Questions you should ask your healthcare IT vendor
Who’s protecting your healthcare IT data? If you’re like most practices, cybersecurity is top of mind as you plan for the future. If it’s not, it should be. Whether your practice has its own in-house IT department or uses an information security vendor, you should be confident that your data — and your patients’ data — is safe.
We sat down with Greenway’s Chief Information Security Officer Larry Whiteside to address 13 vital questions to ask your IT department or your vendor. If they can’t answer these questions with a “yes” or with satisfactory detail, you might be at risk.
1. How long have you been in business providing this service?
You want an organization that not only has experience, but is going to remain in business as long as you are. At Greenway, we’ve spent the past 40 years creating healthcare solutions for healthcare providers.
2. Do you have references?
You want an organization that knows your business and the challenges that come with it. We offer technology and services that seamlessly span the front office, clinic, and back office and help you deliver exceptional care and meet business goals.
3. Is your business insured? If so, for how much?
It’s important to understand an organization’s ability to cover potential damages from breaches and/or incidents. The amount is important to know to ensure it will cover your losses. Greenway’s cyber liability insurance covers any costs associated with the liability of a claim or suit related to a data breach.
4. Do you have in-house support or is it outsourced? If it’s outsourced, is it onshore or offshore?
In-house support provides better continuity of support issues. If your support is outsourced offshore, you could experience communications issues. Greenway’s facility is located onshore and built to withstand anything Mother Nature throws at it. Our systems are housed in a guarded Tier IV facility, with N+2 power and cooling infrastructure.
5. What services are included as part of the offering?
You want to ensure that you’re not paying for services you do not need. Features of Greenway’s hosted solutions include disaster recovery, version upgrades, 24/7 monitoring, system patching, cyber liability insurance, secure servers, next-generation anti-virus, and endpoint detection and response.
6. Will you perform and manage backups of all servers?
You want to ensure that backups include your entire environment. Greenway provides backup and disaster recovery procedures on hosted solutions.
7. What is the backup schedule?
It’s important that your IT department or vendor is backing up the right amount of information in the right amount of time. We perform full backups weekly with incremental backups done daily. In certain databases we complete hourly incremental backups depending on the data they contain.
8. Are the backups encrypted?
In the event of the loss of tapes or other backup equipment, you will want to ensure that your data has been encrypted. Greenway encrypts all its backups.
9. What security tools do you have to help protect against a breach?
You want to ensure that your information security vendor or IT department follows best practices and has multiple layers of security to protect your data against a breach. With secure hosting, Greenway maintains tools and processes to secure data in all public and private hosting environments. The tools include firewalls, intrusion detection/prevention systems, proactive vulnerability scanning, endpoint security, breach detection and response tools, backup and disaster recovery procedures, as well as physical security controls.
10. What security controls will you build and maintain to secure our environment?
Awareness of how your IT department or vendor will secure your environment helps create clarity for your practice. We employ state-of-the-art, end-point security tools and methodology. We make it a priority to review and test our software regularly for any architectural flaws and to fortify processes that protect patient data.
11. Do you have 24/7 monitoring in place?
Attackers don’t only strike during the day time — it can be any time, any day. Greenway provides 24/7 real-time monitoring that includes operational and application performance, anytime, anywhere when you are connected to high-speed internet.
12. What happens if there is a breach or security incident? What’s your role?
Understanding the role your vendor or IT department plays will help you determine who else you would need to get involved. Greenway supplies threat protection and isolation with continuous monitoring and response to advanced threats and security issues.
13. Is there a service level agreement for recovery?
Knowing how long you should expect to be down will help you be better prepared when an incident happens. We provide full fault tolerance, enabling nearly 100% availability.
“We have the processes, technology, and people in place to handle any cybersecurity situation.”
Larry Whiteside, Greenway’s chief information security officer
Click here to learn more about our healthcare-specific IT data security framework.
For more information, click here to schedule a conversation with a Greenway representative.