Providing Strategic IT Management Advice and Data Security Measures to Clinics across Western Canada.
TRINUS understands the importance of Cyber Security and Disaster Recovery, which is paramount in the Medical field. Working with Clinics, we provide complete Managed Solutions to ensure data is safe, and rigorous Compliance standards are met.
IT Management Best Practices for Clinics
Under the Health Information Act (HIA) of Alberta, Clinics are required to perform a Privacy Impact Assessment to ensure compliance with the Act. Part of the Impact Assessment focuses on how Clinic Information Technology (IT) systems are used to host Patient and Clinic data. Hardware, software, backups, Disaster Recovery procedures, and Cyber Security countermeasures, all play an important role in keeping IT systems and Clinic Data safe.
Hardware & Software
Clinic IT hardware used to be straight-forward to implement and easy to maintain, but modern systems – with the advent of sophisticated firewalls, distributed (Cloud) computing, and multi-use Wi-Fi systems – are more complex, and require a holistic approach for implementation and maintenance. In addition to providing enhanced Data Protection and HIA Compliance, a properly designed and supported network of computers, servers, and network systems, can increase User satisfaction and Clinic productivity.
Clinic Best-Practices to Implement
- Business-class workstations, servers and networking equipment have ongoing manufacturer’s support, to prevent Cyber Security Attacks through hardware-based (firmware) attack vectors. Where practical, system redundancy is implemented to mitigate the risk from single-points-of-failure.
- Business-class firewalls have real-time dynamic filtering capabilities to trap and reject Cyber Security attacks from “zero-day” (emerging) viruses and restrict Internet access to Clinic business functions.
- Dual-band Wi-Fi systems provide secure access to Clinic resources for Practitioners and Support Staff, while segregating and restricting Patient traffic to a Guest Wi-Fi.
- All software is vetted for compatibility prior to being installed, and the rights to install rogue software is restricted. System firmware, operating, and productivity software, is regularly updated (monthly) on all systems and tested for interaction compatibility.
Backup and Disaster Recovery
Part of the HIA requires Clinics to have a secure and reliable backup of Clinic and Patient records. But Clinics are discovering that backups need to be combined with an effective Disaster Recovery Program, to ensure business continuity of the Clinic. Cyber Security Attacks (Ransomware), failed IT hardware, lost Internet connectivity, and facility damage are potential disasters that place your Clinic operations at risk.
Clinic Best-Practices to implement
- Image-based backups take a complete snapshot of critical systems and allow systems to be restored to previous configurations in the shortest possible time.
- Multiple encrypted backups are rotated and stored offsite (through removable media or secure Cloud storage), to guard against facility loss and provide an archived history of Clinic Data.
- Backups are regularly monitored for backup success and tested monthly through the random restoration of selected Data.
- A Clinic Disaster Recovery Plan is developed, reviewed, and tested (annually), through table-top exercise.
The Cyber Security landscape has changed drastically in the last 24 months. The ability of Cyber Crooks to monetize Cyber-Attacks using ransomware and Bitcoin, now has the attention of Organized Crime; it is a $5 billion-a-year industry. Cyber Crime poses 2 distinct threats: Ransomware that causes Clinic Data to be inaccessible, thus making Clinic Operations unviable – and the Breach that results in Patient records being stolen and sold on the Black Market. Either situation places a Clinic in jeopardy. Clinics need to protect themselves from a variety of Cyber-Attack vectors.
Clinic Best-Practices to implement
- Perform a Cyber Security Assessment that highlights the Technical and Physical vulnerabilities present in your Clinic – and makes recommendations to mitigate the risks.
- Implement hardware and software countermeasures, such as business-class Anti-Virus, real-time dynamic Firewall filtering, and perform regular firmware and software updates.
- Implement real-time vulnerability scans of your network to mitigate risks from rogue devices.
- Implement an Education Program to help Users identify and counteract Social-Engineering Attacks.
Featured below is the TRINUS-sponsored video recording of our Partner Jean Eaton's excellent December 9th, 2020, PIA Amendment Workshop
Jean Eaton, BA Admin (Healthcare), CHIM, CC, is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.
She is constructively obsessive about Healthcare Privacy, Confidentiality, and Security. Jean is an experienced leader in Health Information Management. She has worked with multi-disciplinary Healthcare Service professionals in primary, acute, and tertiary care facilities across Canada. Jean has successfully assisted primary care physicians, chiropractors, dentists, pharmacists, primary care networks, and other Healthcare providers, to develop Privacy Impact Assessments (PIA), Office Policies & Procedures, and Training, regarding the collection, use, and disclosure of Health Information.
IT Questions? We've got IT answers!
A stable IT infrastructure may be the only thing keeping your Clinic from a Malware Attack or large data loss, due to a disaster. TRINUS wants to set your IT systems meet the highest levels of HIA Compliance, to protect your vital Clinic and Patient information.
Changes to Clinic procedures, staff and Technology can impact HIA Compliance, which can trigger a review. These will cause the need for a Review. According to the Alberta Medical Association, some of these changes include:
- “Data exchanged with new parties”
- “Changes to or addition of roles”
- “Access to Netcare”
- “Adoption of new practices within the Clinic and/or PCN”
- “New EMR functionality”
- “Change in provincial Privacy Legislation”
These are some of the primary reasons why it is vital for a Clinic to constantly evaluate their IT infrastructure, to ensure they are compliant with legislation.
When we meet a potential Client, we often pose the question: “If your clinic was subject to a malware attack, a system-wide outage, or a natural disaster, how long can you afford to be without your IT systems?” The answer is inevitably “24 hours or less.”
TRINUS believes in a proactive approach to IT system maintenance and Cyber Security. In addition to system upgrades and effective Cyber Security protection, user education is required to keep staff vigilant in recognizing Cyber Threats. The ongoing cost of effective Cyber Security Countermeasures is small, when compared to the cost of recovering from a Cyber Attack, which often involves completely rebuilding an IT system, paying for lost productivity and staff wages, and irreparable damage to the Clinic’s professional reputation.
Recent reports show an exponential growth in Ransomware Attacks on Medical and Dental clinics. Recently we have worked with some Alberta-based clinics that have been affected by a Ransomware virus. Ransomware can infiltrate clinics in different ways: The most common attack vector is through Phishing emails, which are emails that contain links or attachments infected with Ransomware. Once opened, the virus spreads rapidly to the local computer, and then to other devices and files on the network. It’s not uncommon to see a complete network system infected within a few minutes. Another popular entry-point for Ransomware is remote connections. Many doctors or Clinic Staff access records remotely from home or out-of-office. Many clinics do not employ High-Security Protocols for remote desktop connections, which allows cyber-criminals to gain full system access by cracking a simple, single-factor password. Such was the case last year with a Clinic: Once they gained access through remote desktop, hackers planted Ransomware, which quickly disabled the whole Clinic.
Of paramount importance is protecting patients’ sensitive Health and Personal Information. Once compromised, it’s copied and sold many times over, with no hope of re-establishing its’ confidentiality. Clinics are now required to disclose breaches that affect patients and their confidential information.
Let us protect your clinics and your patients!
Out with the old, in with the new.
Find out how TRINUS can help you implement and manage technology and security in your business.
/Partners /Systems /Certifications
TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.