Providing Strategic IT Management Advice and Data Security Measures to Clinics across Western Canada.
TRINUS understands the importance of Cyber Security and Disaster Recovery, which is paramount in the Medical field. Working with Clinics, we provide complete Managed Solutions to ensure data is safe, and rigorous Compliance standards are met.
Hardware & Software
Clinic IT hardware used to be straight-forward to implement and easy to maintain, but modern systems – with the advent of sophisticated firewalls, distributed (Cloud) computing, and multi-use Wi-Fi systems – are more complex, and require a holistic approach for implementation and maintenance. In addition to providing enhanced Data Protection and HIA Compliance, a properly designed and supported network of computers, servers, and network systems, can increase User satisfaction and Clinic productivity.
Clinic Best-Practices to Implement
- Business-class workstations, servers and networking equipment have ongoing manufacturer’s support, to prevent Cyber Security Attacks through hardware-based (firmware) attack vectors. Where practical, system redundancy is implemented to mitigate the risk from single-points-of-failure.
- Business-class firewalls have real-time dynamic filtering capabilities to trap and reject Cyber Security attacks from “zero-day” (emerging) viruses and restrict Internet access to Clinic business functions.
- Dual-band Wi-Fi systems provide secure access to Clinic resources for Practitioners and Support Staff, while segregating and restricting Patient traffic to a Guest Wi-Fi.
- All software is vetted for compatibility prior to being installed, and the rights to install rogue software is restricted. System firmware, operating, and productivity software, is regularly updated (monthly) on all systems and tested for interaction compatibility.
Backup and Disaster Recovery
Part of the HIA requires Clinics to have a secure and reliable backup of Clinic and Patient records. But Clinics are discovering that backups need to be combined with an effective Disaster Recovery Program, to ensure business continuity of the Clinic. Cyber Security Attacks (Ransomware), failed IT hardware, lost Internet connectivity, and facility damage are potential disasters that place your Clinic operations at risk.
Clinic Best-Practices to implement
- Image-based backups take a complete snapshot of critical systems and allow systems to be restored to previous configurations in the shortest possible time.
- Multiple encrypted backups are rotated and stored offsite (through removable media or secure Cloud storage), to guard against facility loss and provide an archived history of Clinic Data.
- Backups are regularly monitored for backup success and tested monthly through the random restoration of selected Data.
- A Clinic Disaster Recovery Plan is developed, reviewed, and tested (annually), through table-top exercise.
The Cyber Security landscape has changed drastically in the last 24 months. The ability of Cyber Crooks to monetize Cyber-Attacks using ransomware and Bitcoin, now has the attention of Organized Crime; it is a $5 billion-a-year industry. Cyber Crime poses 2 distinct threats: Ransomware that causes Clinic Data to be inaccessible, thus making Clinic Operations unviable – and the Breach that results in Patient records being stolen and sold on the Black Market. Either situation places a Clinic in jeopardy. Clinics need to protect themselves from a variety of Cyber-Attack vectors.
Clinic Best-Practices to implement
- Perform a Cyber Security Assessment that highlights the Technical and Physical vulnerabilities present in your Clinic – and makes recommendations to mitigate the risks.
- Implement hardware and software countermeasures, such as business-class Anti-Virus, real-time dynamic Firewall filtering, and perform regular firmware and software updates.
- Implement real-time vulnerability scans of your network to mitigate risks from rogue devices.
- Implement an Education Program to help Users identify and counteract Social-Engineering Attacks.
Featured below is the TRINUS-sponsored video recording of our Partner Jean Eaton's excellent December 9th, 2020, PIA Amendment Workshop
Jean Eaton, BA Admin (Healthcare), CHIM, CC, is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.
She is constructively obsessive about Healthcare Privacy, Confidentiality, and Security. Jean is an experienced leader in Health Information Management. She has worked with multi-disciplinary Healthcare Service professionals in primary, acute, and tertiary care facilities across Canada. Jean has successfully assisted primary care physicians, chiropractors, dentists, pharmacists, primary care networks, and other Healthcare providers, to develop Privacy Impact Assessments (PIA), Office Policies & Procedures, and Training, regarding the collection, use, and disclosure of Health Information.