The Journal of the Arkansas Medical Society Med Journal March 2019 Final 2 | Page 8

IT 101 – Choosing an IT Provider & Getting Started T he following answers were provided to The Journal by Al Aquino of Onet-IT in Little Rock ([email protected]). Aquino is the son of a ers, networks, and software that you have. For instance, are they adept at handling compliance issues related to the medical field? Can they read logs, run HIPAA compliance scans, and identify and implement HIPAA-compliant firewalls? practicing physician and has substantial knowl- edge of medical-field compliance concerns. Through his company, Onet-IT, he provides sup- port to several medical clients that include oph- thalmology clinics, a surgery center, a cancer cen- ter, and a law firm focused on health law. Can you expect reasonably fast service? In my business, I have a tiered support re- sponse time. If you have an issue that affects business continuity, I’m going to give that prior- ity. If a client’s software has been compromised or there is some threat facing them, that takes precedence over a simple software update. As of now, 100% of my clients understand that. They know that when they need me in an urgent man- ner, I will be there. Choosing an IT Provider Does the IT provider have experience in the field you’re in? Does your IT company have previous experi- ence serving medical clinics? You need someone who understands the industry you’re in. Also, if you use certain software, you need to make sure that your IT provider is familiar with the systems you have and that they can support those serv- Basic Protections – the Bare Minimum It’s hard to say what the “musts” are, as hackers can attack from many angles, but ac- cording to Aquino, there are some basic safe- guards you must not ignore: Live Your Dream, Learn To Fly HIPPA has a three-tiered model of safe- guards. It includes physical, technical and ad- ministrative security. Your IT provider should be able to help with these critical areas: Physical – You must have physical security. Many places I visit have been following a lot of guidelines – they have the best firewalls, they have the best antivirus and ant-intrusion items in place. However, if anyone can walk right into the server room, you are not physi- cally protected. You must have that. Technical – This is where firewalls come in. There’s a list of firewalls that are HIPAA com- pliant. You need anti-intrusion software – with tracking, monitoring, and logging in place. Administrative – You need to know who has access. In other words, within your software where you keep medical records, you need to keep track of who has access to them. Medical Board Legal Issues? Training Pilots Since 1939 Since 1939 Our Call Pharmacist/Attorney $99 Introductory Flight Can Get You Started Contact Us Today and Go Fly! 501.975.9330 / learntofl[email protected] 8 YEARS OF FLIGHT 1 9 3 9 - 2 0 1 9 2 3 0 1 C r i s p D r i v e | L i t t l e R o c k | A r k a n s a s 200 • THE JOURNAL OF THE ARKANSAS MEDICAL SOCIETY | 7 2 2 0 2 | Darren O’Quinn 1-800-455-0581 www.DarrenOQuinn.com Little Rock, Arkansas c e n t r a l . a e r o VOLUME 115