Posts Tagged ‘HIPAA compliance’

Guest Post: HIPAA Compliance and Home Health: Overcoming the Challenges

August 21st, 2018 by Melanie Matthews

When it comes to HIPAA compliance, the mobile nature of home healthcare presents additional challenges over work in a fixed healthcare institution.

Home health workers provide invaluable support to less able patients and are integral to a successful and effective public health service. However, when it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the mobile nature of their work presents additional challenges they would not face working in a fixed healthcare institution. Outlined below are a number of these unique challenges, along with some tips for minimizing the risk of a potential data breach occurring while carrying out care work in the field.

Secure Communication

While there are no specific technology safeguards outlined by the HIPAA Security Rule, it is crucial that security measures for all operating procedures are current, effective and understood by all staff members to ensure a high level of security is achieved at all times.

Messages containing Protected Health Information (PHI) should only be sent through secure channels, and all records of communication containing PHI, such as email trails or message history, must be stored in a secure location with restricted access.

As well as communication via mobile devices, tablets or laptops, it is important to ensure that any face-to-face or telephone discussions regarding PHI take place in a private environment to minimize the risk of unauthorized individuals overhearing confidential information relating to patient(s).

Unsecured Wireless Networks

Free Wi-Fi hotspots are incredibly useful for remote workers, however, they also provide a great opportunity for hackers to intercept any unsecure connections and retrieve personal or sensitive information. To avoid any potential data breaches, employers should ensure all home health workers are aware of the dangers surrounding unrecognized networks and that they have the appropriate safeguards in place, such as the use of VPNs (virtual private networks) and the correct permission settings on their devices.

Disclosure of Information

Due to the nature of home healthcare, patients may require additional help around the home, therefore, family members or friends may sometimes be present during visits from health workers. However, this does not mean they are necessarily authorized to have access to the patient’s medical information. It is important that all home caregivers have received training in this area and understand only to discuss PHI with the patient and authorized persons to avoid putting all parties present in a difficult or uncomfortable situation, and most importantly, to protect the patient’s right to confidentiality.

Misplaced Information: Devices & Paperwork

With home health workers visiting several patients every day, device security (smartphones, laptops, tablets) becomes a major challenge as there is an increased possibility items could be misplaced, left unattended or even stolen. This can have disastrous consequences, particularly if there are accessible files or messages containing PHI saved on the device.

To minimize the risk of a potential data breach due to a lost or stolen mobile device, workers should:

  • Check they have their devices on their persons when they arrive at a patient’s home and when they leave.
  • Ensure there are sufficient access restrictions on the device – such as fingerprint recognition or active screen lock – so that, should it fall into the wrong hands, any sensitive data will remain secure.

While ePHI and digital records are paving the way to a more secure auditing system for confidential medical data, due to the nature of home healthcare, paper charts and records are still a common way of recording patient’s progress during home visits. As it is not possible to password-protect written records, extra care must be taken to ensure they are guarded at all times when in the health worker’s possession, and transferred to a secure location once visits are completed.

To minimize the risk of a potential data breach due to lost paper records, workers should:

  • Ensure that no paperwork containing PHI is left in an unsecure place, for example, on a desk or in an unmanned car overnight.
  • Store the paperwork in a securely locked filing system when not in use.
  • Destroy any records once they are no longer required either by shredding or burning the documents so that they are no longer readable and cannot be restored to a legible condition.

When it comes to HIPAA compliance, the ultimate responsibility lies with the employer. Through implementing training and compliance workshops, undertaking regular risk analysis, and investing in HIPAA-secure tools that facilitate safe communication, collaboration, and data storage, the risk of a data breach can be significantly reduced.

DocbookMD About the Author: Michael Senter joined DocbookMD in March 2015. He has over 15 years of experience providing solutions to highly regulated industries, including healthcare. Most recently, Michael has been focusing on the unique challenge of IT security in healthcare organizations. To find out more about how DocbookMD is improving communication and compliance in home health, visit https://www.docbookmd.com/explore/providers/home-health/.

Infographic: HIPAA Compliance Checklist & Healthcare Cybersecurity Awareness

July 30th, 2018 by Melanie Matthews

While Health Insurance Portability and Accountability Act audits by the Department of Health and Human Services (HHS) continue to ramp up, healthcare organizations have seen penalties and settlement agreements between healthcare organizations and HHS in the millions of dollars, according to a new infographic by eFax Corporate.

The infographic provides a checklist of important information to help healthcare organizations with HIPAA compliance.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: A Report on Healthcare Data Security & Privacy Compliance

July 26th, 2018 by Gary Palgon

Privacy and security regulations for enterprise data in healthcare organizations are complex and current efforts to bolster enterprise data compliance among all organizations, including those in healthcare, are immature and ineffective, according to a recent study conducted by Aberdeen, an industry analyst firm.

In fact, 86 percent of 112 hospitals and hospital groups in the study are dealing with multiple types of data and data-related processes that are subject to compliance requirements. This is not surprising because healthcare organizations generate, collect, store and manage financial transactions, personally identifiable information, protected health information, employee records and confidential or intellectual property records such as partnership agreements and contracts.

When asked if their organizations were compliant with 11 common regulations and frameworks for data privacy and security, only 65 percent reported achievement. PHI has the highest percentage of compliance reported—85 percent. The lowest compliance rates were reported for ISO 27001 and the General Data Protection Regulation at 63 percent and 48 percent respectively.

To measure the maturity of healthcare organizations’ efforts to comply with privacy and security requirements for data, Aberdeen developed a Net Maturity Index across six key elements of an enterprise data lifecycle. An index score above 50 percent indicates strong maturity in compliance activities and below 50 percent indicates immaturity.

Managing data, which includes normalizing, cleansing, validating and correlating data, earned a 66.6 percent score for healthcare respondents, the only element that indicated maturity. Scores for other key elements were:

  • 49 percent for storing data—persistent, on-demand, self-service access to data;
  • 41.2 percent for protecting data—encryption, tokenization;
  • 33.4 percent for syndicating data between any two applications—including mobile, connected devices, on-premises or cloud;
  • 25.4 percent for ingesting data into a common repository—cloud-based, data lakes; and
  • 3.9 percent for integrating data from multiple sources—disparate sources, formats and protocols

The immaturity of the data lifecycle and associated enterprise data compliance efforts has real-world consequences for healthcare entities. Four out of five (81 percent) study participants reported at least one data privacy and non-compliance issue in the past year, and two out of three (66 percent) reported at least one data breach in the past year.

Investment in data compliance efforts is not lacking. A median of 37 percent of the overall IT budget of healthcare survey respondents is allocated to data compliance activities. This is a significant amount of funding to still experience data breaches, data compliance issues and low percentage of achievement of compliance with multiple enterprise data security and privacy regulations. When compared to respondents from life science and other industries, healthcare respondents reported the highest percentage of the IT budget devoted to data compliance.

The survey also indicated that healthcare organizations are more likely than organizations in other industries to have instituted compliance-specific governance processes and appointed specialized leadership such as data protection officers, compliance officers or chief risk officers, to oversee enterprise data compliance initiatives. While these are often considered to be best practices for achieving data compliance, still less than half of all healthcare organizations have instituted these approaches. Having specialized leadership is one of the most likely ways to effectively address enterprise data security and privacy compliance issues but it may also present further complications. Although the role may be assigned to an individual, the task of ensuring compliance with multiple regulations that evolve and change along with new technology and the addition of new data sources, requires an expertise that is difficult to achieve and oversee by one person who probably wears multiple hats in the organization.

One solution to the complex, challenging task of achieving data security and privacy compliance is the use of third-party providers who can address the healthcare organization’s need to enhance integration, management and storage of data. Providers who are experts at data management and integration but also provide the added value of the expertise needed to ensure compliance with regulatory requirements affecting data will offset some of the burden on hospital staff. The solution is not a simple application or a one-off project. Achieving and sustaining compliance with data privacy and security rules as they evolve is an ongoing effort.

The study also points to the need to better manage financial investment in compliance strategies. One option for healthcare organizations is managed services agreements with data management and integration providers. Switching to a predictable, monthly fee versus periodic capital investment or ongoing efforts that are ineffective frees IT funds to be used to advance other hospital goals.

Although many healthcare organizations do not consider outsourcing some of their data management, integration and compliance challenges, but choosing a partner wisely—one with expertise in healthcare as well as other data-centric industries with multiple privacy and security requirements—can reduce the compliance burden on an already overworked hospital IT staff and make funds available to continue digital transformation or other strategic initiatives.

Read the overall survey report here: Enterprise Data in 2018: The State of Privacy and Security Compliance

Read the brief on results for healthcare organizations here: Enterprise Data in 2018: The State of Privacy and Security Compliance in Healthcare

About the Author:

Gary Palgon

Gary Palgon

Gary Palgon is vice president of healthcare and life sciences solutions at Liaison Technologies. In this role, Gary leverages more than two decades of product management, sales, and marketing experience to develop and expand Liaison’s data-inspired solutions for the healthcare and life sciences. His unique blend of expertise bridges the gap between the technical and business aspects of healthcare, data security, and electronic commerce.

Infographic: HIPAA Healthcare Data Breaches in 2017

March 9th, 2018 by Melanie Matthews

The severity of HIPAA data breaches in 2017 might have decreased but not the number of breaches, according to a Kays Harbor Technologies analysis.

A new infographic by Kays Harbor Technologies looks at the number of reported HIPAA data breaches to the Department of Health and Human Services’ Office of Civil Rights, the number of individuals impacted by these breaches, the top breaches and predictions on the 2018 breach landscape.

2018 Healthcare Benchmarks: Telehealth & Remote Patient MonitoringArtificial intelligence. Automation. Blockchain. Robotics. Once the domain of science fiction, these telehealth technologies have begun to transform the fabric of healthcare delivery systems.
As further proof of telehealth’s explosive growth, the use of wearable health-tracking devices and remote patient monitoring has proliferated, and the Centers for Medicare and Medicaid Services (CMS) has added several new provider telehealth billing codes for calendar year 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient Monitoring delivers the latest actionable telehealth and remote patient monitoring metrics on tools, applications, challenges, successes and ROI from healthcare organizations across the care spectrum. This 60-page report, now in its fifth edition, documents benchmarks on current and planned telehealth and remote patient monitoring initiatives as well as the use of emerging technologies in the healthcare space.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Business Associate Risks in Healthcare

July 27th, 2015 by Melanie Matthews

Many healthcare covered entities feel that their business associates’ inadequate security precautions pose one of the top threats to their organizations, according to new study by ISMG, “Healthcare Information Security Today.”

A new infographic by CynergisTek, Inc. highlights the risks associated with business associates as well as examples of recent breaches that have occurred at a business associate.

Business Associate ManualBusiness Associate Manual is a template-style manual that can be easily adapted to align with your compliance needs as a business associate (BA). All content complies with the Omnibus Rule.

Specifically developed to help BAs meet complex privacy & security compliance requirements. The Business Associate Manual includes: 6 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 4 forms and templates.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 5 Elements of an Effective HIPAA Audit Program

October 8th, 2014 by Melanie Matthews

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) upcoming permanent HIPAA audit program demonstrates a more aggressive approach to investigating compliance, according to a new infographic by Coalfire.

The infographic outlines the five key elements for a comprehensive, vigilant HIPAA compliance program.

5 Elements of an Effective HIPAA Audit Program

HIPAA Compliance Manual The customized HIPAA Compliance Manual contains the policy and procedure documentation required by the HIPAA privacy and security rules and HITECH. Operating forms are included in the manual for ease of customization for your office. The manual also includes state laws and regulations that interface with HIPAA and state identity theft laws.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA, HiTech and Cloud Security

June 28th, 2013 by Melanie Matthews

As more and more healthcare data is stored electronically, the opportunities for HIPAA violations and security breaches are increasing.

Increased use of EMRs, mobile access to healthcare data and the cloud have increased the risk of healthcare data security and raised concerns among patients about the security and privacy of their healthcare information, according to a new infographic by Green House Data. The infographic also details the types of security breaches that have occurred.

Healthcare IT --- HIPAA, HiTech and Cloud Security

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

You may also be interested in this related resource: Electronic Health Records: Strategies for Long-Term Success.