Physician IT
Why “Set and Forget” Can’t be Your Practice’s
Approach to Health Information
Security and Continuity
Kurt Buckardt, CSO Konsultek
- CISSP
- NSA IAM/IEM Certified
- Member ISACA
- CCSE
www.konsultek.com
847.426.9355

Physician IT: Two Primary Concerns
• Pracitce Continuity
– Front Office
– Back Office
– Diagnostic Equipment
• Practice Security
– HIPAA Security Rule
– EHR
www.konsultek.com
847.426.9355

What is Practice Continuity?
IT Practice Continuity
• Practice Continuity refers to an organization’s
ability to keep vital business operations
running at or near normal capacities in the
event of infrastructure failure.
www.konsultek.com
847.426.9355

Leading Causes of Continuity Disruptions
Leading causes of BCDR disruptions, by percentage
3% Natural Disaster
14% Software/Firmware Errors
32% Human Error
7% Virus/Security Breach
44% Hardware Failure
Source: Strategic Research Corp.
www.konsultek.com
847.426.9355

Physician IT: The Security Timeline
• 1996 Health Insurance Portability and
Accountability Act (HIPAA) enacted
• 2003 Health and Human Services Develops
the HIPAA Security Rule
• 2009 Obama administration declares that a
Cyber Czar will be appointed
www.konsultek.com
847.426.9355

Physician IT: The HIPAA Security Rule
• Designed to ensure the confidentiality,
integrity, and availability of electronic
protected health information (EPHI)
www.konsultek.com
847.426.9355

Physician IT: The Security Rule has 3
Controls
1. Technical safeguards designed to protect data and
control access to information by individuals as well
as guarding unauthorized access via an information
network.
2. Physical safeguards designed to protect data from
the hazards of fire, weather, environment, or
intrusion.
3. Administrative safeguards designed to document
formal policies and practices for data protection,
including the organization's security management
process, and implementation specifications.
www.konsultek.com
847.426.9355

Physician IT: Technical Safeguards
encompass 5 specific areas
1. HIPAA Access Control Standard
2. HIPAA Audit Controls Standard
3. HIPAA Integrity Standard
4. HIPAA Person or Entity Authentication
Standard
5. HIPAA Transmission Security Standard
www.konsultek.com
847.426.9355

Physician IT: An Iterative Process
"Each time you add new functionality to
your Physician IT infrastructure you must
reassess your security and continuity"
www.konsultek.com
847.426.9355

Physician IT: Have You Added Functionality?
• New billing software
• Practice management software
• Hardware such as servers, workstations
• New diagnostic equipment
• Laptops or PDAs,
You must reassess the environment and make
changes to ensure security and compliance!
www.konsultek.com
847.426.9355

Physician IT: Practice Continuity is Imperative
"Disruption of service even for just a few
minutes can have potentially life-
threatening implications"
www.konsultek.com
847.426.9355

Avoid Security and Continuity Problems!
Make more sense of the HIPAA Security Rule and get a
full appreciation of practice continuity challenges by
requesting the 12 page white paper below.
“Is There an IT Doctor in the House?”
Dealing With Continuity and HIPAA Security Rule
Challenges in a Small Healthcare Practice
Get it herePhysician IT
www.konsultek.com
847.426.9355

Konsultek
Kurt Buckardt, CSO Konsultek
- CISSP
- NSA IAM/IEM Certified
- Member ISACA
- CCSE
We take the pain out of your
healthcare practice’s IT security
and continuity.
www.konsultek.com
847.426.9355