Empowering the Biomedical/CE Professional
IT Buzzword Busting: The Cloud
If there’s one thing IT marketing and publishing groups are great at it’s coining, reinforcing and misusing technology buzzwords. I don’t aim to be cynical, so I will make an effort to separate the wheat from the chaff on the topic of cloud computing. This buzzword has become mainstream and actually does refer to important trending changes in the computing industry, but much like an actual cloud in the sky, the term also indistinctly refers to ideas that are hazy; vapor devoid of much substance. One of the most important trends that The Cloud refers to is the concept of...
Securely limiting medical device internet and remote access
Last month’s IT Update addressed how a few key network infrastructure systems facilitate data communication between devices. Building on that, it’s good to be aware of what is being transmitted to and from medical equipment and how that may affect operations and/or patient care. I believe two key starting points on this topic are Internet access and remote access. Thinking through the inventory of network connected medical devices you manage, how many have direct Internet access? Of these, how many require Internet access for the proper operation or support of that device? If there is a big difference in your...
Antivirus software on medical devices
Especially for windows based devices, antivirus (AV) software can provide security benefits in the form of detecting (and possibly protecting against) threats from malicious software. Common malicious software attacks to modern medical devices in the clinical setting are self-replicating worms within the hospital network, infected removable media introduced by clinical staff with physical access to the device, and myriad web-based trojans and drive-by downloads accessible on devices with Internet access and browser software. While AV software may be able to detect and prevent such threats, its presence can also introduce operational complications. The process of designating, approving, installing, operating, updating,...
Implementing data destruction policies to secure patient data
Many departments in a health care facility have overlapping duties and responsibilities for HIPAA privacy and security compliance. However, there is a standard on device and media controls which can rest squarely on clinical engineering throughout their work, and I think it’s important for technicians to be aware of the issues. Even more important is for the CE department to standardize on how the workforce will handle systems with electronic protected health information (ePHI) consistently. The HIPAA Security Physical Safeguard standards include § 164.310(d)(1), which requires covered entities (health care providers) to “implement policies and procedures that govern the receipt...
Introductions between CE & IT
This article is about introductions, so in the words of Austin Powers, allow myself to introduce… myself. I wrote last month about security and medical devices, a topic that I work in everyday as Chief Security Officer of eProtex. While my background is primarily in IT security, infrastructure, and operations, I have spent much of that time doing so within a clinical engineering company. This has given me the opportunity to have a foot in IT and at possibly a few toes in clinical engineering. From that, I’ve experienced many opportunities first-hand about the varied issues resulting from a gap...
Identifying The Most Vulnerable Devices to HIPAA Compliance
Since the enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 2003, the Department of Health and Human Services Office of Civil Rights has investigated and resolved more than 11,000 HIPAA violations, as reported by the Deloitte Center for Health Solutions. And since 2009, more than 7 million patients have been affected by data breaches. As the health care industry moves toward a fully automated system featuring electronic protected health information (ePHI) and clinical data warehousing, even more data is at risk and breaches are imminent. Despite the hefty fines and potential risks a breach can cause to...
