We recently received a call from a dentist in Arlington who was complaining about his current IT company. Their techs weren’t responsive, didn’t know what HIPAA compliance was, hadn’t encrypted their emails, and weren’t sure if his practice’s data was backed up. Plus, he was concerned about downtime costing him money. He was right to be concerned.
This IT company wasn’t taking proper care of his dental clinic. Without reliable, secure and peak performing technology, and a capable IT provider who understands what dental practices need today, you’re not only risking your HIPAA compliance–you’re risking downtime–and being down can cost you money.
1. A Help Desk Staffed By IT Professionals
If you have to wait hours, or even days for IT support, you can’t care for your patients and keep your practice running as it should. Fast IT issue resolution keeps your staff working. Your IT company should provide a 24/7 Help Desk staffed by professionals who are familiar with your technology infrastructure and can resolve issues quickly, either remotely or by paying a quick visit to your office. This prevents IT downtime that can cost you money.
2. HIPAA IT Compliance Services
Your IT company should do the following to ensure you are following HIPAA IT Security Best Practices:
3. Email Encryption
Email encryption protects the contents of your emails from outsiders. When an email is encrypted, it’s no longer readable until it’s unlocked and decrypted. Did you know that HIPAA requires that any email containing ePHI must be encrypted? Email messages must be secured in transit if they contain ePHI and are sent outside a protected internal email network, beyond the firewall.
HIPAA also requires that you implement access controls, audit controls, integrity controls, ID authentication, and transmission security to:
4. Managed Backups That Are Reliable & Recoverable
Is your present backup plan immune to today’s lurking dangers that could sabotage your dental practice? A strategic backup and disaster recovery plan can ensure your clinic’s survival no matter what comes your way. Your IT company should provide enterprise-based cloud backups, computer hard drive backups, and complete data, hardware and system recovery services.
When was the last time they tested your backup system and restored data? Was it fast and easy? Was all of your data recovered without errors? Data quality, breadth, depth, and speed of recovery are essential.
Your IT company should use the latest automated tools to make sure your data will always be available:
5. Remote Monitoring & Management (RMM) To Prevent Downtime and Security Breaches
All of your workstations and servers must be connected to an RMM tool that monitors their behavior. RMM proactively monitors network and computer health. The RMM also sends regular updates to operating systems, like Windows updates (on workstations and servers) to make sure all vulnerabilities are patched as soon as a manufacturer discovers them.
6. Firewalls & Antivirus and Anti-Malware
All web traffic should pass thru a firewall that applies multiple security functions like anti-virus, anti-spam, content filtering, and web filtering. Content filtering prevents access to items that would be harmful if opened or accessed. The most common items filtered are executables, emails or websites. It works by matching strings of characters – when the strings match, the content isn’t allowed.
Web filtering directs users away from specific URLs or websites that may be infected with ransomware or other viruses. It prevents their browsers from loading pages from these websites.
Rather than using free solutions in Windows, your IT provider should use a more sophisticated, higher-level software that includes a centralized dashboard of all devices and notification capabilities. It should be installed on all of your computers and servers.
7. Dark Web Monitoring
This ensures that hackers don’t steal your employees’ credentials. For example, if an employee entered a webmail username/password on a home or a public computer that was infected, their credentials could end up in the wrong hands. How would you know if this happens? Your IT provider can provide an inexpensive service that scans the Dark Web for your practice’s domain and reports any compromised credentials.
8. Periodic IT Assessments
Your IT provider must perform periodic assessments of your network. For some dental clinics it makes sense to do this every month, and for others, once a year.
Security assessments use software that scans your IT network. A technician will also ask key questions. This is necessary even if all the security tools we’ve mentioned have been implemented. Because things change (for example new software devices are installed without the IT provider’s knowledge), this can lead to security vulnerabilities.
9. Security Awareness Training & Education
No matter how many tools you implement, there’s always the chance of human error. Most phishing, ransomware, malware and virus attacks come in through email. So, it’s important to educate yourself and your team about how to recognize email threats.
Ask your IT provider to configure an inexpensive tool that will email fake attacks to all the users in your dental practice. If a user clicks on it, he/she is notified that this was an imitation attack and that they’ve been enrolled in the security awareness training (reading material and videos). The simulations will continue with regular frequency. This process will inevitably improve your team’s knowledge and prevent them from causing ransomware attacks.
Being down can cost you money. If your IT provider doesn’t offer all these services (and more), it’s time to look for another. NOVA Computer Solutions in Woodbridge, Virginia specializes in IT Service & Support for dental practices in the DC Metro Area. Contact us for a complimentary IT assessment to ensure you’re receiving all the services you require.