Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

EMR Question and Answer: Domain Controlled Networks

Posted on June 22, 2010 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I got the following question from Brandon about the need to have a domain controlled network in order to comply with HIPAA.

I am currently trying to implement an EMR system in a small practice. I am trying to convince the parties involved that it is necessary to transition to a domain controlled network for security reasons even though this type of network is not required for our EMR system or its server. My understanding of HIPAA is that simply having a firewall does not qualify as a “secured network”. Am I right on this?

Brandon,
You are correct that just having a firewall does not likely qualify as a “secured network.” However, that doesn’t necessarily mean that you need to have a domain controlled network to meet the HIPAA security standards. You could still manually apply the domain security policies on to individual computers and achieve the same level of security.

Of course, the key word in that statement is the word “manually.” If you have less than 10 computers, then this probably isn’t a huge deal and can be done manually. Once you pass 10 computers (or somewhere in that range) you probably want to consider using active directory to manage the security policies on your computers. It’s much easier to apply policies on a large number of computers using active directory. Plus, you can know that the policy was applied consistently across your network.

You also shouldn’t ignore the other benefits of a domain controlled network. I’ve written previously about the benefits of things like shared drives as a nice companion to an EMR. Active Directory makes adding these shared drives trivial. It’s also a nice benefit to have a universal login that’s managed by the domain and can work on every computer in the office.

Plus, if your EMR runs on SQL Server and you buy a nice but inexpensive server with Windows Small Business Server, then you already have the software for active directory. So, it’s really an easy decision to use it. I’ve implemented it at a site with 5 computers and it’s been a great thing to have even if it’s a bit of overkill.

HIT Projects You Can Implement Today

Posted on November 30, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Many people are sitting their on the proverbial fence waiting to see what’s going to happen with the HITECH act and meaningful use before they actually go and implement an EMR. Now, I’m not going to let those people off the hook from evaluating and selecting an EMR. That should be done anyway. However, lately I’ve been thinking that many of these clinics shouldn’t be waiting to implement technology in their offices. Sure, EMR is a game changer and a major change for any office and has tremendous upside (regardless of stimulus money). However, for those of you in the wait for HITECH act money camp, there are still a number of IT projects that you can implement today that will benefit you once you actually implement an EMR. Here’s just a few of them:

Fax Server – This is a HUGE game changer for those that have an EMR. The medical world still revolves around the fax machine and will for a long time to come. Implementing a fax server in your office is a great first step to prepare your office for an EMR. Plus, it can save a lot of paper. For example, you can just delete all those “spam” faxes that you get. Fax servers are great and by having it installed and your users trained on how to use it so that when you implement your EMR you can just directly upload your faxes into your EMR without ever printing out the fax.

IM (Instant Messaging) – I’m amazed at how useful our clinic has found IM to be in our office. It’s a great way for the nurses to communicate with the clinicians, the clinical people with the front desk and the nurses with each other. You do have to manage when to IM versus a phone call versus an email (or secure EMR message once you have an EMR), but there’s sometimes that an IM is a perfect way to communicate in a clinic.

Shared Drives – Setting up a shared drive for your office is simple to do and can save a lot of time. I’m surprised how many offices don’t use this. It’s not the best thing for patient data, but there are hundreds of other office uses for a shared drive to prove beneficial. Ideally this would be setup on active directory, but even if you just manually map a shared drive it can work well in a clinic.

IT Infrastructure – Good IT companies will come and do an analysis of your current IT setup for free. They’ll also give you an idea of what things you could do now that will prepare you for your EMR implementation. Plus, even if you don’t do some of the things until you get closer to implementing an EMR, it’s good to know the weaknesses in your IT infrastructure early so that you can make that part of your plans.

Those are just a few examples. I’m sure some will also mention ePrescribing on this list. I’m not totally sold on that idea, but would love to hear people who disagree. What other technologies can clinics implement now regardless of their EMR purchase?