The loss or corruption of one small program utility may prevent entire program application from operating properly. The change of one parameter or setting (which easily can happen inadvertently or during installation of another piece of software) is enough to disrupt proper functioning of an application. The best protection against application software failure is:

~ keep original program source (disks, CD-ROMs, saved and backed-up downloaded files) secure off-site (outside of your office) ~ install software from backup copies of originals, and use only authorized and registered copies of software applications (so that original software application vendor is available for technical support, replacement of disks, bugs fixes, and software updates).

Network software is notoriously finicky and requires frequent attention. Someone familiar with network software either on staff or available on short notice is essential to troubleshoot and restore network when it crashes, slows to a crawl or just doesn't act right. In some situations, loss of access to application programs, loss of data, or loss of access to data when network is down can be minimized by backing up or mirroring data on a local hard drive or floppy disk and by having key software such as word processing applications loaded also on local PC hard drives.

Corruption of software by viruses is another growing security risk, which is best handled by carefully designing procedures to limit unauthorized access to systems, by discouraging use of unauthorized software and by using specialized virus protection software. Some offices have systems that automatically bar any new software from being loaded even onto an individual PC on network. Others automatically scan all new software for viruses. Anti-virus software must be updated continually to enable it to identify new viruses that are constantly being created and spread. Automatic update features are available for major anti-virus software programs and should be implemented.

A particular problem is software that is acquired electronically, such as from Internet, whether public domain software or unauthorized copies of programs. Seemingly minor items such as games, utilities, screen savers or macros of unknown origin and provenance may put you at serious risk of contracting a virus. Email attachments are a frequent source of infected code. You need to be attentive to suspect email sent to you. Always pay attention to what you are loading or downloading onto your computer.

Through introduction of a computer viruses, your software programs and if not your entire computer network may be unusable by simple installation of unauthorized software application on your computer system. Make sure your staff understands importance of your policy of banning installation of unauthorized software. Then periodic "sweep" your computers to insure that your staff is helping you protect your computer investment.

These simple steps may result in big dividends to continued operation of your small business.

Copyright Steven Presar

ØGenerally, employer (Plan Sponsor) is not a HIPAA "Covered Entity" - Health Plan is. For fully insured plans, this typically means health insurer, HMO, EAP provider, etc. ØAs Covered Entities, health plans bear brunt of compliance requirements (your responsibilities become exponentially larger as quantity of data you receive increases) ØMeet with every service provider, or ensure that your broker or consultant has reviewed compliance requirements with each ØUse protected health information only for needed administration of benefit programs (HIPAAspeak: "Treatment, Payment and Health Care Operations) ØCollect (and release) only minimum data required to "do job" (e.g. enroll an employee, file claims, etc.) ØRestrict data to those persons who absolutely must use it ØEstablish "firewalls" and safeguards to protect data (separate locked files, restricted access, password protect systems) ØAppoint a Privacy Official (not required for fully insured plans that never receive PHI) ØCreate a Privacy Policy and distribute a Privacy Notice to participants Ø"Scrub" personally identifiable data from communications pieces, ID Cards, etc.

HIPAA, like COBRA before it, will continually change as new rules and regulations are released (for example, U.S. Dept. of HHS has yet to release enforcement rules for HIPAA). Ongoing compliance will require vigilance in remaining up to date on changing laws. It's vital your broker/consultant proactively work with your organization to review plans, identify problems and provide ongoing education to maximize performance of your benefit plans.