EMR and Security: What You Need To Know
InformationWeek recently published an article about the rise in fraud and identity theft due to stolen Electronic Medial Records (EMR). Posted on March 26, Nicole Lewis, an InformationWeek contributor claims that exposure of electronic medial records has risen from 3% in 2008 to 7% in 2009. That is an increase of more than 100% in just one year.
EMR's are a hacker's dream. Not only do they contain social security numbers, addresses, and insurance numbers but they also keep record of past illnesses and sometimes even credit card numbers. What makes it even worse is that it takes more than twice the time and money needed to detect medical information fraud in comparison to other types of identity theft.
In January 2009, then President-Elect Barack Obama announced that he wants to push for Electronic Medial Records for all Americans in five years. A month later, when passing the economic stimulus bill, a specific section of the bill was dedicated specifically towards EMR adoption. EMRs are beneficial in that they streamline information and can save money and time, as well as reducing paper waste. Yet, with a nation heading in that direction, do we have the security in place for a widespread EMR network?
If your company stores personal data such as EMRs, the first step in checking the security of the data is to have a security assessment performed on your network. The assessment is administered on all of an organization's computers, servers, and business processes. A report is then made outlining detailed information about the network, identifies any security vulnerabilities, and offers improvements to make the system secure.
Many states require certain standards for organizations that store and maintain personal data. A different assessment should be performed to make sure that the network is in compliance with state regulations.
The company should also have a Backup Disaster Recovery (BDR) system in place. A BDR takes continual "snap-shots" of a system and stores them. If for some reason the network shuts down, all of the data can be retrieved from the BDR to resume normal system functionality.
NSK Inc, a leader in IT consulting for small to medium sized businesses, is fully equipped to handle all of your needs. Among their service offerings are:
NSK Inc's knowledgeable staff will perform a thorough network assessment to identify and solve system vulnerabilitieS. NSK is CISSP®, CCNA®, and CCENTTM Certified.
Massachusetts Personal Information Compliance Assessment (MPICATM) scans your organization's computer systems to make sure the security meets Massachusetts General Law regulations for storing personal data.
An advanced BDR that takes continuous snapshots of your data in timed intervals. PavisTM is monitored and maintained by NSK Inc without the need for tapes or in-house administration.
For More Information Please Visit