The old saying when you don’t want to know (or understand) there are problems around is you “have your head buried in the sand”.
Well, I’m updating that saying to “Is your head stuck in the cloud?”
For many of you on “the cloud” or more specifically on a Software As A Service (SaaS) EHR one of the big selling points was simplicity.
“The cloud will make things easier” the salesperson said.
I’m not going to go into the practicality or cost involved with “the cloud”, we’ll save that for another time.
What will discuss if the added danger of the cloud.
In the computer world there is a scale. At one end of the scale is Convenience, the other end of the scale is Security.
In most offices there is a constant battle to find the right balance between these two items.
For those of you that missed this headline, over the last few days a “botnet” was discovered that had collected over 2 million stolen Facebook, Twitter, Yahoo and even scarier ADP passwords.
A botnet is basically a series of computers linked together by malware/spyware that “you” have been tricked into installing on your computer. This spyware then tracks what you do and collects the username and passwords that you type in.
Do I really care that my Facebook or Twitter account passwords are compromised? In the grand scheme of things, no. But, as most people use the same password across various services, that could become a real problem.
The scarier item here is ADP. They are a payroll processing firm. Real money can be affected here.
What does this have to do with your cloud EHR?
If you are not on the cloud, and a password to the EHR is compromised, the culprit still has to gain access to your computer.
Yet, if you are on the cloud, once the credentials are compromised, instant access to your patient data can occur…from anywhere.
This reality further solidifies my iron fist approach to office policies, especially as they apply to staff (and docs) going to non-business websites from office computers.
Every time a person in your office checks their personal email…
Every time a person in your office visits Facebook…
Every time a person in your office goes to “that” website…
They increase the risk of your office having an issue.
If your practice is a business, and the continuation of this business matters to your livelihood AND the livelihood of your staff, then it should be a very easily acceptable reality that nothing but business should be done on a business computer.