eProtex Announces Complimentary Security Audit and HIPAA Guidance for Healthcare Providers
Focus on hidden data security threats associated with medical devices
INDIANAPOLIS, IN, January 14, 2011
eProtex, a data security company specializing in the hidden risks of connected devices, announced today that it is offering a complimentary security audit to help healthcare providers identify networked medical devices that may be vulnerable to hospital-acquired computer virus infections (HAIs). Generally, HAIs are associated with a patient's medical treatment. However, another type of HAI poses a major threat to many healthcare delivery systems: one associated with the connected medical devices on a hospital's IT network.Medical devices are usually overlooked by a provider's main IT security system because they are hidden from a healthcare facility's mainstream communications hardware. However, because they store or transmit information, these devices still present a significant threat to electronic protected health information (ePHI) and the safe delivery of patient care.
In recent years, an explosion of software-enabled devices—including surgical lights, sponges, smart pumps, ventilators and smart phones—have permeated healthcare facilities. Even some hospital bed rails operate on software systems. The problem is no one is tracking these devices—even their location is often unknown. If a device can't be located, it is impossible to determine its vulnerability to malicious viral infections, security breaches or HIPAA violations.
"Since these devices have software operating systems, they are potential carriers of crippling viruses," explained Earl Reber, executive director of eProtex. "If you plug an infected device into a networked USB port, it can infect all other devices on the network." Among the many reasons why this problem is difficult to address is the fact that these devices reside in a data security "Neverland" between the IT department's responsibility and the domain of clinical engineering. As a result, a plethora of unsecured devices languish in this gray area, and they have the capability to bring down the entire IT network.
"Our intent in providing a complimentary security audit is to help providers pinpoint and track these devices, assess their threat to ePHI and HIPAA compliance, and determine potential adverse effects on patient care delivery," added Reber. Alternatively, the eProtex expert team offers a complimentary HIPAA Security Policy review, complete with recommendations for one HIPAA policy related to ePHI and network medical devices per facility. "Providers can then build on that foundation to establish ongoing policies and procedures for meeting new healthcare standards and ensuring quality care in the future."
eProtex is the nation's first data security company specializing in the hidden risks of connected medical devices. Built by the healthcare community for the healthcare community, eProtex is a member of Ascension Health, the nation's largest nonprofit healthcarenetwork. [www.eprotex.com]