The Russians have a saying that was adopted by President Ronald Regan during the cold war.

“Trust but verify.”

Your orthopedic group or surgery center already has someone caring for your IT maintenance and IT security.

But here’s the question.

How do you know whether or not they are competent and effective in these two sizeable tasks?

Let’s face it.

You hired that person or that outsourced IT support company because you don’t know the inner workings of technology.

You want to USE your computers, tablets, and smartphones. But you don’t want to be involved in endless and mind-numbing, updates, tech manuals, and patches.

You’re running a large organization, and you don’t have time – or interest – to do your own tech support.

So we make a complete circle back to our original question.

How do you know whether your current IT support people are doing a good job and that your IT systems are secure, efficient, and compliant?

To put it bluntly, you don’t.

You’re putting trust – and a lot of responsibility – into the hands of your IT people.

Did you know?

  • The AMA and Accenture tell us that 83% of US physicians have suffered a cyber attack.
  • Of the 1300 doctors surveyed by AMA and Accenture, almost three-quarters (74%) were worried about the impact that future attacks could have on their organization.
  • 74% of those surveyed were concerned about the current security of patient records.
  • 53% expressed concerns about patient safety.

In a recent press release, David Barbe (AMA President) said, “The important role of information sharing within clinical care makes health care a uniquely attractive target for cyber criminals through computer viruses and phishing scams that, if successful, can threaten care delivery and patient safety. More support from the government, technology and medical sectors would help physicians with a proactive cybersecurity defense to better ensure the availability, confidentially and integrity of health care data.”

Because the threat is real and growing, the question of your IT security personnel’s competence is more important than ever before.

Just because you lead a mid-size to large orthopedic surgery center or orthopedic group and can afford to hire IT personnel or outsource your IT work to a local IT services company doesn’t mean you are safer than the small practice down the road.

The statistics say just the opposite.

According to the AMA/Accenture study, mid-size to large healthcare organizations are twice as likely to be the target of and suffer from a cyber attack.

What are the most common avenues these cybercrime syndicates leverage to steal confidential information from healthcare organizations?

  • Phishing – 55%
  • Computer Viruses – 48%

But the bad news for mid-size to large orthopedic groups and surgery centers doesn’t end there.

A 2017 report from Protenus showed that 41% of data breaches in that year were connected to employee error or crime.

Back in 2014, Forrester Research reported that lost or stolen mobile devices accounted for 39% of the security breaches in healthcare.

While a cyber attack causes an average of four hours of downtime for a small practice, a mid-size to large orthopedic organization loses an entire day of productivity in 29 out of 100 cases.

You’re a physician, and you know those aren’t great odds.

You also know how much money your surgery center loses if you’re down for an entire day.

Having the right people at the helm of your IT security efforts will help you share health records securely and meet compliance requirements.

A full two-thirds of respondents to the survey in question are convinced that if organizations could securely and efficiently transfer patient records that it would improve the quality of patient care.

While many larger organizations like yours have embraced EMR and have established protocols for the electronic transfer of health records, there are still physicians and organizations that have concerns about the process. Their concerns range from patient confidentiality and insurance/liability issues to the possibility that human error in an EMR could negatively influence the opinion of a physician giving a second opinion on a case.

Obviously, there is more to the sharing of EMR between organizations than simply the security of the EMR, but still, it’s essential that organizations deal with the issues that can be controlled. Readiness to battle a cybersecurity threat is one of the things that orthopedic groups can control. This readiness requires having competent IT professionals on your side and that your organization has a structure in place to evaluate how those IT cybersecurity consultants are doing in regard to securing the organization against unauthorized data access.

What about HIPAA Compliance?

With all this alarming information surrounding the IT security readiness of mid-size to large healthcare organizations, the obvious question is, “Where does this leave healthcare organizations in relation to HIPAA legislation?”

Of the physicians surveyed in the AMA/Accenture report, 87% thought that their practice was compliant with the technology requirements of HIPAA. But at the same time, 66% had questions about HIPAA and IT compliance

It’s obvious from these numbers that there is a false sense of security among mid-size to large healthcare organizations in regard to HIPAA compliance.

Kaveh Safavi of Accenture said, “Keeping pace with the sophistication of cyberattacks demands that physicians strengthen their capabilities, build resilience and invest in new technologies to support a foundation of digital trust with patients.”

If your orthopedic group or mid-size to large orthopedic surgery center is looking to hire new outsourced IT security professionals or get a second opinion on the effectiveness of your current IT support personnel, what qualifications should you be looking for?

Looking for more outstanding articles to help your orthopedic group or surgery center be more secure? We have some fantastic reads for you HERE.