Just What the Doctor Ordered: Data Security & Healthcare Compliance

Data security and healthcare compliance

Nashville is home to an extremely healthy healthcare industry. The nearly 400 healthcare companies that are based in Nashville contribute more than $38 billion and 250,000 jobs to the local economy. It is the area’s largest and fastest growing employer, and it has an increasing dependence on technology. Between hospitals, research facilities, private practitioners and professional service firms specializing in healthcare, this mammoth industry presents unique and vital tech opportunities.

At Concept Technology we work with many medical organizations and healthcare groups to ensure their systems are enabling them to offer the best patient care possible. Our expertise helps them stay current and compliant in this complicated IT space.

HIPAA Rules and Technology


Anyone involved in the healthcare industry—or who has spent time as a patient—is familiar with the Health Insurance Portability and Accountability Act (HIPAA) regulations. These high standards of privacy and security can lead to serious consequences if a healthcare provider, contractor or business associate is noncompliant. When it comes to confidential patient information, there is no room for error. While HIPAA has been in effect since 1996, a specific Security Rule was applied in 2005 and later expanded in 2013. The HIPAA Omnibus Rule enhances patient privacy protection in our ever-changing technology age. It set national standards for protecting electronic health information, and requires administrative, physical and technical safeguards for this confidential information.

When it comes to confidential patient information, there is no room for error.

For care providers, HIPAA procedures include performing risk analyses, implementing security management processes, evaluating the probability and impact of potential risks and documenting responsive security measures. And the best way to make sure those things are done comprehensively and correctly is to bring in IT professionals. Our engineers are continuously reviewing clients’ systems for a wide range of security issues. From encrypting the data on all electronic devices including computer systems, backups and mobile devices to controlling access to databases, we help keep providers compliant.

Breaking Down a Breach


Just as general security procedures are stricter in healthcare, so are the procedures that outline the responses to malicious tech hacks, should they occur. Crises such as viruses and firewall breaches require a detailed chain of events, defined ahead of time. These procedures not only help facilities remain HIPAA-compliant, they also enable the providers to continue to offer care if an attack were to occur. Stopping health services to patients in the event of unplanned downtime due to a breach is not an option.

The way remote access is handled can determine how easily a system can be breached and how quickly the source of that breach can be identified. Our team sets up secure VPN access and/or Microsoft Gateways, then assigns unique usernames for each person. That helps ensure the system is secure, but if something does go wrong there is also an audit trail that leads back to who caused the issue and when.

Stopping health services to patients in the event of unplanned downtime due to a breach is not an option.

Compliance is a Team Effort


Through our work with local healthcare-based clients, our engineers have discovered an important piece of the compliance puzzle: In order to become compliant and keep patients safe, security needs to be a collaborative effort among all departments within an organization. Each area and team must have a hand in and a level of ownership over the efforts. That means they must all be aware of the procedures being implemented and be on board with them. One of our engineering team’s greatest recommendations is to appoint a compliance officer who is in charge of bringing the whole company together. This is a step many companies do not make, and one that could improve their ability to keep their patients secure.

Need help with your healthcare technology needs? Contact our smart and experienced team!