Nordic Blog

    [EHR security assessments] Your path to optimization

    Posted by June Stacey on Apr 7, 2017 12:52:05 PM

    When you started working in your current office, you probably didn’t need a key to every door in the building to do your job. You also probably didn’t need to go to the hardware store and create a custom key for every single door that you do need to enter. But for some healthcare organizations, their EHR security is similarly inefficient. With the help of Epic’s templates and a strong governance structure, you can remove a lot of the security hurdles that slow down your team. A security assessment is your first step.

    June-Stacey-Blog.jpgWhen should you have an assessment?

    I recommend a security assessment for any organization that started its security implementation before Epic established a linkable template system for users. I’ve worked with organizations that have completely customized user records, which is much less efficient and requires more resources to maintain. Implementing linkable templates and using the subtemplate feature helps standardize access for similar users and facilitates optimization efforts.

    Most organizations have an established governance structure, but evaluating the policies and procedures to assure a sound security foundation can be beneficial. Clearly defined change control processes and identifying groups responsible and accountable for decisions is essential to avoid potential unintended consequences of unilateral decisions.

    What does a security assessment entail?

    As the security assessors, the first thing we do is look at the organizational structure. Who are the decision makers? What are the processes? What are the IT relationships with compliance? How open is communication? Is the organization standardized? How are records maintained and documented? There are a lot of questions, but the answer to each of them is important.

    One of the first things we consider is the organization's philosophy. By that I mean what an organization’s strategy is for implementation of profiles, security classes, work rule, and engine rule, along with how that fits with Epic’s recommendations so that future upgrades and optimizations are more easily implemented. Next we'll consider pain points for maintaining and supporting a dysfunctional security foundation.

    One of the main benefits of a security assessment and the move toward standardization, using templates, and realigning profile strategy is that it makes day-to-day support easier and more efficient. I’ve seen organizations that had over 50 security tickets a day. Some of them were simple issues, but even simple fixes take time and use valuable resources.

    An assessment typically involves evaluating the organizational security foundation, governance structure, and specifics pertaining to each application. This is followed by a detailed report of those findings, optimization recommendations, and potential benefits for that specific organization.

    Recommendations

    Additional security-related training for staff is often needed in order to facilitate optimization recommendations. This is dependent on the organization, established workflows, and knowledge and experience of the IT staff as well as the extent of the optimization work.

    Consolidation, standardization, and centralized control of security-related changes are general recommendations for all organizations as the foundation of a sound security structure. Another general recommendation is an established strategy and tight control of the workflow engine.

    Interested in getting started on your EHR security assessment or learning more about improving your EHR?

    CONTACT US »LEARN MORE ABOUT ASSESSMENTS »

    Topics: Epic optimization, Epic security optimization, assessments

    Nordic's Blog

    Insights to help you get the most from your Epic EHR

    Most of the time we're interviewing our Nordic consultants in one manner or another to gather tips and tricks that help you work better with Epic. Occasionally, we'll slip in a little fun to show you what it's like to partner with us. 

    If you have a topic that you'd like to see us cover here, let us know!

    CONTACT US »

    Subscribe to Email Updates

    Posts by Topic

    see all