What the Allscripts Case Means for Cybersecurity in Healthcare

A few weeks ago, it was announced that the major EHR (electronic health record) company Allscripts Healthcare, will be forced to pay a huge financial penalty for a data breach that exposed patient data in 2018. Many healthcare providers have been scrambling ever since, desperate to make sure their clinical software is positioned for secure and compliant use. We’re on a mission to help healthcare practices of all shapes and sizes do everything they can to uphold compliance and maintain patient confidentiality.

Dissecting the Allscripts $145 Million Penalty and Understanding How to Avoid a Similar Fate

Everything you need to know about ensuring your practice’s EHR solutions is compliant and secure

In 2018, Allscripts Healthcare was hit by a devastating ransomware infection that left their critical systems down and out and patient data exposed. It took the company days to restore their systems and get thousands of users back online. However, the trouble didn’t stop there. Due to the widespread exposure of patient data, the breach was investigated and Allscripts was to be held accountable.

It was only recently announced that Allscripts Healthcare will be forced to pay a $145 million-dollar penalty because of the breach and patient data exposure. Allscripts was found to be in violation of HIPAA and the EHR incentive program in the HITECH Act related to Practice Fusion, a company acquired by Allscripts in 2018. By paying the multi-million-dollar settlement, both Allscripts and Practice Fusion will be absolved of all criminal and civil liability related to the breach.

The story has left many EHR companies – and their healthcare clients – feeling nervous. Patient health records contain incredibly sensitive information and clinical reputations live or die on confidentiality standards. Not to mention, no company or clinic wants to be forced to pay a major fine for an out-of-the-blue cyber-attack. That’s why it’s critical to be vigilant and proactive in your effort to uphold HIPAA compliance and protect patient data. However, many healthcare organizations don’t know where to start. Don’t sweat it – we’ve got you covered.

Escape the Allscripts Fate: Strategies for Maintaining Information Security & Compliance in your Healthcare Office

The fact of the matter is, the best way for healthcare practices to avoid the Allscripts fate is to get completely secure and compliant. However, this means more than just doing a quick review of your existing information security measures. A truly strategic and all-encompassing approach to clinic information security needs to happen from the bottom up.

Here are the steps you should take to optimize information security in your healthcare practice:

  • Take an inventory of the IT resources used in your practice – Start by accounting for all the IT resources your practice relies on regularly. Make sure to take note of all hardware and software that every member of your team uses. This could include desktop devices, EHR and scheduling applications, IoT technology, mobile devices, communication tools, and more. You’ll only be able to strategically lock down your information network once you’ve accounted for all its moving pieces.
  • Develop an ‘all-hands-on-deck’ approach to information security at your practice – Talk about information security with both your clinical and administrative teams and establish an ‘open door policy’. By including your entire team in conversations about information security you’ll be emphasizing the critical importance of the issue and you’ll be making it clear that team members can come to you with specific concerns.
  • Get hardline policies and procedures on paper – This may seem tedious, but it’s critical to get concrete information security policies and procedures on paper. Make them clear, easy to understand, and easily accessible for all members of your team. This will once again stress the importance of maintaining the highest cybersecurity standards and will also serve as a great reference guide in the face of an expected breach or breakdown.
  • Don’t forget about third-party service providers – Healthcare practices are in contact with countless third-party service providers on a daily basis. You must not forget these interactions when working to improve your information security effort. Talk directly with service providers – especially the vendor providing your EHR software – and learn about their cybersecurity policies and liability parameters directly. This will help make sure everyone is on the same page about maintaining the secure and compliant transmission of patient data.
  • Train your team – The reality is, most data disasters happen as a result of internal human activity. This means that in order to mitigate the risk that your own employees pose, you must train them about emerging cybersecurity threats – specifically those that target sensitive patient data. Invest in cybersecurity training software that will help your team learn how to identify and respond to threats efficiently.
  • Put together a long-term security plan – Unfortunately, information security for healthcare practices isn’t a one-off job. Keeping your network secure will require regular attention and strategy. Prioritize ongoing patient information security planning and be sure to account for how things might change so that your security effort can adapt efficiently.

Finding Information Security Support for Your Healthcare Practice

Now that we’ve gone over some of the key ways you can prioritize patient data security and compliance in your practice, all you have left to do is put the wheels in motion. However, finding the time to create and implement a fool-proof patient data security strategy can be nearly impossible for busy healthcare professionals. We know this because we have been providing data security support for healthcare practices of all kinds since 2007. The best advice we can offer you is to partner with a team of professionals.

When you decide to work with a team of IT experts, you’ll be going a long way in terms of making data security and compliance an ongoing and well-maintained priority. No more wondering if your system could be monitored better, no more questioning if your data security policies are compliant. A team of experienced IT professionals for healthcare practices will be able to help you get covered and compliant from end-to-end.

If your healthcare practice is working towards improving patient data security, we welcome you to reach out to the team of IT professionals from HitsTech. We have over a decade of experience helping healthcare clinics like yours take a more secure, strategic, and compliant approach to patient data storage, access, and transmission.

Don’t wait for the next data disaster to hit the headlines – take action today by partnering with a team of compliance-savvy tech experts. We’ll help ensure every inch of patient data is secured – both in transit and at rest. Reach the HitsTech team anytime at (828) 695-9440 or sales@hitstech.net.

Need More Information?

HitsTech is focused on bringing the right information technology solutions to organizations throughout North Carolina.
We welcome you the read some of our latest blog posts and technology articles.