How do you protect your data and meet regulatory compliance guidelines with a limited IT staff? This ebook discusses six measures skilled nursing facilities can take to follow best practices for security and business continuity.
Tag: Senior Care
Step-by-Step EHR Migration Checklist for Senior Care Facilities
Ownership changes are a fact of life in senior care. When a nursing home or LTPAC facility changes hands, you’re often faced with the challenge of migrating the electronic health record (EHR) system to a new platform — without sacrificing or impacting continuity of care. At FIT Solutions, we’ve supported many of these migrations. Over time, we’ve developed a roadmap and set of best practices for efficiently and successfully completing the handover to new ownership.
EHR Migration Roadmap: Planning Ahead
Preparation is key. In our experience, the more attention you pay to the first four steps here, the less likely you are to encounter unplanned obstacles downstream that could substantially delay your migration.
- Determine the migration type. We anticipate that as the new owner, you’ll be using an EHR system hosted in the cloud. There are so many advantages to a cloud-based system that hardly anyone hosts their instance on-premises in their own data center anymore. Here are the possible scenarios.
- EHR to same EHR. If the outgoing and incoming owners use the same EHR system, the migration can be as simple as spinning up a new instance of the software in the cloud and copying the database over. Not all of the steps in this checklist will apply to you, but most assuredly, some of them will.
- Paper records to EHR. In some ways, moving from paper records is more straightforward than migrating across different EHRs. You’ll need to do some scanning and have the resources to do that available to you.
- EHR to different EHR. The majority of the time, this is the scenario you’ll be dealing with.
- Obtain and inspect the final letter of agreement. We can’t emphasize this enough. You need to have the sale confirmed and letter of agreement finalized several months before the migration. The letter of agreement spells out whether the pre-existing computing, network and telephony equipment comes along with the sale. It also spells out which EHR records you’ll be allowed to copy. Policies vary from seller to seller — sometimes widely. The letter of agreement dictates what information you can migrate, and how. You can’t presume anything.
- Assess the willingness of the outgoing owners to cooperate. Regardless of what’s in the letter of agreement, reach out and get an idea of the outgoing owner’s willingness to share information, grant access and respond to your inquiries. The entire process will go much smoother with a cooperative seller. Some limit access and support. Enlightened sellers understand that transferring ownership supports their overall strategy, and is just part of doing business.
- Conduct a coordinated site survey. If you can, go onsite well in advance and do a thorough walk-through and site survey. Ideally, the IT team as well as electrical and other contractors will all go at the same time to work through and plan any potential changes. Typically, there is some IT work that’s dependent on the electrical work. This includes the need to relocate electrical outlets and network drops, or add new ones to accommodate new kiosks, Wi-Fi access points or other equipment. If backup power isn’t in place, this is the right time to rectify that shortfall if budget allows, or to at least put a contingency plan in place. Verify that there’s a contract for the essential electrical work, and clarify who owns it.
EHR Migration Roadmap – Setting the Stage
Once you understand the landscape, it’s time to start preparing the environment for the new EHR.
- Purchase new equipment as necessary. Assuming you’ll be allowed to take over the old equipment, cloud-based EHR systems can often run on older hardware. However, the browser needs to be up to a certain standard and the hardware needs to support it.
- Complete the electrical and cabling work. If any electrical service and network connections need to be provisioned to accommodate relocated computers, servers or Wi-Fi access points, schedule that work so it’s complete before the IT teams start to install the new equipment.
- Identify effective, tech-savvy and smart superusers. You’ll need to press some staff into service for two jobs: handling data re-entry to populate the new EHR with the most essential data, and to serve as support for the other users during the transition.
- Complete the IT-related work. This includes installing any new hardware, and configurations of the network, network devices, phone and/or fax systems. Now is the time to make sure that essential items are in place to support the transition, such as online storage and multifunction printers/scanners. If you’re switching ISPs, arrange for the connections. If you’re retaining the former ISP, make sure the contracts and new billing arrangements are in place to ensure continuity.
Migration Roadmap – Preparing to Execute
Two to three weeks prior to going live with the new EHR, start the process of migrating records to the new system and preparing your staff. You’ll be using paper charting during this interval, to cover any gaps.
- Contact the EHR provider to create a new instance of the software. Assuming you’re already a customer with existing accounts for your other facilities, this is likely a simple phone call.
- Prepare manual/paper processes to cover contingencies. During the time records are being converted and uploaded to the new EHR, you’ll need to have paper forms in place so caregivers can document their actions.
- Start superusers on the data migration or export to .pdfs. This is where your letter of agreement dictates what you can do. The profile and MDS documents can usually be electronically copied. Census or basic resident information can be often be migrated by a third-party provider. However, the core of the records, including care plans, assessments, orders and ADL tasks typically need to be output as .pdfs or scanned in from paper copies, and attached to the patient records in the new EHR.
- Put training materials in place. During the lead-up to adoption of the new EHR, make preparations to train the staff. Stage any training modules or videos, and ensure that all employees can access them. Set up a sandboxed system with simulated patient data, giving the caregivers the opportunity to practice. Prepare your superusers to conduct webinars and other training sessions, and schedule them during the first two weeks post-live.
- Plan for staffing and superuser coverage. During at least the first two weeks post-cutover, make sure that one or two superusers are available to cover for each shift. Clarify which resources, whether the superusers, IT services team or EHR support, are to handle specific issues such as how-to questions, password resets, Internet or Wi-Fi issues, email issues and access to shared drives.
- Execute training programs. Once the new EHR is populated with the essential data, you can roll out your training programs across all care teams. Rely on your superusers to train other nurses, CNAs and aides as you take the system live.
At FIT Solutions, we’ve handled and supported dozens of EHR migrations for senior care facilities. If you have an upcoming project or are planning an acquisition, feel free to reach out to our staff of experts. Give us a call at 888-339-5694.
Amazon Alexa & Google Assistant for Senior Care: 4 Considerations
There is tremendous interest in using voice assistants such as Amazon Alexa and Google Assistant in skilled nursing, LTPAC facilities and assisted living settings. The devices that access these technologies — most often an Amazon Echo or Google Home speaker — can be used in conjunction with smart home technologies to control lighting, heating and cooling, home entertainment, communication and other various systems. With simple voice commands, residents can turn the lights and off, set the thermostat, communicate with loved ones, create a shopping list, turn music on, hear the news and get the latest weather report.
These devices address various concerns around safety, promote feelings of independence, help seniors stay connected, and do a host of other very good things. Especially for those with limited mobility, cognitive issues or other challenges, voice control can be enabling for everyday life and contribute to overall well-being. When they are used in in conjunction with sensors and other smart home-enabled technologies, you can appreciate why so many facility designers are beginning to incorporate these into their plans.
Sensors can detect whether the resident is active or inactive, or whether the refrigerator or medicine cabinet has been opened. They sense movement and turn pathway lighting on to prevent falls. Smart water systems monitor consumption to make sure residents are drinking enough water. Medication reminders and pill dispensers assist those with memory issues.
We love the advantages these technologies offer, but allow us to point out a few potential issues for facilities to consider.
Connectivity Requirements
These technologies rely heavily on the cloud for their fundamental operation, including the voice recognition that makes them tick. The various sensors and other smart-enabled devices and technologies are likewise “Internet of Things” (IoT) devices. They’re Internet-reliant — and the more functions they provide, the more residents rely on them for their everyday living. It’s a whole new world when “the lights won’t turn on” triggers an IT trouble ticket. Having highly reliable, regularly monitored and redundant Internet connections with failover capability and sufficient bandwidth is absolutely essential.
HIPAA Considerations
When voice assistants are used for medication reminders, gathering healthcare data or other medical matters, HIPAA regulations come into play. Amazon has recognized the medical applications for its technology, and has entered agreements with some third parties in the healthcare arena to deliver services over Alexa that are “HIPAA compliant.” This means that the data is collected and stored by the third party in a HIPAA-compliant manner; it does not mean that any or every use of Alexa is “HIPAA compliant.” Even seemingly routine discussions about healthcare matters that happen to be picked up while the voice assistant is listening can lead to HIPAA exposure.
Wi-Fi Security Implications
Voice assistants rely on Wi-Fi for connectivity. If they’re going to be used for gathering and transmitting healthcare data that’s subject to HIPAA, they absolutely must be connected to the same protected, healthcare-dedicated Wi-Fi network that handles your EHR and other medical systems. Allow voice assistants on the guest-and-resident network only if they’re resident-owned and -installed, and you can be sure they’re functioning in a way that’s outside the reach of HIPAA.
Remember the Network
In our conversations with senior care facilities, the enthusiasm for voice assistant and smart home technologies is evident, and we share it! But we encourage you to keep the network and security implications in mind to ensure that these assets do not become liabilities.
At FIT Solutions, our managed IT services come with tools and expertise in network design and connectivity, monitoring and troubleshooting. If you have a project like this in mind, give us a call at 888-339-5694.
Team Onboarding—Best Security Practices for Senior Care Facilities
It’s a common adage in cybersecurity: humans are the weakest link in your defenses. Hackers still do manage to infiltrate networks directly, but more commonly, their preferred route of access is through your people. No matter how fortified your firewall or effective your antivirus, anyone could click on a link and fall for a phishing scheme or be fooled into sharing a password. The risks compound if you regularly take on new employees. Every system they can access also represents a potential entry point for a criminal. You not only need to be able to give employees access when they join, but more importantly, shut down all their access when they leave.
Here are a few suggestions to help you close down those security holes.
Automated Onboarding — and Offboarding
An account left open is an open opportunity. Terminated employees have used their unterminated access to steal information or otherwise take revenge. Successful crimes have also been committed when criminals exploit a still-open account after an employee has moved on. Once a criminal has a foothold, they can either use access to one system as a beachhead for escalating privileges or move laterally across systems to gain access to higher-value information. So each and every account with access to EHR, human resources, nutrition, directory services, accounting and other key systems leaves the others vulnerable. When an employee leaves, there’s no reason to leave those accounts active, but it’s easy to overlook one or two—and it happens all too often.
Solutions are available that automate the steps of onboarding. These make the process essentially self-service for the new hire and easier for everyone involved, including human resources and IT staff. Once configured correctly, with a single login the user can either automatically be given access to all the systems the role requires, or receive instructions on setting up new accounts or passwords. On the back end, any manual steps that system administrators need to take are flagged for action as part of a standard workflow. Most importantly, the chain of access and granting various system privileges is completely reversible. That is, when the employee leaves, the system cycles through a series of actions that remove the privileges of all accounts for that individual – and the security holes they represent.
These automation solutions take multiple forms. Sometimes they’re part of a Human Resources Information System (HRIS). This type of software automates the process for HR (payroll, benefits and similar functions) as well as IT. Software that handles only the IT onboarding piece is more commonly referred to as Identity Access Management (IAM) or Single Sign-On, among other terms. There’s considerable feature overlap among these categories of software. Make sure that any you are considering can automate onboarding to the specific systems you use.
User Education Services
Weak passwords, passwords shared across multiple accounts, a tendency to fall for social engineering ruses and ignorance of basic information security are all human-based vulnerabilities. Employee-education services have become an essential part of security. Enroll each new hire in these programs as an integral part of the onboarding process.
- Cybersecurity Awareness Training. This type of training instructs employees on how to spot phishing scams as well as good password hygiene and other precautions and security measures. Training can be self-paced online, via webinar or in-person seminars. Which option you choose depends on the third-party provider’s offering and what’s practical for your organization.
- Phishing Testing. This service sends simulated phishing emails on a regular basis, using the same social engineering tricks used by criminals. If an employee takes the bait, the service provider follows up and requires the employee to take further training. The IT or security department receives regular reports on how well the employees are doing overall, as well as an audit trail on which employees have completed the training.
One other service to consider is dark web monitoring, which crawls illegal online marketplaces looking for stolen login credentials for sale. If they find any credentials of your employees, you’ll receive an alert so you can delete the account or change the password to something stronger and more secure.
At FIT Solutions, we have partner relationships with many service providers who are the best in the business at what they do. We can assist you with selection, setup and ongoing best practices to support all of your new hires and also to close down access for former employees. If you would like to know more, give us a call at 888-339-5694.
PointClickCare or MatrixCare: Which for Senior Care?
If you’re considering an electronic health records (EHR) system for your LTPAC or assisted living facility, our experience with senior care clients tells us that there are two popular choices: PointClickCare and MatrixCare.
Which should you choose for your facility? Well, it depends.
First, let’s get the basics out of the way. Both are built with a strong LTPAC focus, which separates them from EHR systems such as Epic or Cerner that are more often found in hospitals and integrated health systems. Both are strong on HIPAA security compliance. Both include electronic medication administration record (eMAR) functionality. Both are delivered through a software-as-a-service (SaaS) model, which means you don’t have to maintain an onsite server, and updates, patches and data backups are handled for you. In our experience, both companies offer great support.
They differ in a few ways as well, and while we can’t recommend one system over the other, we’ll share those differences. Which system you choose depends on which of these issues matters more to you.
- Device support. MatrixCare is a Microsoft partner, and that’s reflected in the operating systems and devices it supports. The clinicians’ devices must run the Windows operating system and Internet Explorer. MatrixCare supports non-Windows client devices via either a Citrix virtualization client or Windows Terminal Services. While those scenarios are well-documented and supported, running the Citrix or Windows Terminal Server is the responsibility of your IT team. On the other hand, PointClickCare supports desktops, laptops, tablets and smartphones that run Windows, MacOS, ChromeOS or Android, and all of the popular web browsers (although not all modules support all combinations). If you want to run PointClickCare in a virtualized environment, it’s not technically supported by the company, but some facilities are doing so successfully.
- User Interface. The MatrixCare user interface is sleeker and more modern, but in our opinion, this is mostly a matter of aesthetics. Both are equally functional.
- Reporting and Analytics. PointClickCare offers reporting, but creating custom reports and analytics requires using a feature called Data Relay. It allows you to copy most of the data onto another server for running analytics. By contrast, MatrixCare has an Analytics Suite module that lets you make use of Microsoft Azure and PowerBI to develop analytics and create custom dashboards. Both of these scenarios require some degree of knowledge by your users and IT team.
- Audit trails. Our clients report that MatrixCare is stronger in this area, particularly at survey time.
- Redundancy. Both systems recommend that facilities have two Internet connections in case one connection goes down. However, in the event of an outage, PointClickCare suggests hourly backups of the eMAR records so clinicians can revert to paper charting. MatrixCare provides a mobile app that can work offline, and syncs the records back to the eMAR module once the connection becomes available again.
At FIT Solutions, we’re familiar with both of these senior-care EHR systems and our IT specialists are happy to support you, regardless of your choice. If you would like to know more, give us a call at 888-339-5694.
4-Step Strategy for Onboarding Senior Care Acquisitions
Consolidation through mergers and acquisitions is a fact of life in long-term, post-acute care (LTPAC). A typical scenario is a large, multi-facility operator buying a freestanding facility or small chain of facilities, bringing economies of scale that can make the acquired facilities more profitable. Part of what is acquired is the technology infrastructure. We’re often asked to come in as the technology consultant as part of these transactions. We help the acquirer understand what they’re getting and create a roadmap for shifting the operations from the old umbrella to the new. Allow us to share the benefit of our experience.
1. Start with a Thorough Inventory
Even if the seller has inventory records, inevitably, something gets overlooked. Often, there are items that were never documented. Current services and providers might have been switched and the information was never updated. Put together a very thorough list of categories of items to be considered, from computers to network infrastructure to service providers. Think from a process perspective as well: How is data being backed up? What about remote access? This can lead you to items that might be otherwise missed.
Then, sit down with someone from the seller’s organization who can help you work through the list to gain a fuller picture of the inventory. A good approach is to start from the perspective of the service-point entrance and work through the various segments of the network. What services actually come into the building? Typically, there is, at minimum, Internet, phone and television from one or more service providers that goes to a network room. From there, how do the services propagate out to the rest of the environment? What is the network layout? Finally, arrive at the end nodes and take into consideration the OS, systems accessed and the software and licenses involved.
2. Don’t Overlook Anything: Do an Onsite Analysis
Even with a detailed inventory, items get overlooked. Going onsite will fill in the gaps — and undoubtedly, there will be gaps to find. Sometimes, you may find items that individual departments installed without the knowledge of the IT department, or network closets that were nearly forgotten. Many facilities were not originally built with IT requirements in mind, so network infrastructure can be behind unmarked doors or in other unexpected locations. Once, we found a forgotten and critical medical alert server hidden behind a potted plant. Another time, there was an entire wing with several dozen wireless access points, but the points were hidden in the drop ceiling and were not included with the inventory.
Ask for administrator credentials to log in to the systems. Check network speeds and talk with IT and end-users to understand what the environment is like.
3. Clarify What’s Going to Get Transferred
When it comes to transferring IT assets, sellers have different policies. To limit their exposure to compliance issues raised post-sale, some will pull all end-user systems and servers offsite before the new owner takes over. Others transfer the computing hardware, but wipe the systems clean. Still others are willing to leave everything as-is, and simply turn the keys over. Even if the computing assets will remain in place, it is likely that the acquirer will be switching to new EHR and other clinical systems, as well as business systems, to put the organizational efficiencies into place that they expect to realize. The pre-existing hardware and systems might not be up to the task. Bottom line? No two onboarding scenarios are alike, so make sure both sides are clear on expectations.
4. Develop a Transfer Plan
Given the above, some difficult operational and financial decisions might need to be made. The decision to retain the pre-existing equipment or replace it has to be balanced against the financial realities of the upfront costs, alongside the operational downsides of systems that can’t meet performance standards.
Above all, LTPAC, senior care and skilled nursing facilities deliver care 24/7. There is no option to shut things down for a weekend to make the switch, as might be possible in some other industries. Making older equipment work could be false economy, because it typically involves workarounds or finding fixes for systems that are past support. That means the transition takes longer and front-line care workers need to contend with more downtime or even resort to paper charting. All of this needs to be accounted for to arrive at a transfer plan that makes operational and financial sense, adheres to regulations, and preserves continuity of care.
At FIT Solutions, we’ve done dozens of onboarding projects and have complete systems and procedures in place for streamlining IT transfers in merger and acquisition scenarios. We account for the business realities and care-delivery issues, as well as the IT aspects. And since every scenario is different, we never stop learning, refining and improving our methodology. If you’re considering an acquisition, let us pave the path for you. Give us a call at 888-339-5694.
Ransomware Wakeup Call: 4 Tips to Protect Yourself
It’s a sad fact that criminals often prey on the most vulnerable. This was proven true in the ransomware attacks that impacted LTPAC facilities during November. Not only were the facility operators victimized, but sudden lack of access to medical records profoundly impacted their ability to care for patients and residents.
This incident was first reported by journalist and investigative reporter Brian Krebs. More than 100 facilities were impacted, and the ransomware cut off access to critical systems, including access to patient records, client billing, phone systems, internet service and email. The scope of the attack was audacious. The threat to peoples’ lives was deplorable. But most galling to us, as IT service providers, is that the incident was so preventable. More on that below.
Why Healthcare is Such a Tempting Target
In this case, the perpetrators were identified as a Russian gang, an adversary well-known among security experts. What’s clear here is that criminals don’t care that their actions could actually endanger peoples’ lives. They go after healthcare because lives are at stake, and they know that many healthcare organizations don’t have extra dollars around to invest in security.
Smaller and mid-size organizations are often the targets of choice. Health systems serving smaller communities, community hospitals, group medical practices, specialty centers, rehabilitation providers and dental practices have all been ransomware targets. Some have even had to close their doors after an attack.
A Few Ounces of Prevention Can Go a Long Way
Here are some of the ransomware prevention measures that we recommend and put in place for our clients. These are standard security practices, and aren’t necessarily more expensive than what you’re doing right now.
- Enact an anti-ransomware group policy on computers. Use a Windows Group Policy Object that prevents unknown executable files from running in temporary folders or in the AppData folder. Almost every single ransomware variant we have seen runs from one of these locations.
- Segregate cloud resources. Use a provider that can deliver a private hybrid cloud — not a public cloud where your data and applications are pooled with those of other companies. That protects your company in case another becomes infected with ransomware. You don’t want their problem becoming your problem—and everybody else’s.
- Separate backups from network shares. The ultimate protection against ransomware is maintaining regular and up-to-date backups so you can restore from them if an attack encrypts your data and makes it unreadable. But don’t store your backups on your network, accessible through a mapped drive, or the attack could compromise your backups, too.
- Bolster your endpoint protection. We’re presuming you already have antivirus in place. Because ransomware is a targeted attack, the criminals take care to alter their executable files, so signature-based antivirus isn’t very effective. Consider switching to an endpoint protection product that employs a “defense in depth” strategy rather than just relying on signatures.
At FIT Solutions, we supply IT services to many senior care organizations including assisted living and LTPAC facilities. We urge you to implement the tips above; you can do them yourself. Of course, if you’d like help, you can always call us at (888) 339-5694. We’d be happy to partner with you to protect your organization from ransomware.
8 Steps to Mobile Device Security for Senior Care Environments
National Cybersecurity Awareness Month, observed each October, promotes heightened awareness of the importance of computer security issues. This year’s theme is “Own IT. Secure IT. Protect IT.”
The first — Own IT — refers to taking responsibility for security. While much of the focus of the messaging is on individual security, there are some timely reminders for business environments as well. This is especially true for our FIT Solutions customers who use mobile tablets to access EHR and other clinical systems.
Your internal network contains protected health information, and for HIPAA compliance, you must be absolutely sure that any connected devices are secure. Here are the best practices we recommend:
- Secure Your Wi-Fi.
This is vital for LTPAC environments. Offering Wi-Fi to patients and their guests is a standard business practice, and is essentially an expectation. Keep the guest Wi-Fi on a network that is separate from the clinical network, and establish a firm policy to prohibit your staff from sharing the clinical network password with patients or guests. Business-class Wi-Fi access points allow you to set up separate networks and prevent cross-traffic between them. If your staff brings their own smartphones to work, only allow them to access the guest network. You might offer them a third and separate network that allows some access, but still prevents their devices from accessing clinical data. Given the possibility of an unsecured device leading to a breach of patient data, you simply must allow only devices that you can directly control and secure to access medical records. - Require Endpoint Security Software.
Any device that connects to your network is an endpoint with access to your network’s data. PCs are no longer the only vulnerable point; Android devices are especially susceptible, and criminals are increasingly targeting tablets running iOS. Make anti-malware software part of the standard configuration, and set it to trigger regular updates. - Fortify Your Logins.
A tablet or other device that has access to medical data must be locked with a passphrase to prevent unauthorized use by visitors who might pick it up. In addition to a strong password policy, the best practice is to enable multi-factor authentication for any access to the clinical network. These measures protect you against unauthorized use of the device as well as against criminals guessing passwords or using stolen credentials to gain access. In addition, hide the SSID so you’re not broadcasting the name of the clinical network. - Mandate VPN Use.
Mobile devices can be susceptible to eavesdropping. Take advantage of the strong encryption offered by a VPN by implementing a VPN for access to the clinical network if the device needs to leave the secure network. Look for one that also supports multi-factor authentication to protect the VPN logins. - Protect Against Malicious Apps.
One of the biggest mobile-device risks is applications that pose as something useful or fun, but are actually designed to steal data. Establish policies that limit or block the use of third-party software on your clinical devices. - Develop and Require a Secure Configuration.
Establish a standard, secure configuration for devices that connect to the clinical network. This includes requiring a lock code or password for access, preventing access of other wireless networks, and either hiding the device from Bluetooth discovery or, better still, disabling Bluetooth altogether. - Enable Remote Lock and Wipe.
Be sure you are able to remotely lock the device to prevent its use if it is ever lost or stolen. Ideally, the devices don’t store any data at all and are only used to access or update the patient records. But if they do hold any data, or as an extra measure of protection, ensure you can wipe the data from the device as well. If the device is found, you can simply re-image it from a backup. - Conduct Mobile Security Audits.
Hire an outside firm to annually audit your mobile security and perform penetration testing. Testing using the same mobile devices that you use in your environment will uncover potential issues before a criminal discovers them.
We encourage you to use National Cybersecurity Awareness Month to take a serious look at your security and address any shortcomings. If you would like assistance implementing these measures or an evaluation of your HIPAA compliance posture, FIT Solutions is here to help. Call us today at 888-339-5694.
Business Continuity for Senior Care: How an SD-WAN Protects Your Patients
Your nursing home or skilled nursing facility likely relies heavily on your Internet connection for delivering patient care.
If your electronic health record (EHR) or electronic medical record (EMR) system is hosted in the cloud, staff access to patient treatment plans, physician orders, medication dosages and other critical information depends on a reliable Internet link. Plus, if you rely on voice-over-IP for your telephone systems, that’s another system that is absolutely critical for patient care. It’s needed for making 911 calls, timely communication with physicians, receiving urgently needed lab results, and the many, many other types of medical information that are routinely handled by phone. What happens if your primary Internet connection fails?
Regulatory Considerations
Regulators are keenly aware of the importance of communication. That’s why Internet uptime is woven into the fabric of healthcare regulations that deal with business continuity and disaster recovery, specific to senior care, at the state and federal levels.
Addressing those requirements is vital for protecting your patients and your organization. Fortunately, there’s a relatively new technology that’s ideal for managing redundant Internet links and providing intelligent failover. SD-WAN stands for Software-Defined Wide Area Network. It’s a mouthful that boils down to a simple idea: using software instructions to intelligently choose between multiple wide area network connections (that is, multiple Internet connections) when sending or receiving data traffic.
Out with the Old — In with the New
Here’s why an SD-WAN is better than the old approach to providing redundant failover. The old method for a backup Internet connection was to maintain one connection as the primary and designate another as secondary. This was an all-or-nothing proposition: The secondary sat idle until needed. The setup required regular testing to verify the secondary was still functional.
An SD-WAN allows both connections to serve as the primary. The software intelligently chooses between the two connections based on various factors, such as the type of traffic (voice or different types of data) and the capability and quality of the connection (available bandwidth, latency and similar parameters). Two or more connections can be actively used, and when one link goes down, the traffic passes to the other automatically and immediately. Here’s how well it works: If you initiate a voice-over-IP call, and then unplug the connection, the SD-WAN switches to the other connection with little or no hint of an interruption in the conversation.
Rather than the secondary connection sitting idle, it can be put to use and effectively increase the available bandwidth. The pooled bandwidth and redundancy make it possible to choose less expensive connections, such as combining a cable and DSL connection rather than more-expensive fiber circuits. If you procure the two connections from different providers, then you’re protected if either provider experiences an outage. The SD-WAN will ensure that access to critical systems will remain.
Modern SD-WAN implementations can be configured without entering traditional network parameters such as IP addresses or port numbers. This makes an SD-WAN especially attractive to organizations that have multiple sites, as is often the case in senior care. SD-WAN technology masks the complexities of maintaining redundant connections and switching them across multiple sites. It just works, which is what we all want from our technology.
At FIT Solutions, we work as advisors to our senior-care clients on multiple aspects of IT. Assistance with the technology aspects of your backup, disaster recovery and emergency preparedness plans is a key part of the offering. We know the legal and regulatory requirements you face, and can provide recommendations on administrative practices, technological implementation and support, or active management of your systems. We can help you determine whether SD-WAN technology — and which of the available options — is right for you. Call us today at 888-339-5694.
Public Wi-Fi Security for Senior Care: 4 Tips for Keeping Patient Data Safe
As the baby boom generation enters the Senior Care market, skilled nursing, assisted living and other facilities that serve to the senior population face a new challenge.
They have to meet the technology-access expectations of tech-savvy patients and their families. Wi-Fi access is now an essential part of the service mix for residents and visitors.
Since these are healthcare facilities, though, HIPAA compliance and patient-safety issues are even more paramount. Roaming caregivers require their own Wi-Fi access to electronic health record (EHR) or electronic medical record (EMR) systems. Monitoring, alerting and other systems that directly support care delivery might also connect via Wi-Fi. Unsecured guest and resident devices connecting to the same network as medically critical devices present a huge risk.
Here are four tips for safely making Wi-Fi available for senior patients and residents, visitors and guests while preventing compromises and addressing the compliance issues.
1. Use business-class Wi-Fi technology to segregate the networks. Business-class technology allows you to use separate Wi-Fi SSIDs to isolate networks. At minimum, create one for resident/guess access and one for caregivers/staff. Put the guest network in a DMZ or otherwise isolate its internet access and block access to the staff network. (Business-class technology is a must in a senior-care facility for reasons other than security. It generally delivers more-robust coverage than consumer-grade devices, including support for multiple access points.)
2. Enforce policies to keep the staff passphrase secure. Staff might be tempted to share their password with guests and residents, especially if the resident Wi-Fi enforces bandwidth throttling that limits data consumption. Discourage passkey-sharing by requiring a longer and more-complex passphrase for the staff network, while making the guest passkey shorter and easier to remember and enter. The best practice is to enact a written policy that prohibits sharing the staff passkey with residents or guests, or connecting their devices to the staff network.
3. Hide the Wi-Fi SSID for the staff network. By not broadcasting the SSID, it won’t show as a connection option. Moreover, if you don’t share the SSID with the staff, they won’t be able to connect any device on their own. This means IT personnel may need to occasionally help with getting equipment connected, but this is often easier than having to change the passkeys on all the devices later because residents are found to be connecting to the staff network.
4. Add an extra layer of sign-on security. Consider one or both of these options. MAC address filtering allows pre-authorized devices — and only those devices — to connect to the staff network. It can be difficult to administer, however. A much more effective and seamless approach is to use a single sign-on solution (such as Okta or Onelogin) that allows access only when a user enters their staff email address and password.
Of course, there’s more to compliance with HIPAA, HITECH and other regulations than just securing Wi-Fi access, but the tips above deal effectively with one of the biggest vulnerabilities that senior care facilities face.
If you would like to know more about security in a senior care setting, we’re here to help. You can learn more about FIT Solutions managed IT services for healthcare by calling us at (888) 339-5694.