Need some suggestions from IT Professionals with experience
I am a young guy trying to learn IT and need some suggestions for a small medical collection site company. This company specializes in doing things like Lab Testing and Drug Testing. All lab (blood) test are sent to LabCorp for testing as the company just collect the samples. The same goes with Drug Testing for NON-Federal and Federal Collections.
Just coming into the company, it does not have an IT Department or anyone with IT Skills. The infrastructure is as follows:
Consumer grade Netgear router with rented cox modem. All laptops are on Windows 10 Pro with Microsoft Business Standard Licenses. All laptops have Webroot AV's and no full endpoint protection.
Active Directory is currently on a small VM with Windows Server 2019 hosted by atlantic.net (this was setup by someone a while ago with the company). Analog phones. Here is what I was tasked to do:
Going completely paperless to doing everything digital while maintaining HIPAA Compliance (meaning however you digitize it, it needs to be HIPAA Compliant).
My thoughts: I'm thinking of just finding a good but affordable EHR for the company which will eliminate paper charts at the front desk and allow patients to either scan a QR code at the front desk with either a provided tablet/Ipad or their phone. This EHR would also be directly integrated with the labs that they send blood and drug testing samples to like LabCorp.Securing and upgrading the network.
My thoughts: The company currently only has one location and they told me they plan to grow to have a few other locations but that was not set in motion (just small talk). I figured I could do something simple as they are not a high target like using UniFi equipment (UDM Pro, managed switch, and AP). If for some reason we need to upgrade the network security in the future I figured I could buy a netgate router with pfsense on it and replace the udm pro. Not 100% sure on this but would love to get your thoughts. I'm not familiar with Cisco products or Fortinet which is why I haven't mentioned it. The company also doesn't have a huge budget.Endpoint and misc. Security
My thoughts: I was thinking of going into 2 different directions here:
a) Since the company has standard business licenses, would it be worth it to upgrade to e3 or e5 to
utilize Azure (im still learning azure and not 100% well-versed in it) with defender and endpoint
protection and other things Azure has to offer from a management perspective.
b) If not option a) then I was thinking something like Sophos Intercept X or Bitdefender GravityZone
for a endpoint protection solution and Proofpoint Essentials for email security.
I would also utilize MFA in Azure for all microsoft accounts with preferably using Microsoft Authenticator, which brings me to another question: Is it normal to request normal employees to download microsoft authenticator (or any authenticator) on their personal phone to use MFA for their email/accounts? I have not worked in a corporate setting before and not sure if this is standard practice or not.Infrastructure with Microsoft:
My thoughts: The company has talked about taking away the VM from atlantic.net because of cost. I assume I can just use Azure AD Connect to sync the users, devices, and groups to Azure AD and then get rid of the VM?
Also each user has their own microsoft onedrive for business. However the company has asked for a folder that can be shared across all users to store basic company info that every user would need. This folder would then have stuff added as policies and procedures changed throughout the company as it grew.
I was looking at sharepoint but didn't see an easy way to have it mapped on everyone's laptop as it makes it somewhat difficult (according to one of the managers because they used it at another business) to have to log into the sharepoint site to upload/download something. If there is an easy way to map a sharepoint document folder (that's shared) onto everyones laptop that would be helpful to know. If not im open to other suggestions.
Thank you in advanced for any and all suggestions, advice, and opinions.
Criticism and Correction is accepted with humility as I'm on a learning curve with this.
Comments
-
JDMurray Admin Posts: 13,089 AdminI don't think that HIPAA records management requires a completely paperless organization, or that greater security or efficiency will result from such an organizational workflow design. I don't know of any human-based company that has successfully maintained a 100% paperless workplace--especially if they have a front office. Humans love paper and therefore always generate paper and demand things be put on paper.I worked in a "paperless office" in the early 1990's (during the EDI craze). One of our office rules was that all paper mail received had to be scanned in by the (human) Office Assistants, routed to the email inbox of the appropriate recipient, and the original paper mail destroyed (i.e., bits good, paper bad). Because the outside world was not 100% paperless, we could not always destroy paper that had to be preserved or returned (e.g., official forms, tickets, stamped documents, etc.). Plus the OAs hated the drudgery of scanning/destroying the constant flow of paper into the business. In addition, there could be no paper copiers/printers/fax machines anywhere in the offices--except in the CEO's office under strict control of the OAs.It turned out that thinking and maintaining paperlessness was a really an added stress that the employees didn't need. AI/ML robots, however, probably have no personal need to generate paper and would prefer not to deal with it. Paperlessness might, in fact, be a significant sign that AI/ML has truly overtaken our lives. LONG LIVE DA HUMANZ PAPER!!