Best Practices for Maintaining and Securing your ABELMed System

There are several ways to protect the PHI stored on your computer systems and when that data is in transit. Here are some best practices that should be followed to ensure your data is safe and secure.

ABELMed leverages the industry standard Microsoft Windows operating system for authentication, password rules, etc. There are several products available that provide two factor authentication for Windows logins. Given the very sensitive nature of Protected Health Information, and the high risk and cost of privacy breaches, we recommend implementing one of these technologies to strengthen security around user authentication in your practice.
ABEL recommends business grade router/firewall appliances that have features like Intrusion Detection and Intrusion Prevention capability IDS/IPS. While having such appliances in place helps it is best not to “set it and forget it”. Ideally monitoring and checking of alerts and logs, both appliance and computer logs, should be a regular ongoing practice. This allows detection follow-up and adjustment when required. When such activity is performed regularly and properly documented, incidents can be quickly detected and acted upon. There will be no question that you have been performing your “due diligence” should a breach occur. Most practices do not have suitable expertise on staff to review these alerts and logs. Third party Managed Detection and Response (MDR) services are recommended for this role.

The importance of installing Windows Updates

Ever wondered why it’s important to install the Windows Updates?

Most of them include security updates. Security vulnerabilities can be exploited by malware or hackers. These types of situations are regularly identified in various parts of Windows – ActiveX, Internet Explorer and .Net Framework are just examples.

Other updates address other bugs and issues in Windows. Even though they are not responsible for security vulnerabilities, they might impact the stability of your Operating System, or impact applications you are using.

Windows Updates also come with new features, while patching some known issues.

Most computers have Windows Updates set up to “Install Updates Automatically”, which is the recommended setting. However, you also have the option of manually checking for updates if preferred.

It is highly recommended to keep all of your computer workstations updated with the latest Windows operating system versions and service releases.

Ransomware and the failure or theft of an office’s computer, hard drive, network or operating system can be catastrophic for a practice. In addition, environmental threats and hazards such as fires, storms, floods, power failures, and electrical surges can cause serious – sometimes irreparable – damage in the absence of proper planning.

What's at risk?

The loss of financial records, patient files, documents, appointment schedules, and more! Once this data is gone you may not be able to replace it without a proper contingency plan.

For your Peace of Mind, we offer Remote Data Backup and Disaster Recovery Virtual Server Services that provide an efficient, affordable way to put systems in place to help recover your valuable practice data.

It is strongly recommended to implement a secure internet based data backup system to help protect and recover your valuable practice
Data in case of any disaster. This should be in addition to any on-site data backup systems you may already have in place.

The Data Backup solution you select should provide you with the following:

  • safe, advanced encryption of your data in transport and in cloud storage
  • an automated, online, remote service with no manual effort required on your part
  • access to your data backup when you need it
  • a retention schedule preserving data for up to 1 year
  • summary reports emailed daily