What’s the point of all the policies?
The reality is this: no matter the size of your office – you, your staff, and those you hire to help you need a solid understanding of what is expected.
I constantly get an eye-roll when I produce my policy & procedure for sending a fax. The typical response is: “Seriously?? We’re just sending a fax.”
Now let’s focus on the policy and procedure for keeping the software on your computers and your server (if you have one) up to date.
Don’t give me the eye roll.
Yes, I understand this seems obvious…just like backing up your computers…but way too many don’t do that either.
Recently there has been a lot of talk about the NSA hacking tools that were obtained by a group known as the “Shadow Brokers”.
Yes, they sound spooky.
They release what is supposed to be the hacking tools the NSA uses to get into people’s computers. Exploits in Windows, etc.
Shortly after the release of these tools, Microsoft came out and announced that all the “holes” these tools used have been patched already.
These tools are specifically for Windows: 2000 and XP to Windows 8. On the server side they are used against Server 2000, 2003, 2008 ,2008 R2 and 2012.
Worth noting, these tools do not work on Windows 10 nor Server 2016.
So, what is your policy for updates?
Do you know that all your computers are set the same?
What about your server? This tends to be a bit more complicated as you need to confirm your EHR is compatible with the latest security patch first.
You need a policy & procedure that sets expectations for all of this, including:
- How computers are set to install updates – automatic or manual
- Who runs updates
- When are updates run
- Then if you have a server:
- Run a backup before the update
- Update only on weekend(?)
- Confirm latest release is EHR compatible
Many of you outsource your IT support, which is fine, but you still need to set the expectations.
You still need to have an understanding of how things are to happen.
This still is your responsibility.