February 24, 2006
Securing Your Desktops - Pod Slurping
Written by: administrator
Securing your desktop machines is probably one of the most important parts of any HIPAA policy. I have a feeling that this topic will continue to get more and more attention as time goes on and people get caught with desktops not being protected. This could definitely lead to a potential HIPAA Lawsuit that I’m sure you want to avoid.
The Healthcare IT Guy recently posted some good information on what is being called “Pod Slurping” where people with a small iPod can extract large amounts of data from your system. There’s some really great posts out there on what you can do with an iPod. When you add all the different types of USB memory sticks and other small data carrying devices you could get into some real trouble if you’re not careful. Protecting yourself against these types of “attacks” will be essential.
I really see two methods of protecting yourself. First, you could create a policy that these types of devices aren’t not allowed in your environment. While this is difficult to control it is definitely a step in the right direction. The key to this working is enforcement whenever somewhat violates this policy. If it is made clear that there are severe consequences for violating this policy it will give you a layer of protection.
Second, there are some new programs out there that are really gaining momentum and becoming a great(albeit expensive) option for the future. My favorite option is Cisco’s Security Agent. I trained on this product and it is very powerful. Because it is so powerful it is often not practical for the small doctor’s office. However, larger organizations should seriously look at this option. Not only can it protect your EMR from rogue usb and iPod devices, but can also minimizes the need for adWare and Anti-virus programs. There are many other software packages on the market that do this also.
I would suggest using a combination of these two ideas to secure your environment. If your software implementation is good you shouldn’t need to worry about the first method, but it is always a good idea to have it in case the software doesn’t work right. Plus, auditors like to see those type of policies.
- » EMR Sponsor
- » Recent articles
- Encouraging New EMR Users
- Selecting a Microphone for Dragon Naturally Speaking Medical 10
- Prerequisites for Achieving Interoperable EMR and EHR
- Virtual Healthcare IT Conference by HIMSS
- Reasons Small Practices Aren’t Implementing an EHR
- Benefits of Converting from Paper Chart to EMR
- One EMR Company’s View of CCHIT Certification
- CCHIT 2008 Ambulatory EHR Certifications
- The Medical Quack - Great Healthcare Blog
- Great Viral Video on EMR Benefits and Lack of Adoption
- » Archive Calendar
- » Reload this Blog
- » EMR and HIPAA Features
- Biometrics (RSS) (13)
- CCHIT Certification (RSS) (5)
- CCR (RSS) (9)
- College Health (RSS) (61)
- EHR (RSS) (64)
- EMR (RSS) (216)
- EMR Consultant (RSS) (18)
- EMR Consulting (RSS) (25)
- EMR Implementation (RSS) (78)
- EMR Sales Miscommunications (RSS) (10)
- EMR Security (RSS) (21)
- EMR Technology (RSS) (85)
- free emr (RSS) (1)
- HealthCare IT (RSS) (92)
- HIPAA General (RSS) (43)
- HIPAA Lawsuits (RSS) (5)
- HIPAA News (RSS) (4)
- HIPAA Training (RSS) (1)
- HL7 (RSS) (6)
- Hospitals (RSS) (5)
- Interfaces (RSS) (15)
- Medical Privacy (RSS) (26)
- open source EMR (RSS) (1)
- Patient Portal (RSS) (9)
- Personal Musings (RSS) (27)
- Pharmacy (RSS) (5)
- Security Rule (RSS) (20)
Medical Web Experts - Website Design for Doctors