Archive for the ‘HIPAA’ Category

Infographic: Healthcare Cloud Data Security Report

July 31st, 2019 by Melanie Matthews

Some 32 percent of healthcare organizations store 100 percent of their sensitive data (e.g., healthcare data and the personal data of customers and employees) in the cloud. However, lack of sufficient budget could prevent at least 30 percent of them from achieving their data security goals, according to a new infographic by Netwrix Corporation.

The infographic examines the state of healthcare data security in the cloud, how healthcare organizations plan to strengthen cloud security data as well as cloud security budgeting and other trends.

2018 Healthcare Benchmarks: Telehealth & Remote Patient MonitoringArtificial intelligence. Automation. Blockchain. Robotics.

Once the domain of science fiction, these telehealth technologies have begun to transform the fabric of healthcare delivery systems. As further proof of telehealth’s explosive growth, the use of wearable health-tracking devices and remote patient monitoring has proliferated, and the Centers for Medicare and Medicaid Services (CMS) has added several new provider telehealth billing codes for calendar year 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient Monitoring delivers the latest actionable telehealth and remote patient monitoring metrics on tools, applications, challenges, successes and ROI from healthcare organizations across the care spectrum. This 60-page report, now in its fifth edition, documents benchmarks on current and planned telehealth and remote patient monitoring initiatives as well as the use of emerging technologies in the healthcare space.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infograpic: Get Rid of PHI Securely

June 21st, 2019 by Melanie Matthews

HIPAA requires proper disposal methods for protected health information (PHI), according to a new infographic by First Healthcare Compliance.

The infographic examines types of PHI and disposal methods for various types of PHI.

A New Vision for Remote Patient Monitoring: Creating Sustainable Financial, Operational and Clinical OutcomesAs healthcare moves out of the brick-and-mortar traditional setting into patients’ homes and their workplaces, and becomes much more proactive, the University of Pittsburgh Medical Center (UPMC) has been expanding its remote patient monitoring program. The remote patient monitoring program at UPMC has its roots in the heart failure program but has since expanded to additional disease states across the integrated delivery system’s continuum of care.

A New Vision for Remote Patient Monitoring: Creating Sustainable Financial, Operational and Clinical Outcomes delves into the evolution of UPMC’s remote patient monitoring program from its initial focus on heart failure to how the program was scaled vertically and horizontally. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: The Top 10 Reasons You Need a Digital Healthcare Security Check-Up

March 22nd, 2019 by Melanie Matthews

Healthcare organizations continue to have the highest breach-related costs of any industry at $408 per stolen record, according to a new infographic by Keyfactor.

The infographic examines trends surrounding healthcare data breaches, Internet of Medical Technology and emerging technology.

Remote Patient Monitoring for Chronic Condition Management: Leveraging Technology in a Value-Based System Encouraged by early success in coaching 23 patients to wellness at home via remote monitoring, CHRISTUS Health expanded its remote patient monitoring (RPM) enrollment to 170 high-risk, high-cost patients. At that scaling-up juncture, the challenge for CHRISTUS shifted to balancing its mission of keeping patients healthy and in their homes with maintaining revenue streams sufficient to keep its doors open in a largely fee-for-service environment.

Remote Patient Monitoring for Chronic Condition Management: Leveraging Technology in a Value-Based System chronicles the evolution of the CHRISTUS RPM pilot, which is framed around a Bluetooth®-enabled monitoring kit sent home with patients at hospital discharge.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 5 Sure Fire Ways to Draw a HIPAA Violation

February 25th, 2019 by Melanie Matthews

Fines levied by the U.S. Department of Health and Human Services’ Office of Civil Rights for a HIPAA violation can reach up to $50,000 per violation, according to a new infographic by Accellion.

The infographic provides five sure fire ways to draw a HIPAA violation.

Health Analytics in Accountable Care: Leveraging Data to Transform ACO Performance and Results Between Medicare’s aggressive migration to value-based payment models and MACRA’s 2017 Quality Payment Program rollout, healthcare providers must accept the inevitability of participation in fee-for-quality reimbursement design—as well as cultivating a grounding in health data analytics to enhance success.

As an early adopter of the Medicare Shared Savings Program (MSSP) and the largest sponsor of MSSP accountable care organizations (ACOs), Collaborative Health Systems (CHS) is uniquely positioned to advise providers on the benefits of data analytics and technology, which CHS views as a major driver in its achievements in the MSSP arena. In performance year 2014, nine of CHS’s 24 MSSP ACOs generated savings and received payments of almost $27 million.

Health Analytics in Accountable Care: Leveraging Data to Transform ACO Performance and Results documents the accomplishments of CHS’s 24 ACOs under the MSSP program, the crucial role of data analytics in CHS operations, and the many lessons learned as an early trailblazer in value-based care delivery.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Privacy Concerns

February 18th, 2019 by Melanie Matthews

Four out of five physicians have experienced a cybersecurity attack, according to a new infographic by Liquid Technology Inc.

The infographic details the numbers behind the top healthcare cybersecurity threats.

A New Vision for Remote Patient Monitoring: Creating Sustainable Financial, Operational and Clinical OutcomesAs healthcare moves out of the brick-and-mortar traditional setting into patients’ homes and their workplaces, and becomes much more proactive, the University of Pittsburgh Medical Center (UPMC) has been expanding its remote patient monitoring program. The remote patient monitoring program at UPMC has its roots in the heart failure program but has since expanded to additional disease states across the integrated delivery system’s continuum of care.

A New Vision for Remote Patient Monitoring: Creating Sustainable Financial, Operational and Clinical Outcomes delves into the evolution of UPMC’s remote patient monitoring program from its initial focus on heart failure to how the program was scaled vertically and horizontally. Click here for more information.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: HIPAA Compliance and Home Health: Overcoming the Challenges

August 21st, 2018 by Melanie Matthews

When it comes to HIPAA compliance, the mobile nature of home healthcare presents additional challenges over work in a fixed healthcare institution.

Home health workers provide invaluable support to less able patients and are integral to a successful and effective public health service. However, when it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the mobile nature of their work presents additional challenges they would not face working in a fixed healthcare institution. Outlined below are a number of these unique challenges, along with some tips for minimizing the risk of a potential data breach occurring while carrying out care work in the field.

Secure Communication

While there are no specific technology safeguards outlined by the HIPAA Security Rule, it is crucial that security measures for all operating procedures are current, effective and understood by all staff members to ensure a high level of security is achieved at all times.

Messages containing Protected Health Information (PHI) should only be sent through secure channels, and all records of communication containing PHI, such as email trails or message history, must be stored in a secure location with restricted access.

As well as communication via mobile devices, tablets or laptops, it is important to ensure that any face-to-face or telephone discussions regarding PHI take place in a private environment to minimize the risk of unauthorized individuals overhearing confidential information relating to patient(s).

Unsecured Wireless Networks

Free Wi-Fi hotspots are incredibly useful for remote workers, however, they also provide a great opportunity for hackers to intercept any unsecure connections and retrieve personal or sensitive information. To avoid any potential data breaches, employers should ensure all home health workers are aware of the dangers surrounding unrecognized networks and that they have the appropriate safeguards in place, such as the use of VPNs (virtual private networks) and the correct permission settings on their devices.

Disclosure of Information

Due to the nature of home healthcare, patients may require additional help around the home, therefore, family members or friends may sometimes be present during visits from health workers. However, this does not mean they are necessarily authorized to have access to the patient’s medical information. It is important that all home caregivers have received training in this area and understand only to discuss PHI with the patient and authorized persons to avoid putting all parties present in a difficult or uncomfortable situation, and most importantly, to protect the patient’s right to confidentiality.

Misplaced Information: Devices & Paperwork

With home health workers visiting several patients every day, device security (smartphones, laptops, tablets) becomes a major challenge as there is an increased possibility items could be misplaced, left unattended or even stolen. This can have disastrous consequences, particularly if there are accessible files or messages containing PHI saved on the device.

To minimize the risk of a potential data breach due to a lost or stolen mobile device, workers should:

  • Check they have their devices on their persons when they arrive at a patient’s home and when they leave.
  • Ensure there are sufficient access restrictions on the device – such as fingerprint recognition or active screen lock – so that, should it fall into the wrong hands, any sensitive data will remain secure.

While ePHI and digital records are paving the way to a more secure auditing system for confidential medical data, due to the nature of home healthcare, paper charts and records are still a common way of recording patient’s progress during home visits. As it is not possible to password-protect written records, extra care must be taken to ensure they are guarded at all times when in the health worker’s possession, and transferred to a secure location once visits are completed.

To minimize the risk of a potential data breach due to lost paper records, workers should:

  • Ensure that no paperwork containing PHI is left in an unsecure place, for example, on a desk or in an unmanned car overnight.
  • Store the paperwork in a securely locked filing system when not in use.
  • Destroy any records once they are no longer required either by shredding or burning the documents so that they are no longer readable and cannot be restored to a legible condition.

When it comes to HIPAA compliance, the ultimate responsibility lies with the employer. Through implementing training and compliance workshops, undertaking regular risk analysis, and investing in HIPAA-secure tools that facilitate safe communication, collaboration, and data storage, the risk of a data breach can be significantly reduced.

DocbookMD About the Author: Michael Senter joined DocbookMD in March 2015. He has over 15 years of experience providing solutions to highly regulated industries, including healthcare. Most recently, Michael has been focusing on the unique challenge of IT security in healthcare organizations. To find out more about how DocbookMD is improving communication and compliance in home health, visit https://www.docbookmd.com/explore/providers/home-health/.

Infographic: 2018 Health Data Breaches Fast Facts

August 1st, 2018 by Melanie Matthews

There have been 165 healthcare data breaches so far in 2018, affecting 3.2 million people, according to a new infographic by Optimum Healthcare IT.

The infographic examines the types of breaches that have occurred.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Compliance Checklist & Healthcare Cybersecurity Awareness

July 30th, 2018 by Melanie Matthews

While Health Insurance Portability and Accountability Act audits by the Department of Health and Human Services (HHS) continue to ramp up, healthcare organizations have seen penalties and settlement agreements between healthcare organizations and HHS in the millions of dollars, according to a new infographic by eFax Corporate.

The infographic provides a checklist of important information to help healthcare organizations with HIPAA compliance.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: A Report on Healthcare Data Security & Privacy Compliance

July 26th, 2018 by Gary Palgon

Privacy and security regulations for enterprise data in healthcare organizations are complex and current efforts to bolster enterprise data compliance among all organizations, including those in healthcare, are immature and ineffective, according to a recent study conducted by Aberdeen, an industry analyst firm.

In fact, 86 percent of 112 hospitals and hospital groups in the study are dealing with multiple types of data and data-related processes that are subject to compliance requirements. This is not surprising because healthcare organizations generate, collect, store and manage financial transactions, personally identifiable information, protected health information, employee records and confidential or intellectual property records such as partnership agreements and contracts.

When asked if their organizations were compliant with 11 common regulations and frameworks for data privacy and security, only 65 percent reported achievement. PHI has the highest percentage of compliance reported—85 percent. The lowest compliance rates were reported for ISO 27001 and the General Data Protection Regulation at 63 percent and 48 percent respectively.

To measure the maturity of healthcare organizations’ efforts to comply with privacy and security requirements for data, Aberdeen developed a Net Maturity Index across six key elements of an enterprise data lifecycle. An index score above 50 percent indicates strong maturity in compliance activities and below 50 percent indicates immaturity.

Managing data, which includes normalizing, cleansing, validating and correlating data, earned a 66.6 percent score for healthcare respondents, the only element that indicated maturity. Scores for other key elements were:

  • 49 percent for storing data—persistent, on-demand, self-service access to data;
  • 41.2 percent for protecting data—encryption, tokenization;
  • 33.4 percent for syndicating data between any two applications—including mobile, connected devices, on-premises or cloud;
  • 25.4 percent for ingesting data into a common repository—cloud-based, data lakes; and
  • 3.9 percent for integrating data from multiple sources—disparate sources, formats and protocols

The immaturity of the data lifecycle and associated enterprise data compliance efforts has real-world consequences for healthcare entities. Four out of five (81 percent) study participants reported at least one data privacy and non-compliance issue in the past year, and two out of three (66 percent) reported at least one data breach in the past year.

Investment in data compliance efforts is not lacking. A median of 37 percent of the overall IT budget of healthcare survey respondents is allocated to data compliance activities. This is a significant amount of funding to still experience data breaches, data compliance issues and low percentage of achievement of compliance with multiple enterprise data security and privacy regulations. When compared to respondents from life science and other industries, healthcare respondents reported the highest percentage of the IT budget devoted to data compliance.

The survey also indicated that healthcare organizations are more likely than organizations in other industries to have instituted compliance-specific governance processes and appointed specialized leadership such as data protection officers, compliance officers or chief risk officers, to oversee enterprise data compliance initiatives. While these are often considered to be best practices for achieving data compliance, still less than half of all healthcare organizations have instituted these approaches. Having specialized leadership is one of the most likely ways to effectively address enterprise data security and privacy compliance issues but it may also present further complications. Although the role may be assigned to an individual, the task of ensuring compliance with multiple regulations that evolve and change along with new technology and the addition of new data sources, requires an expertise that is difficult to achieve and oversee by one person who probably wears multiple hats in the organization.

One solution to the complex, challenging task of achieving data security and privacy compliance is the use of third-party providers who can address the healthcare organization’s need to enhance integration, management and storage of data. Providers who are experts at data management and integration but also provide the added value of the expertise needed to ensure compliance with regulatory requirements affecting data will offset some of the burden on hospital staff. The solution is not a simple application or a one-off project. Achieving and sustaining compliance with data privacy and security rules as they evolve is an ongoing effort.

The study also points to the need to better manage financial investment in compliance strategies. One option for healthcare organizations is managed services agreements with data management and integration providers. Switching to a predictable, monthly fee versus periodic capital investment or ongoing efforts that are ineffective frees IT funds to be used to advance other hospital goals.

Although many healthcare organizations do not consider outsourcing some of their data management, integration and compliance challenges, but choosing a partner wisely—one with expertise in healthcare as well as other data-centric industries with multiple privacy and security requirements—can reduce the compliance burden on an already overworked hospital IT staff and make funds available to continue digital transformation or other strategic initiatives.

Read the overall survey report here: Enterprise Data in 2018: The State of Privacy and Security Compliance

Read the brief on results for healthcare organizations here: Enterprise Data in 2018: The State of Privacy and Security Compliance in Healthcare

About the Author:

Gary Palgon

Gary Palgon

Gary Palgon is vice president of healthcare and life sciences solutions at Liaison Technologies. In this role, Gary leverages more than two decades of product management, sales, and marketing experience to develop and expand Liaison’s data-inspired solutions for the healthcare and life sciences. His unique blend of expertise bridges the gap between the technical and business aspects of healthcare, data security, and electronic commerce.

Guest Post: Staying HIPAA Compliant When Using Smartphones

July 5th, 2018 by Brad Spannbauer

Smartphones in Healthcare

Introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit ePHI.

Smartphones are becoming increasingly ubiquitous in clinical settings. When compared with the likes of pagers, smartphones offer many benefits, such as improved communication and collaboration, increased mobility, and more advanced security and privacy features. However, despite these benefits, introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit electronic protected health information (ePHI).

The compact size and portability of smartphones is what makes them so convenient for on-the-go healthcare professionals, but it is also this which makes them particularly susceptible to loss or theft, which can lead to data breaches.

According to a Ponemon study, 90 percent of healthcare organizations have been affected by at least one data breach, and nearly half have had more than five data breaches. While malicious activity continues to be the leading cause of these attacks, employee negligence and lost or stolen devices are the primary instigators.

Eliminating the security and privacy threats introduced by smartphones isn’t easy, but by addressing the following key areas, HIPAA (Health Insurance Portability and Accountability Act of 1996) covered entities can mitigate the risks and significantly reduce the likelihood of a data breach occurring.

Put a stop to non-secure communication

In today’s cyber crime ridden world, organizations must be proactive in guarding every aspect of their digital infrastructure, and maintaining secure communications is a key part of this process. Non-secure applications such as email or native text messaging apps are inherently risky due to a lack of security features and privacy controls, which ultimately render them non-compliant under the rules of HIPAA. Instead of using unsecure tools, healthcare providers should invest in secure communication solutions that are designed to withstand the rigors and regulations of healthcare.

Educate your workforce

Research by IBM suggests that 95 percent of all security incidents in 2016 involved human error—misaddressed emails, weak passwords and falling prey to phishing schemes are prime examples of how data breaches can occur due to carelessness or lack of proper education. Additionally, the rise in BYOD (Bring Your Own Device) means employees are more frequently using devices both inside and outside the office, which naturally increases the risks of a device being lost, stolen, or accessed by an unauthorized third party. Regular staff training should therefore be a top priority for any organization that allows its employees to use a mobile device for work purposes. Ultimately the onus is on employers to ensure employees understand their responsibilities, and to provide the tools to allow them to carry out their jobs effectively and securely.

Follow OCR’s advice

In recognition of the risks associated with increased usage of smartphones in clinical settings, the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) has issued guidance for HIPAA covered entities who use mobile devices to create, access or store ePHI. The guide offers the following tips:

  • Implement policies and procedures regarding the use of mobile devices in the workplace—especially when used to create, receive, maintain, or transmit ePHI.
  • Consider using Mobile Device Management (MDM) software to manage and secure mobile devices.
  • Install or enable automatic lock/logoff functionality.
  • Require authentication to use or unlock mobile devices.
  • Regularly install security patches and updates.
  • Install or enable encryption, anti-virus/anti-malware software, and remote wipe capabilities.
  • Use a privacy screen to prevent people close by from reading information on your screen.
  • Use only secure Wi-Fi connections.
  • Use a secure Virtual Private Network (VPN).
  • Reduce risks posed by third-party apps by prohibiting the downloading of third-party apps, using whitelisting to allow installation of only approved apps, securely separating ePHI from apps, and verifying that apps only have the minimum necessary permissions required.
  • Securely delete all PHI stored on a mobile device before discarding or reusing the mobile device.
  • Include training on how to securely use mobile devices in workforce training programs.

Remember, at the end of the day, if you allow ePHI to be stored on mobile devices, some of those devices inevitably will be lost or stolen. And if that ePHI is not adequately protected through strong encryption along with robust access controls as described above, you will have a reportable data breach on your hands. So plan accordingly.

As devices and applications become more technically advanced, and as more and more healthcare organizations leverage the advantages of smartphones over traditional tools, smartphone usage is only set to increase. To realize the benefits, however, it is critical that the security of mobile devices is reviewed and updated regularly, and policies are modified when necessary. Convenience should never come before compliance.

About the Author:

Brad Spannbauer

Brad Spannbauer

A 20 year industry veteran, Brad Spannbauer currently oversees product strategy and planning, and provides direction and market leadership for j2 Cloud Connect’s worldwide business as their Senior Director of Product Management. His focus in the healthcare and legal verticals led to Brad’s involvement with the j2 Cloud Services™ compliance team, where he leads the team as the company’s HIPAA Privacy and Compliance Officer. Learn more about our HIPAA Compliant Fax Solutions.