Archive for the ‘HIPAA’ Category

Guest Post: 5 Legal Considerations for Maximizing Telehealth Security

May 25th, 2017 by Ammon Fillmore and Mark Swearingen
Patient privacy and data security are key telehealth concerns providers must address.

Patient information privacy and security are key telehealth concerns for healthcare providers.

Telehealth is one of the fastest growing and developing areas of healthcare today. With this rapid growth come many questions and concerns that arise when legal and regulatory schemes are not able to keep up with the pace of development. One such concern is the legal and regulatory issues relating to the privacy and security of telehealth services. Telehealth services can be provided securely, but specific attention must be paid to information and application security in order to protect patient privacy and comply with laws such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Healthcare provider executives who currently offer, or are considering offering, telehealth services to their patients should give attention and appropriate resources to the following areas in order to maximize the organization’s security posture and operational efficiencies.

Arrangement Structure

One of the primary decisions for a healthcare provider organization to make with any telehealth arrangement is whether the organization will provide the telehealth services itself or in collaboration with a third party. Many considerations will be part of this decision, but information privacy and security should be one of them. An organization should only consider providing telehealth services on its own if it can dedicate sufficient resources and personnel to establishing and maintaining the secure transmission and storage of patient information. Only an organization with a competent and established information technology staff should consider providing telehealth services in this manner.

If an organization chooses instead to collaborate with a third party to provide telehealth services, there are several third parties with whom the organization can collaborate to provide those services securely. Those third parties can provide anything from equipment only to a full range of services, including digital infrastructure and professional physician services. When a third party is involved, the organization must also consider how to structure the arrangement for purposes of HIPAA, including determining whether the third party will be a business associate of the organization or whether the organization and the third party will function as a single Organized Health Care Arrangement (“OHCA”) under HIPAA. These decisions will impact how information flows between the parties and who is responsible for securing that information.

Contractual Protections

Responsibility for securing information where the provider organization collaborates with a third party will be governed by the operative agreements between the parties, including the Business Associate Agreement, where applicable. Provider organizations should be sure that the agreements detail the third party’s security-related obligations and establish the third party’s responsibility for failing to meet those obligations. The operative agreements also should contain sufficient representations and warranties of the third party’s security posture, including the technical specifications that the third party will implement in order to safeguard patient information. Equally important is making sure that the operative agreements include sufficient assurances that patient information will be accessible to the appropriate healthcare provider.

Technical Specifications

Telehealth arrangements will differ in the precise technical specifications that the parties implement to safeguard patient information. However, certain technical specifications are broadly applicable and can significantly reduce security risks. One example of such a specification is the use of encryption technology. Encrypting patient information, both while stored on computer systems and during transmission between systems, is an effective means of safeguarding the information from unauthorized third parties and preventing breaches from occurring. Another such specification is authentication of the participants in a telehealth encounter, the clinicians and patients themselves. It is important that technological measures are implemented to ensure the identity of both the clinicians and patients so that all parties can have confidence that the individuals involved in the encounter are actually who they appear to be. Provider organizations should strongly consider implementing such technologies in any telehealth services arrangement.

Security Awareness

Even the best technical safeguards can be compromised by human error, so it is imperative that effective security awareness training be provided both to workforce members as well as patients. Workforce members who participate in telehealth services arrangements must be made aware of their obligations to protect the privacy and security of patient information under their organization’s policies and procedures and be sanctioned when a violation occurs. Likewise, patients should be provided with information about the security risks present in telehealth arrangements and advised of the steps they can take to mitigate those risks.

Security Risk Analysis

Provider organizations are required under HIPAA to periodically perform an enterprise-wide security risk analysis and to take steps to remediate any risks that are identified. The failure to do so can result in substantial fines and penalties to a provider organization. An enterprise-wide risk analysis considers not only the electronic health record but also any system or equipment that contains electronic patient information, which would include equipment and systems utilized in providing telehealth services. Accordingly, provider organizations should be sure to include telehealth systems in their risk analysis, including those utilized by a third party service and to address any identified risks and vulnerabilities in a timely fashion.

This article is educational in nature and is not intended as legal advice. Always consult your legal counsel with specific legal matters. If you have any questions or would like additional information about this topic, please contact Ammon Fillmore at (317) 977-1492 or afillmore@hallrender.com or Mark Swearingen at (317) 977-1458 or mswearingen@hallrender.com.

About the Authors: Ammon Fillmore and Mark Swearingen are attorneys with Hall, Render, Killian, Heath & Lyman, P.C., the largest healthcare-focused law firm in the country. Please visit the Hall Render Blog for more information on topics related to healthcare law.

Mark Swearingen

Mark Swearingen

Ammon Fillmore

Ammon Fillmore















HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: Healthcare Data Breaches in 2016

February 20th, 2017 by Melanie Matthews

Data breaches in the healthcare industry are increasing every year at an alarming rate, according to a new infographic by Kays Harbor.

In 2016, there were a total of 326 breach incidents, according to the United States Office of Civil Rights. The number of breach incidents is increasing despite awareness, HIPAA regulations, guidelines and strict measures to protect patient privacy.

The infographic drills down on the breaches that occurred in 2016 and how to minimize the risk of a breach this year.

Healthcare Data Breaches in 2016

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Patient Communication Compliance

January 11th, 2017 by Melanie Matthews

Communication with current and potential patients is pivotal to maintaining and growing your practice, but your practice must ensure that you are compliant in all of your communication points with HIPAA, FDA and FTC rules, according to a new infographic by Response Mine.

The infographic touches on all points of patient communication—from digital advertising and marketing to scheduling appointments and patient reminders—to help practices protect patient information and stay compliant.

Patient Communication Compliance

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health SystemIntermountain Healthcare’s strategic six-point patient engagement framework not only has transformed patient care delivered by the Salt Lake City-based organization but also has fostered an attitude of shared accountability throughout the not-for-profit health system.

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health System details Intermountain’s multilayered approach and how it supports its corporate mission: Helping people live the healthiest lives possible.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Is Your Healthcare Data Safe?

December 12th, 2016 by Melanie Matthews

Data loss from U.S. hospitals, urgent care centers, dental practices and clinics is reaching epidemic proportions, according to a new infographic from safetica. Last year the confidential records of one-in-three healthcare patients in the United States were compromised. But what are the costs and causes of data breaches—and how can they be prevented?

The infographic examines the impact of data breaches, the cost of a data breach and a checklist to compare your organization’s data security practices against recent HIPAA case law.

Is Your Patient Data Protected?

2016 Healthcare Benchmarks: Data Analytics and IntegrationThe 2016 Healthcare Benchmarks: Data Analytics and Integration assembles hundreds of metrics on data analytics and integration from hospitals, health plans, physician practices and other responding organizations, charting the impact of data analytics on population health management, health outcomes, utilization and cost.

2016 Healthcare Benchmarks: Data Analytics and Integration examines the goals, data types, collection processes, program elements, challenges and successes shared by healthcare organizations responding to the January 2016 Data Analytics survey by the Healthcare Intelligence Network. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Cyber Attacks Hit Healthcare

April 4th, 2016 by Melanie Matthews

The healthcare industry is under pressure to advance its use of technology to control costs, digitize patient information and streamline operations. But with significant increases in cyber attacks and the sensitive nature of healthcare data, security is a growing concern, according to a new infographic by ESET.

The infographic examines: which threats healthcare organizations fear most; how healthcare breaches affect consumer behavior; and what security solutions are most effective.

Covered Entity Manual Covered Entity Manual is a template-style download manual that can be easily adapted to align with your compliance needs as a covered entity. All content complies with the Omnibus Rule.

Covered Entity-Specific Manual provides you with a generic, comprehensive set of policies and procedures: 33 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 12 forms and templates, including a notice of privacy practices.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Physical Safeguards

January 27th, 2016 by Melanie Matthews

Physical safeguards are set of rules and guidelines that outline how the physical storage and access to protected health information should be managed under HIPAA security rules, according to a new infographic by Vigyanix.

The infographic details the Physical Safeguard requirements for facility access controls, workstation use and security and device and media control.

Business Associate ManualBusiness Associate Manual is a template-style manual that can be easily adapted to align with your compliance needs as a business associate (BA). All content complies with the Omnibus Rule.

Specifically developed to help BAs meet complex privacy & security compliance requirements. The Business Associate Manual includes: 6 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 4 forms and templates.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: The Year of the Healthcare Data Breach

January 1st, 2016 by Melanie Matthews

The healthcare industry has become a high-profile target for cyber criminals. For the first half of 2015, healthcare ranked #1 in terms of notable incidents of records compromised, with nearly 34 percent of all records compromised across all industries, according to a new infographic by IBM.

The infographic looks at the impact of healthcare data breaches and why healthcare data is so valuable.

Business Associate ManualBusiness Associate Manual is a template-style manual that can be easily adapted to align with your compliance needs as a business associate (BA). All content complies with the Omnibus Rule.

Specifically developed to help BAs meet complex privacy & security compliance requirements. The Business Associate Manual includes: 6 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 4 forms and templates.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Data Breaches on the Rise

October 2nd, 2015 by Melanie Matthews

HIPAA Data Breaches on the RiseHIPAA data breaches are rising, according to research conducted by Privacy Analytics Inc. for a new infographic, HIPAA Breaches 2009-2015.

Culling data from the Office of Civil Rights, Privacy Analytics found over 1,286 reported incidents affecting 153 million individuals at the time of publication. The largest breach was earlier this year from Anthem Insurance, reporting over 78 million records being breached. According to the Guide to the De-identification of Personal Health Information, the costs incurred for a breach – including notification, legal fines, legal fees, forensics, PR and more – is approximately $208 per person. The average data breach was over 100,000 records and cost $24 million. States with the highest number of individual records breached were Indiana, California and Washington State.

The infographic looks at breaches by type, the need for more HIPAA organizational knowledge and training and new data privacy and security challenges as the use of secondary health data grows.

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Security Breaches in 2015

September 18th, 2015 by Melanie Matthews

In 2015, the healthcare sector has had more security breaches than any other sector but one, according to a new infographic by Netsurion.

The infographic examines security breaches by market sector, along with specific details on healthcare security breaches.

Healthcare Security Breaches in 2015

HIPAA Compliance ManualThe customized HIPAA Compliance Manual contains the policy and procedure documentation required by the HIPAA privacy and security rules and HITECH. Operating forms are included in the manual for ease of customization for your office. The manual also includes state laws and regulations that interface with HIPAA and state identity theft laws.

The HIPAA Compliance Manual also includes as a bonus: The Advisor, a monthly newsletter to help you stay current on new regulations and interpretations throughout the year. You will receive The Advisor each month by email as a part of your manual purchase.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Information Security

September 4th, 2015 by Melanie Matthews

Healthcare Information SecurityImproving regulatory compliance and security awareness and training are among the top concerns of healthcare information security professionals, according to a new infographic by ISC2.

The infographic also drills down on the competencies and certifications that healthcare organizations look for when hiring information security professionals.

Covered Entity Manual Covered Entity Manual is a template-style download manual that can be easily adapted to align with your compliance needs as a covered entity. All content complies with the Omnibus Rule.

Covered Entity-Specific Manual provides you with a generic, comprehensive set of policies and procedures: 33 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 12 forms and templates, including a notice of privacy practices.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.