularly

A little bit planning could prevent major and undesirable disaster. Think of Security as a process and you should be monitoring it constantly.

Don’t forget to check the following again:

• correct firewall configuration
• lock down the web servers
• middle-server security configuration
• limit access to databases and back-end servers
• install extra firewall for databases and back-end servers
• make sure IDs is running
• disable what ever protocols you are not using
• disable services not used on your desktops
• keep applying security patches

The list goes on. In order to have a secure environment, you need to know every detail about your infrastructure, applications, servers, desktops, and any other device. You should also know how each one is configured and how they function before you could secure them.

Keep learning about security, it is a never end story.

Here are some questions to answer when you are in the process of choosing EMR/EHR.

• Can you identify and locate a patient?
• Can you manage patient demographics?
• Can you schedule appointment?
• Can you schedule admissions, surgery, or procedures?
• Can you identify patient relationships?
• Can you manage patient administrative requirements, that is ABN, NPP, or consets?
• Can do electronic eligibility and benefits transactions?
• Can you do billing  and accounts receivable management?
• Can you do prior authorization/pre-certification transactions?
• Can you capture and record patient medication history?
• Can you receive diagnostic studies results?
• Can you record clinical documentation?
• Can you record temporary notes for minimum datasets?
• Can you capture external clinical documents?
• Can you capture external clinical documents?
• Can you capture images from PACS and other medical devices?
• Can you capture patient-originiated data

It is not important if the EMR/EHR has all the features. What is important which of the features work better with your day-to-day operation. Knowing ahead of time what features you are interested could narrow down your choices and may even save you money, and less time to implement.

In next article, I will write about Patient Data Capture Functions.