Gaston County’s HIPAA Security Risk Assessment Journey
Gaston County is a county in the state of North Carolina, with a population of approximately 210,000. Chris Dobbins is the Director of the Gaston County Department of Health & Human Services. He holds a Master of Public Health degree from UNC Chapel Hill and is also a graduate of the FBI National Academy. Chris served 22 years in the United States Air Force before retiring in 2004. In January of 2017, Chris was named the Health Director of the Year by the North Carolina Association of Local Health Directors.
Logically provides IT support for both the Health Division’s staff of 200 and the Social Services Division’s staff of 400. Each division has a director that reports to Chris Dobbins. The County’s IT charter is straight forward: “For the betterment of Gaston County through the use of technology, and to ensure that the County data and voice services are secure, accurate, available and recoverable.” Logically is the trusted partner to help make that goal a reality.
Five years ago, there was an increase in breaches of electronic protected health information (ePHI) in North Carolina and the country. Driven by the rush to implement electronic health record (EHR) systems fueled by meaningful use incentives, it was a perfect storm of risk. Broadly, EHR systems were implemented for ease of use and not security best practice. This made all covered entities tempting targets by the threat actors. While Gaston County considered their security efforts to be better than most, they were aware of this new risk. As such, they engaged in a vendor review process to ameliorate the problem. Chris Dobbins selected Logically as the county’s IT partner and the relationship began with the county’s first HIPAA Security Risk Assessment (SRA) focusing on the Gaston County Health Department.