Recently I was asked to pull together a HIPAA article for some medical folks. HIPAA is the Health Insurance Portability and Accounting Act. Sounds Washington D.C. kind of important, eh? Well it is since, among other sundry red tape things, it is all about keeping your personal medical information secure while being stored in your doc's office or in transit between people and/or computers. You can only imagine how deep and wide this rabbit hole goes. Being that it involves technology, our IT practice is heavily involved in helping customers reach an acceptable level of compliance. This is true of HIPAA as well as SOX (Sarbanes Oxley) and PCI-DSS ( Payment Card Industry Data Security Standards). I see you yawning. Resist the urge and keep reading. Believe me when I say this is not a blog about compliance. Ok, so, these compliance standards are rooted in basic common sense, with a heavy dose of responsibility and a super-sized portion of technology control. For a while now, many have argued that these so-called standards were toothless tigers. And they were right. That is until we really started to become a mobile society.
Anyway, I
agreed to write this article so long as I could take a different approach. People (especially
doctors) don't need me to parrot volumes of regulations to them. They get this
every day from everyone else in their lives. I will go
out on a limb here and say it is the least favorite part of their day. So I
chose to do what I do best: use examples and analogies in order to get my point
across. Upon completing it, I realized that while this article was primarily
intended for medical folks, it would surely resonate with most of you. No, the idea is
not to paint doctors in a negative light. Much the contrary. I have a profound
respect for the fine folks in the medical community. The idea is to show how
easy these kind of things happen to all of us every single day.
I should point
out that the article slants towards the Mac side but absolutely applies to
Windows and Android as well. I chose this path
since most of us now live in mixed
worlds of Microsoft, Apple, and Google machines. Quite frankly, I believe most everyone is at least moderately aware of the
inherent risks involving Windows use. The same is not true on the Mac side. All
the more reason to make noise on this front given the growing number of Apple
devices finding their way into the corporate world. Continue reading and you
will see what I mean.
You're a doctor. You’re entering a special place in
our society. People will be awed by your expertise. You’ll be placed in a
position of privilege. You’ll live well, people will defer to you. call you by
your title – and it may be hard to remember that the word “doctor” is not
actually your first name - Alan Alda
Boy that sounded
good some years ago when you went to medical school didn't it? Now comes the
reality. And it goes something like this.
A Day In The Life
It's 11:00am and you
have a cancellation. Just enough time to grab a quick bite and get caught up on
some work. You steal away to the café downstairs to have a cup of coffee, late
breakfast, and extinguish your hair. Out the door.
Let me grab my smart
phone. Those test results should be here by now. My PA better not forget to forward the email
to me. She is the only one that knows where I am "hiding" right now.
Nothing yet. Ok, let me whip out the laptop. Ah, forgot the café has free WiFi.
Great! So nice that everything is web and remote desktop now. No more slow
programs on my laptop. A few emails, updating our patient information system.
Ugh. That damn password. So hard to remember and I am not at my desk to look at
that sticky note. Ah, right, I put it in my phone. Here it is. Open sesame!
Jeez, my laptop is running a bit slow. Making all sorts of noise. Seems like every time I open this thing there
are a hundred updates. It will need to wait until the next time. Where is the
"Not Now" button (Click
Here) ? Here it is. I will do it
later. Emails, emails. Let's see;
delete, delete, delete, read later. Hmmm. Ok, need to answer this other doc and
his questions about our mutual patient. Here is the info he needs. Convert to
pdf and off it goes with a cc to myself. What on earth did we do before email.
Hey, looks like one of my med school colleagues is going to be in town (at
least according to Facebook). Let me click this link and tell him I am here
tomorrow. Jeez, now my laptop is really grinding away. I am so "over"
this technology. It is supposed to make my life easier. Need to bring this steaming turd back
upstairs to our IT guy. So much for
getting work done.
"Hey, you're
infected and I need to reload your laptop" he says. Great. No laptop for
the rest of the day. Unreal. I bought this really expensive Mac because they
said it never gets infected. Explain that to me! Never mind. Guess I need to
rely on my...oh god...where is my phone? Must have left it in the café. I hope
no one grabbed it. Everything is in there! My pictures, my passwords, my
emails, account numbers, directions to my home...my entire life. And what about
the patient info? "Haven't seen it
down here, doc" says the
waitress. Holy cow this can't be
happening. Not to me. Not today. Not right now. It has to be here. If not, I am
totally screwed to the wall. How could I be so stupid to have all that stuff in
my phone let alone lose it. Oh god what have I done.
Ticket To Ride
Ok, so what just
really happened here? Quite a few things, some of which are not so obvious.
Let's start with the easy stuff. You
have a Mac. So one of those Apple Store baristas told you that you are
impervious to any type of infection, right?
If that is true, why do companies make antivirus software for Macs?
Hmmm. The reason is because they CAN get infected. In fact, 20% of Macs carry malware (Mac
Malware). And the number is growing . Folks, if I told you that it was
perfectly safe to leave all of your holiday gifts in an unlocked car while you
walked into the mall, you would give me a free ticket to the funny farm. Or you
would have me arrested for preemptive theft (if there is such a thing). Those
days are gone. So are bullet-proof Macs, or any other device for that matter.
Anyone telling you otherwise simply doesn't know.
So where were we? Oh
right, you are using your laptop on a public WiFi system with no firewall
between it and the Internet. You thought
you were immune, you never installed antivirus software nor any of those updates
- remember the "Not Now" button.
This is how you get infected...the easy way. And now for what you don't
see. Since the hard drive wasn't encrypted, all that data is leaping off your
device like a hot chili pepper, for all the world to see. You might as well go
on vacation with $100,000 on the dining room table, leaving all the windows and doors wide open and
announcing your departure as you drive down the street. Yea, it is that quick
and that easy. That "griding noise" you are hearing is not an update
or a virus scanner; it is the trojan yanking all the data from your hard drive
and sending it to the Internet. Sure a
hacker doesn't really cares about those pictures from Cabo or the pirated copy
of The Matrix. But they do care about those patient social security numbers and
that QuickBooks file you run around with.
Congratulations! Your data just arrived in the Cloud, without your
permission.
And what could be
easier than getting infected? Why giving away your phone of course. No physical
harm. No guns. No holdup. Just left it there for someone to grab. Yes, you
should be mortified, but not because you lost your phone; its because of what
was inside of it. And you knew better. But it was so convenient. And you never
thought you would lose it. That is why they are called "accidents"
and not "on purposes." Credit card numbers, SkyMiles account, patient
system passwords, combination to your rental house lock box, and your kid's
socials. Your IT guy told you to turn on the swipe lock. You didn't. He also
told you to install that remote nuke program. You know the one that would
locate and wipe your phone in case it got lost. Yea, on your todo list which
happens to be on your phone.
Fixing A Hole
With your head
buried in your hands, you didn't really
see this coming. This is as serious as it gets. Wasn't exactly what you had in
mind when someone long ago said your life could change in a moment. And why?
Because over the years you been conditioned to watch out for medical meteors
and not data ones. I'm talking about marginal insurance reimbursement,
unrealistic cash flow, malpractice and lawsuits...those kind of things. Getting
infected? Losing your phone? They sound so innocuous compared to the others.
But they can be far more dangerous with ripple affects felt for years to come.
Different kind of meteor. Just goes to show that taking a few of life's little
conveniences and adding a pinch of distraction can produce catastrophic
results.
You experience a
sense of being completely naked yet you are fully dressed, followed by a
feeling of emptiness and anger. It is at that moment that you "get"
what HIPAA is all about. While it seems
like it exists solely to make your
medical life a living hell, miring you in procedures and expense, it is really about protection. Protecting
patients. Protecting yourself. And protecting yourself from yourself. I submit
to you that it should be changed to stand for Helping Important Professionals
Acknowledge Awareness. Ah, the
difference a moment of pause can truly make.
Copyright © Richard
Harber, Decision Digital Inc. All Rights Reserved