Archive for the ‘HIPAA’ Category

Infographic: 2018 Health Data Breaches Fast Facts

August 1st, 2018 by Melanie Matthews

There have been 165 healthcare data breaches so far in 2018, affecting 3.2 million people, according to a new infographic by Optimum Healthcare IT.

The infographic examines the types of breaches that have occurred.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Compliance Checklist & Healthcare Cybersecurity Awareness

July 30th, 2018 by Melanie Matthews

While Health Insurance Portability and Accountability Act audits by the Department of Health and Human Services (HHS) continue to ramp up, healthcare organizations have seen penalties and settlement agreements between healthcare organizations and HHS in the millions of dollars, according to a new infographic by eFax Corporate.

The infographic provides a checklist of important information to help healthcare organizations with HIPAA compliance.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: A Report on Healthcare Data Security & Privacy Compliance

July 26th, 2018 by Gary Palgon

Privacy and security regulations for enterprise data in healthcare organizations are complex and current efforts to bolster enterprise data compliance among all organizations, including those in healthcare, are immature and ineffective, according to a recent study conducted by Aberdeen, an industry analyst firm.

In fact, 86 percent of 112 hospitals and hospital groups in the study are dealing with multiple types of data and data-related processes that are subject to compliance requirements. This is not surprising because healthcare organizations generate, collect, store and manage financial transactions, personally identifiable information, protected health information, employee records and confidential or intellectual property records such as partnership agreements and contracts.

When asked if their organizations were compliant with 11 common regulations and frameworks for data privacy and security, only 65 percent reported achievement. PHI has the highest percentage of compliance reported—85 percent. The lowest compliance rates were reported for ISO 27001 and the General Data Protection Regulation at 63 percent and 48 percent respectively.

To measure the maturity of healthcare organizations’ efforts to comply with privacy and security requirements for data, Aberdeen developed a Net Maturity Index across six key elements of an enterprise data lifecycle. An index score above 50 percent indicates strong maturity in compliance activities and below 50 percent indicates immaturity.

Managing data, which includes normalizing, cleansing, validating and correlating data, earned a 66.6 percent score for healthcare respondents, the only element that indicated maturity. Scores for other key elements were:

  • 49 percent for storing data—persistent, on-demand, self-service access to data;
  • 41.2 percent for protecting data—encryption, tokenization;
  • 33.4 percent for syndicating data between any two applications—including mobile, connected devices, on-premises or cloud;
  • 25.4 percent for ingesting data into a common repository—cloud-based, data lakes; and
  • 3.9 percent for integrating data from multiple sources—disparate sources, formats and protocols

The immaturity of the data lifecycle and associated enterprise data compliance efforts has real-world consequences for healthcare entities. Four out of five (81 percent) study participants reported at least one data privacy and non-compliance issue in the past year, and two out of three (66 percent) reported at least one data breach in the past year.

Investment in data compliance efforts is not lacking. A median of 37 percent of the overall IT budget of healthcare survey respondents is allocated to data compliance activities. This is a significant amount of funding to still experience data breaches, data compliance issues and low percentage of achievement of compliance with multiple enterprise data security and privacy regulations. When compared to respondents from life science and other industries, healthcare respondents reported the highest percentage of the IT budget devoted to data compliance.

The survey also indicated that healthcare organizations are more likely than organizations in other industries to have instituted compliance-specific governance processes and appointed specialized leadership such as data protection officers, compliance officers or chief risk officers, to oversee enterprise data compliance initiatives. While these are often considered to be best practices for achieving data compliance, still less than half of all healthcare organizations have instituted these approaches. Having specialized leadership is one of the most likely ways to effectively address enterprise data security and privacy compliance issues but it may also present further complications. Although the role may be assigned to an individual, the task of ensuring compliance with multiple regulations that evolve and change along with new technology and the addition of new data sources, requires an expertise that is difficult to achieve and oversee by one person who probably wears multiple hats in the organization.

One solution to the complex, challenging task of achieving data security and privacy compliance is the use of third-party providers who can address the healthcare organization’s need to enhance integration, management and storage of data. Providers who are experts at data management and integration but also provide the added value of the expertise needed to ensure compliance with regulatory requirements affecting data will offset some of the burden on hospital staff. The solution is not a simple application or a one-off project. Achieving and sustaining compliance with data privacy and security rules as they evolve is an ongoing effort.

The study also points to the need to better manage financial investment in compliance strategies. One option for healthcare organizations is managed services agreements with data management and integration providers. Switching to a predictable, monthly fee versus periodic capital investment or ongoing efforts that are ineffective frees IT funds to be used to advance other hospital goals.

Although many healthcare organizations do not consider outsourcing some of their data management, integration and compliance challenges, but choosing a partner wisely—one with expertise in healthcare as well as other data-centric industries with multiple privacy and security requirements—can reduce the compliance burden on an already overworked hospital IT staff and make funds available to continue digital transformation or other strategic initiatives.

Read the overall survey report here: Enterprise Data in 2018: The State of Privacy and Security Compliance

Read the brief on results for healthcare organizations here: Enterprise Data in 2018: The State of Privacy and Security Compliance in Healthcare

About the Author:

Gary Palgon

Gary Palgon

Gary Palgon is vice president of healthcare and life sciences solutions at Liaison Technologies. In this role, Gary leverages more than two decades of product management, sales, and marketing experience to develop and expand Liaison’s data-inspired solutions for the healthcare and life sciences. His unique blend of expertise bridges the gap between the technical and business aspects of healthcare, data security, and electronic commerce.

Guest Post: Staying HIPAA Compliant When Using Smartphones

July 5th, 2018 by Brad Spannbauer

Smartphones in Healthcare

Introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit ePHI.

Smartphones are becoming increasingly ubiquitous in clinical settings. When compared with the likes of pagers, smartphones offer many benefits, such as improved communication and collaboration, increased mobility, and more advanced security and privacy features. However, despite these benefits, introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit electronic protected health information (ePHI).

The compact size and portability of smartphones is what makes them so convenient for on-the-go healthcare professionals, but it is also this which makes them particularly susceptible to loss or theft, which can lead to data breaches.

According to a Ponemon study, 90 percent of healthcare organizations have been affected by at least one data breach, and nearly half have had more than five data breaches. While malicious activity continues to be the leading cause of these attacks, employee negligence and lost or stolen devices are the primary instigators.

Eliminating the security and privacy threats introduced by smartphones isn’t easy, but by addressing the following key areas, HIPAA (Health Insurance Portability and Accountability Act of 1996) covered entities can mitigate the risks and significantly reduce the likelihood of a data breach occurring.

Put a stop to non-secure communication

In today’s cyber crime ridden world, organizations must be proactive in guarding every aspect of their digital infrastructure, and maintaining secure communications is a key part of this process. Non-secure applications such as email or native text messaging apps are inherently risky due to a lack of security features and privacy controls, which ultimately render them non-compliant under the rules of HIPAA. Instead of using unsecure tools, healthcare providers should invest in secure communication solutions that are designed to withstand the rigors and regulations of healthcare.

Educate your workforce

Research by IBM suggests that 95 percent of all security incidents in 2016 involved human error—misaddressed emails, weak passwords and falling prey to phishing schemes are prime examples of how data breaches can occur due to carelessness or lack of proper education. Additionally, the rise in BYOD (Bring Your Own Device) means employees are more frequently using devices both inside and outside the office, which naturally increases the risks of a device being lost, stolen, or accessed by an unauthorized third party. Regular staff training should therefore be a top priority for any organization that allows its employees to use a mobile device for work purposes. Ultimately the onus is on employers to ensure employees understand their responsibilities, and to provide the tools to allow them to carry out their jobs effectively and securely.

Follow OCR’s advice

In recognition of the risks associated with increased usage of smartphones in clinical settings, the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) has issued guidance for HIPAA covered entities who use mobile devices to create, access or store ePHI. The guide offers the following tips:

  • Implement policies and procedures regarding the use of mobile devices in the workplace—especially when used to create, receive, maintain, or transmit ePHI.
  • Consider using Mobile Device Management (MDM) software to manage and secure mobile devices.
  • Install or enable automatic lock/logoff functionality.
  • Require authentication to use or unlock mobile devices.
  • Regularly install security patches and updates.
  • Install or enable encryption, anti-virus/anti-malware software, and remote wipe capabilities.
  • Use a privacy screen to prevent people close by from reading information on your screen.
  • Use only secure Wi-Fi connections.
  • Use a secure Virtual Private Network (VPN).
  • Reduce risks posed by third-party apps by prohibiting the downloading of third-party apps, using whitelisting to allow installation of only approved apps, securely separating ePHI from apps, and verifying that apps only have the minimum necessary permissions required.
  • Securely delete all PHI stored on a mobile device before discarding or reusing the mobile device.
  • Include training on how to securely use mobile devices in workforce training programs.

Remember, at the end of the day, if you allow ePHI to be stored on mobile devices, some of those devices inevitably will be lost or stolen. And if that ePHI is not adequately protected through strong encryption along with robust access controls as described above, you will have a reportable data breach on your hands. So plan accordingly.

As devices and applications become more technically advanced, and as more and more healthcare organizations leverage the advantages of smartphones over traditional tools, smartphone usage is only set to increase. To realize the benefits, however, it is critical that the security of mobile devices is reviewed and updated regularly, and policies are modified when necessary. Convenience should never come before compliance.

About the Author:

Brad Spannbauer

Brad Spannbauer

A 20 year industry veteran, Brad Spannbauer currently oversees product strategy and planning, and provides direction and market leadership for j2 Cloud Connect’s worldwide business as their Senior Director of Product Management. His focus in the healthcare and legal verticals led to Brad’s involvement with the j2 Cloud Services™ compliance team, where he leads the team as the company’s HIPAA Privacy and Compliance Officer. Learn more about our HIPAA Compliant Fax Solutions.

Infographic: HIPAA Healthcare Data Breaches in 2017

March 9th, 2018 by Melanie Matthews

The severity of HIPAA data breaches in 2017 might have decreased but not the number of breaches, according to a Kays Harbor Technologies analysis.

A new infographic by Kays Harbor Technologies looks at the number of reported HIPAA data breaches to the Department of Health and Human Services’ Office of Civil Rights, the number of individuals impacted by these breaches, the top breaches and predictions on the 2018 breach landscape.

2018 Healthcare Benchmarks: Telehealth & Remote Patient MonitoringArtificial intelligence. Automation. Blockchain. Robotics. Once the domain of science fiction, these telehealth technologies have begun to transform the fabric of healthcare delivery systems.
As further proof of telehealth’s explosive growth, the use of wearable health-tracking devices and remote patient monitoring has proliferated, and the Centers for Medicare and Medicaid Services (CMS) has added several new provider telehealth billing codes for calendar year 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient Monitoring delivers the latest actionable telehealth and remote patient monitoring metrics on tools, applications, challenges, successes and ROI from healthcare organizations across the care spectrum. This 60-page report, now in its fifth edition, documents benchmarks on current and planned telehealth and remote patient monitoring initiatives as well as the use of emerging technologies in the healthcare space.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: Are You Preparing to Fail Healthcare Compliance in 2018?

December 19th, 2017 by Tim Feldman and Darci L. Friedman

A 2018 roadmap to healthcare compliance should focus on cybersecurity, vendor management and telehealth.

As the year winds down, we see numerous lists of priorities healthcare organizations should focus on in the coming year. However, if you are looking to those end-of-year lists for guidance on what your organization should pay attention to in 2018, you are already behind. If you do find yourself playing catch-up, drafting your 2018 compliance work plan is the best place to start.

As the roadmap for your compliance efforts throughout the year, your annual work plan should indicate key high-risk areas. The Office of Inspector General (OIG) of the Department of Health & Human Services (HHS) has indicated that developing an annual compliance work plan is integral to the administration of an effective compliance program (Measuring Compliance Program Effectiveness – A Resource Guide).

The annual work plan and compliance program administration are but one portion of what is required for an organization to have a robust and effective compliance program. The required elements of a compliance program are the following:

  • Standards, Policies and Procedures;
  • Compliance Program Administration;
  • Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  • Communication, Education and Training;
  • Monitoring, Auditing and Internal Reporting Systems;
  • Discipline for Non-Compliance; and
  • Investigations and Remedial Measures.

These elements provide a broad framework for your organization to identify risk, proactively remediate and provide a response mechanism to mitigate when there is an exposure. Working the plan and program throughout the year helps your organization achieve a state of ongoing readiness.

Cybersecurity

Cybersecurity is one item that will likely factor more heavily in your work plan, and appropriately so. Last June, the HHS Health Care Industry Cybersecurity Task Force released a report on improving cybersecurity in the industry. The Task Force concluded that cybersecurity, at its core, is a patient safety issue and a “public health concern that needs immediate and aggressive attention.”

Some of the areas to address in the broader realm of cybersecurity include:

  • Ransomware;
  • Email security, including phishing;
  • Internet of Things (IoT) and devices;
  • Bring your own device (BYOD); and
  • Medical identity theft.

As the Task Force report notes, cybersecurity must be thought about across the continuum of care in your organization. Work to shift the culture and thinking that cybersecurity is simply a technology issue, of concern only to the IT department.

Do this by implementing policies and procedures for key cybersecurity issues and then communicating them across the organization. Follow that with training, including everyone in your organization, from staff to board members. The training should: define cybersecurity; explain how it may manifest in the organization, and address your policies and procedures, making it evident to all what they can and cannot do and how to respond.

Third-Party Vendor Management

The outsourcing of services to third-party vendors is increasingly common and for good reason. Such relationships offer great benefits, but at the same time, these relationships also carry legal, financial, reputational and compliance-related risks. Here are seven questions to evaluate your third-party vendor relationships:

  • Does your organization, as a covered entity (CE) under HIPAA, have a vendor compliance program to help you identify, manage and report on these risks?
  • Do you review and assess your vendors’ risk profile?
  • Are you familiar with each vendor’s hiring practices?
  • Do you know which vendors’ products connect to other IT systems that contain critical data, including protected health information (PHI)?
  • Do you have insight into each vendor’s information security and data privacy capabilities?
  • Do you know with which vendors you have a business associate agreement (BAA)?

For many healthcare organizations, the answer to several of these questions is likely “no,” which creates risk for those organizations. The OIG’s position is clear: healthcare entities have a responsibility to proactively identify, assess and manage the risks associated with their vendor relationships.

All vendors are NOT created equal. A good starting point in managing an effective and efficient third-party compliance program is to perform a risk-ranking of vendors based on their access to critical assets or information. By segmenting your vendor population into “risk tiers” you can focus limited resources on the most serious exposures.

Components of third-party compliance assessment should include, among other things:

  • Due diligence (background, reputation, strategy);
  • Knowledge of, and compliance with, security and privacy requirements;
  • Operations and internal controls (policies and procedures);
  • Workforce controls, background and exclusion checks; and
  • Training and education.

And, of course, with every vendor that meets the criteria of a Business Associate, ensure that a written BAA is in place. BAAs can be complex and are often daunting, but they must be carefully negotiated and acknowledged by both parties.

By ensuring your vendors have strong compliance programs in place and that they are following through on the BAA requirements, your organization is meeting its compliance obligations and doing its best to minimize its risks.

Telehealth

The compliance concerns related to the delivery of care via telehealth are numerous and include the following:

  • Licensing;
  • Credentialing;
  • Security;
  • Regulatory requirements for billing; and
  • Fraud and abuse.

An area to focus some attention on is payment under federal healthcare programs. The OIG currently has two active work items on telehealth, one for Medicaid and one for Medicare. Both of the items relate to the propriety of payment for telehealth services.

If your organization provides telehealth services, consider conducting a risk assessment to determine if you have any exposure in the area. Risk assessments are not strictly one of the 7 required elements of a compliance program, but they are often referred to as the “8th Element” given the focus on them in the Federal Sentencing Guidelines and OIG documents.
Risk assessments, along with the other elements of a compliance program, provide your organization the means to identify, prioritize, remediate and/or mitigate the myriad on-going risks it will encounter. If you are not working your compliance program and specific risk areas throughout the year, you are failing to adequately prepare for an event. By failing to prepare, as one wise man said, you are preparing to fail.

About the Authors: Tim Feldman is Vice President and General Manager of Healthcare Compliance & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. He oversees product development across a vast suite of practice tools and workflow solutions to help professionals stay ahead of regulatory developments and effectively manage compliance activities. Darci L. Friedman, JD, CHPC, CSPO, PMC-III, is the Director of Content Strategy & Author Acquisitions for Healthcare Compliance, Coding & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. She is responsible for supporting the overall strategy for developing new content and features, innovating new product models, and recruiting top content contributors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: 5 Questions Patients Should Ask About Healthcare Information Security

September 8th, 2017 by Melanie Matthews

Patients need to understand the information security protections by their healthcare providers, according to a new infographic by ISACA.

The infographic outlines a few questions that patients can ask of their providers to ensure that those organizations are applying
appropriate and diligent stewardship of the data that they hold in trust.

UnityPoint Health has moved from a siloed approach to improving the patient experience at each of its locations to a system-wide approach that encompasses a consistent, baseline experience while still allowing for each institution to address its specific needs.

Armed with data from its Press Ganey and CAHPS® Hospital Survey scores, UnityPoint’s patient experience team developed a front-line staff-driven improvement action plan.

Improving the Patient Experience: Engaging Front-line Staff for a System-Wide Action Plan, a 45-minute webinar on July 27th, now available for replay, Paige Moore, director, patient experience at UnityPoint Health—Des Moines, shares how the organization switched from a top-down, leadership-driven patient experience improvement approach to one that engages front-line staff to own the process.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: 5 Legal Considerations for Maximizing Telehealth Security

May 25th, 2017 by Ammon Fillmore and Mark Swearingen
Patient privacy and data security are key telehealth concerns providers must address.

Patient information privacy and security are key telehealth concerns for healthcare providers.

Telehealth is one of the fastest growing and developing areas of healthcare today. With this rapid growth come many questions and concerns that arise when legal and regulatory schemes are not able to keep up with the pace of development. One such concern is the legal and regulatory issues relating to the privacy and security of telehealth services. Telehealth services can be provided securely, but specific attention must be paid to information and application security in order to protect patient privacy and comply with laws such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Healthcare provider executives who currently offer, or are considering offering, telehealth services to their patients should give attention and appropriate resources to the following areas in order to maximize the organization’s security posture and operational efficiencies.

Arrangement Structure

One of the primary decisions for a healthcare provider organization to make with any telehealth arrangement is whether the organization will provide the telehealth services itself or in collaboration with a third party. Many considerations will be part of this decision, but information privacy and security should be one of them. An organization should only consider providing telehealth services on its own if it can dedicate sufficient resources and personnel to establishing and maintaining the secure transmission and storage of patient information. Only an organization with a competent and established information technology staff should consider providing telehealth services in this manner.

If an organization chooses instead to collaborate with a third party to provide telehealth services, there are several third parties with whom the organization can collaborate to provide those services securely. Those third parties can provide anything from equipment only to a full range of services, including digital infrastructure and professional physician services. When a third party is involved, the organization must also consider how to structure the arrangement for purposes of HIPAA, including determining whether the third party will be a business associate of the organization or whether the organization and the third party will function as a single Organized Health Care Arrangement (“OHCA”) under HIPAA. These decisions will impact how information flows between the parties and who is responsible for securing that information.

Contractual Protections

Responsibility for securing information where the provider organization collaborates with a third party will be governed by the operative agreements between the parties, including the Business Associate Agreement, where applicable. Provider organizations should be sure that the agreements detail the third party’s security-related obligations and establish the third party’s responsibility for failing to meet those obligations. The operative agreements also should contain sufficient representations and warranties of the third party’s security posture, including the technical specifications that the third party will implement in order to safeguard patient information. Equally important is making sure that the operative agreements include sufficient assurances that patient information will be accessible to the appropriate healthcare provider.

Technical Specifications

Telehealth arrangements will differ in the precise technical specifications that the parties implement to safeguard patient information. However, certain technical specifications are broadly applicable and can significantly reduce security risks. One example of such a specification is the use of encryption technology. Encrypting patient information, both while stored on computer systems and during transmission between systems, is an effective means of safeguarding the information from unauthorized third parties and preventing breaches from occurring. Another such specification is authentication of the participants in a telehealth encounter, the clinicians and patients themselves. It is important that technological measures are implemented to ensure the identity of both the clinicians and patients so that all parties can have confidence that the individuals involved in the encounter are actually who they appear to be. Provider organizations should strongly consider implementing such technologies in any telehealth services arrangement.

Security Awareness

Even the best technical safeguards can be compromised by human error, so it is imperative that effective security awareness training be provided both to workforce members as well as patients. Workforce members who participate in telehealth services arrangements must be made aware of their obligations to protect the privacy and security of patient information under their organization’s policies and procedures and be sanctioned when a violation occurs. Likewise, patients should be provided with information about the security risks present in telehealth arrangements and advised of the steps they can take to mitigate those risks.

Security Risk Analysis

Provider organizations are required under HIPAA to periodically perform an enterprise-wide security risk analysis and to take steps to remediate any risks that are identified. The failure to do so can result in substantial fines and penalties to a provider organization. An enterprise-wide risk analysis considers not only the electronic health record but also any system or equipment that contains electronic patient information, which would include equipment and systems utilized in providing telehealth services. Accordingly, provider organizations should be sure to include telehealth systems in their risk analysis, including those utilized by a third party service and to address any identified risks and vulnerabilities in a timely fashion.

This article is educational in nature and is not intended as legal advice. Always consult your legal counsel with specific legal matters. If you have any questions or would like additional information about this topic, please contact Ammon Fillmore at (317) 977-1492 or afillmore@hallrender.com or Mark Swearingen at (317) 977-1458 or mswearingen@hallrender.com.

About the Authors: Ammon Fillmore and Mark Swearingen are attorneys with Hall, Render, Killian, Heath & Lyman, P.C., the largest healthcare-focused law firm in the country. Please visit the Hall Render Blog for more information on topics related to healthcare law.

Mark Swearingen

Mark Swearingen

Ammon Fillmore

Ammon Fillmore















HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: Healthcare Data Breaches in 2016

February 20th, 2017 by Melanie Matthews

Data breaches in the healthcare industry are increasing every year at an alarming rate, according to a new infographic by Kays Harbor.

In 2016, there were a total of 326 breach incidents, according to the United States Office of Civil Rights. The number of breach incidents is increasing despite awareness, HIPAA regulations, guidelines and strict measures to protect patient privacy.

The infographic drills down on the breaches that occurred in 2016 and how to minimize the risk of a breach this year.

Healthcare Data Breaches in 2016

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Patient Communication Compliance

January 11th, 2017 by Melanie Matthews

Communication with current and potential patients is pivotal to maintaining and growing your practice, but your practice must ensure that you are compliant in all of your communication points with HIPAA, FDA and FTC rules, according to a new infographic by Response Mine.

The infographic touches on all points of patient communication—from digital advertising and marketing to scheduling appointments and patient reminders—to help practices protect patient information and stay compliant.

Patient Communication Compliance

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health SystemIntermountain Healthcare’s strategic six-point patient engagement framework not only has transformed patient care delivered by the Salt Lake City-based organization but also has fostered an attitude of shared accountability throughout the not-for-profit health system.

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health System details Intermountain’s multilayered approach and how it supports its corporate mission: Helping people live the healthiest lives possible.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.