Why software patch management is critical in the dental practice

Feature
Article

In previous articles in this series, we have explored many of the HIPAA rules and regulations that affect dental practices. While many of these involves areas familiar to dentists, such as data backup and antivirus software, a number are less well-known, but just as critical. One of this is something called patch management.

Black computer keyboard featuring a blue button labeled

In previous articles in this series, we have explored many of the HIPAA rules and regulations that affect dental practices. While many of these involves areas familiar to dentists, such as data backup and antivirus software, a number are less well-known, but just as critical. One of this is something called patch management.

You won’t find the words “Patch Management” in the HIPAA Security Rule, but given recent action taken by the US government agency that enforces HIPAA compliance, it’s there. The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) settled with a community behavioral health organization in December 2014 concerning potential HIPAA violations which surfaced as a result of the OCR’s investigation of a breach of electronic protected health information (ePHI) that was reported to HHS by the organization in March 2012.

The press release announcing the settlement included a quote from OCR Director Jocelyn Samuels who stated, “Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis this includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”

The basic premise of patch management is that dental offices are usually running a multitude of software programs. This includes your Windows operating system, your browser, Adobe products like PDF viewer, Office and numerous other systems. Unfortunately, these products tend to ship with security holes, and as new holes are discovered, the company will provide updates or "patches" to fix these security holes. This is a constant battle between the software developers and the people who look for security holes to exploit; many times, patches are released on a weekly basis!

While some products, like Windows, can be set to install and update their software automatically, others do not. And, even the ones that can do, it's often not prudent to install untested patches right away, I often suggest waiting a week or two to ensure that the bugs have been worked out.

This is where the concept of patch management comes in. Sure, you could pay your IT company to log on to each and every computer on a weekly basis to search for and apply patches to every software system on the computer but this will be a very expensive undertaking. Instead, there is a whole class of software called Managed Services that can automate this process for you.

While the software will install and update software on the schedule you dictate, it can also handle many other functions that may not necessarily be a HIPAA rule. For example, many of then include alerting: they can send an alert to you and/or your IT company if there's a problem, such as a corrupted hard drive, incorrect password entered, virus, etc. These software programs can also do things like defragment the hard drives and clean out temporary internet files and other functions.

Many IT companies, including mine, offer patch management services. Dentists should take the time to evaluate their options and decide on the best way to keep their patient data safe and secure.


 

Recent Videos
GNYDM24 Product Focus: Josh Gosnell, Vice President, Business Development at Adit, explains how cloud-based analytics and patient communication software can enable practices to run more efficiently.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
At DS World 24, Max Milz, Dentsply Sirona VP, Connected Technology Solutions, talks about the company's new Primescan 2 intraoral scanning solution and how it fits in with a variety of digital dentistry workflows.
At Dentsply Sirona World 2024, Henry Schein's Matt Kunzler talks about the brand new innovations from Dentsply Sirona, including Primescan 2, a first of its kind cloud native scanner, as well as Henry Schein's flex financing solutions.
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
Mastermind Episode 33 – Charting the Course for the Future of Dentistry
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
CDS 2024: Breaking Down Barriers to Care with Eric Kukucka, DD
Related Content
© 2024 MJH Life Sciences

All rights reserved.