Posts Tagged ‘HIPAA’

Guest Post: Staying HIPAA Compliant When Using Smartphones

July 5th, 2018 by Brad Spannbauer

Smartphones in Healthcare

Introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit ePHI.

Smartphones are becoming increasingly ubiquitous in clinical settings. When compared with the likes of pagers, smartphones offer many benefits, such as improved communication and collaboration, increased mobility, and more advanced security and privacy features. However, despite these benefits, introducing smartphones into a healthcare environment also brings new security risks, especially when devices are used to create, receive, maintain or transmit electronic protected health information (ePHI).

The compact size and portability of smartphones is what makes them so convenient for on-the-go healthcare professionals, but it is also this which makes them particularly susceptible to loss or theft, which can lead to data breaches.

According to a Ponemon study, 90 percent of healthcare organizations have been affected by at least one data breach, and nearly half have had more than five data breaches. While malicious activity continues to be the leading cause of these attacks, employee negligence and lost or stolen devices are the primary instigators.

Eliminating the security and privacy threats introduced by smartphones isn’t easy, but by addressing the following key areas, HIPAA (Health Insurance Portability and Accountability Act of 1996) covered entities can mitigate the risks and significantly reduce the likelihood of a data breach occurring.

Put a stop to non-secure communication

In today’s cyber crime ridden world, organizations must be proactive in guarding every aspect of their digital infrastructure, and maintaining secure communications is a key part of this process. Non-secure applications such as email or native text messaging apps are inherently risky due to a lack of security features and privacy controls, which ultimately render them non-compliant under the rules of HIPAA. Instead of using unsecure tools, healthcare providers should invest in secure communication solutions that are designed to withstand the rigors and regulations of healthcare.

Educate your workforce

Research by IBM suggests that 95 percent of all security incidents in 2016 involved human error—misaddressed emails, weak passwords and falling prey to phishing schemes are prime examples of how data breaches can occur due to carelessness or lack of proper education. Additionally, the rise in BYOD (Bring Your Own Device) means employees are more frequently using devices both inside and outside the office, which naturally increases the risks of a device being lost, stolen, or accessed by an unauthorized third party. Regular staff training should therefore be a top priority for any organization that allows its employees to use a mobile device for work purposes. Ultimately the onus is on employers to ensure employees understand their responsibilities, and to provide the tools to allow them to carry out their jobs effectively and securely.

Follow OCR’s advice

In recognition of the risks associated with increased usage of smartphones in clinical settings, the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) has issued guidance for HIPAA covered entities who use mobile devices to create, access or store ePHI. The guide offers the following tips:

  • Implement policies and procedures regarding the use of mobile devices in the workplace—especially when used to create, receive, maintain, or transmit ePHI.
  • Consider using Mobile Device Management (MDM) software to manage and secure mobile devices.
  • Install or enable automatic lock/logoff functionality.
  • Require authentication to use or unlock mobile devices.
  • Regularly install security patches and updates.
  • Install or enable encryption, anti-virus/anti-malware software, and remote wipe capabilities.
  • Use a privacy screen to prevent people close by from reading information on your screen.
  • Use only secure Wi-Fi connections.
  • Use a secure Virtual Private Network (VPN).
  • Reduce risks posed by third-party apps by prohibiting the downloading of third-party apps, using whitelisting to allow installation of only approved apps, securely separating ePHI from apps, and verifying that apps only have the minimum necessary permissions required.
  • Securely delete all PHI stored on a mobile device before discarding or reusing the mobile device.
  • Include training on how to securely use mobile devices in workforce training programs.

Remember, at the end of the day, if you allow ePHI to be stored on mobile devices, some of those devices inevitably will be lost or stolen. And if that ePHI is not adequately protected through strong encryption along with robust access controls as described above, you will have a reportable data breach on your hands. So plan accordingly.

As devices and applications become more technically advanced, and as more and more healthcare organizations leverage the advantages of smartphones over traditional tools, smartphone usage is only set to increase. To realize the benefits, however, it is critical that the security of mobile devices is reviewed and updated regularly, and policies are modified when necessary. Convenience should never come before compliance.

About the Author:

Brad Spannbauer

Brad Spannbauer

A 20 year industry veteran, Brad Spannbauer currently oversees product strategy and planning, and provides direction and market leadership for j2 Cloud Connect’s worldwide business as their Senior Director of Product Management. His focus in the healthcare and legal verticals led to Brad’s involvement with the j2 Cloud Services™ compliance team, where he leads the team as the company’s HIPAA Privacy and Compliance Officer. Learn more about our HIPAA Compliant Fax Solutions.

Infographic: HIPAA Healthcare Data Breaches in 2017

March 9th, 2018 by Melanie Matthews

The severity of HIPAA data breaches in 2017 might have decreased but not the number of breaches, according to a Kays Harbor Technologies analysis.

A new infographic by Kays Harbor Technologies looks at the number of reported HIPAA data breaches to the Department of Health and Human Services’ Office of Civil Rights, the number of individuals impacted by these breaches, the top breaches and predictions on the 2018 breach landscape.

2018 Healthcare Benchmarks: Telehealth & Remote Patient MonitoringArtificial intelligence. Automation. Blockchain. Robotics. Once the domain of science fiction, these telehealth technologies have begun to transform the fabric of healthcare delivery systems.
As further proof of telehealth’s explosive growth, the use of wearable health-tracking devices and remote patient monitoring has proliferated, and the Centers for Medicare and Medicaid Services (CMS) has added several new provider telehealth billing codes for calendar year 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient Monitoring delivers the latest actionable telehealth and remote patient monitoring metrics on tools, applications, challenges, successes and ROI from healthcare organizations across the care spectrum. This 60-page report, now in its fifth edition, documents benchmarks on current and planned telehealth and remote patient monitoring initiatives as well as the use of emerging technologies in the healthcare space.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 5 Questions Patients Should Ask About Healthcare Information Security

September 8th, 2017 by Melanie Matthews

Patients need to understand the information security protections by their healthcare providers, according to a new infographic by ISACA.

The infographic outlines a few questions that patients can ask of their providers to ensure that those organizations are applying
appropriate and diligent stewardship of the data that they hold in trust.

UnityPoint Health has moved from a siloed approach to improving the patient experience at each of its locations to a system-wide approach that encompasses a consistent, baseline experience while still allowing for each institution to address its specific needs.

Armed with data from its Press Ganey and CAHPS® Hospital Survey scores, UnityPoint’s patient experience team developed a front-line staff-driven improvement action plan.

Improving the Patient Experience: Engaging Front-line Staff for a System-Wide Action Plan, a 45-minute webinar on July 27th, now available for replay, Paige Moore, director, patient experience at UnityPoint Health—Des Moines, shares how the organization switched from a top-down, leadership-driven patient experience improvement approach to one that engages front-line staff to own the process.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Data Breaches in 2016

February 20th, 2017 by Melanie Matthews

Data breaches in the healthcare industry are increasing every year at an alarming rate, according to a new infographic by Kays Harbor.

In 2016, there were a total of 326 breach incidents, according to the United States Office of Civil Rights. The number of breach incidents is increasing despite awareness, HIPAA regulations, guidelines and strict measures to protect patient privacy.

The infographic drills down on the breaches that occurred in 2016 and how to minimize the risk of a breach this year.

Healthcare Data Breaches in 2016

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Is Your Healthcare Data Safe?

December 12th, 2016 by Melanie Matthews

Data loss from U.S. hospitals, urgent care centers, dental practices and clinics is reaching epidemic proportions, according to a new infographic from safetica. Last year the confidential records of one-in-three healthcare patients in the United States were compromised. But what are the costs and causes of data breaches—and how can they be prevented?

The infographic examines the impact of data breaches, the cost of a data breach and a checklist to compare your organization’s data security practices against recent HIPAA case law.

Is Your Patient Data Protected?

2016 Healthcare Benchmarks: Data Analytics and IntegrationThe 2016 Healthcare Benchmarks: Data Analytics and Integration assembles hundreds of metrics on data analytics and integration from hospitals, health plans, physician practices and other responding organizations, charting the impact of data analytics on population health management, health outcomes, utilization and cost.

2016 Healthcare Benchmarks: Data Analytics and Integration examines the goals, data types, collection processes, program elements, challenges and successes shared by healthcare organizations responding to the January 2016 Data Analytics survey by the Healthcare Intelligence Network. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 2016 Healthcare Privacy & Security Outlook

February 26th, 2016 by Melanie Matthews

2015 was the year of mega security and privacy breaches in healthcare, according to a new infographic by CynergisTek.

The infographic highlights CynergisTek’s predictions for what will come to the forefront of the healthcare privacy and security industry this year, including medical device security, healthcare as a target and more hacking.

Covered Entity Manual Covered Entity Manual is a template-style download manual that can be easily adapted to align with your compliance needs as a covered entity. All content complies with the Omnibus Rule.

Covered Entity-Specific Manual provides you with a generic, comprehensive set of policies and procedures: 33 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 12 forms and templates, including a notice of privacy practices.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Physical Safeguards

January 27th, 2016 by Melanie Matthews

Physical safeguards are set of rules and guidelines that outline how the physical storage and access to protected health information should be managed under HIPAA security rules, according to a new infographic by Vigyanix.

The infographic details the Physical Safeguard requirements for facility access controls, workstation use and security and device and media control.

Business Associate ManualBusiness Associate Manual is a template-style manual that can be easily adapted to align with your compliance needs as a business associate (BA). All content complies with the Omnibus Rule.

Specifically developed to help BAs meet complex privacy & security compliance requirements. The Business Associate Manual includes: 6 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 4 forms and templates.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Data Breaches on the Rise

October 2nd, 2015 by Melanie Matthews

HIPAA Data Breaches on the RiseHIPAA data breaches are rising, according to research conducted by Privacy Analytics Inc. for a new infographic, HIPAA Breaches 2009-2015.

Culling data from the Office of Civil Rights, Privacy Analytics found over 1,286 reported incidents affecting 153 million individuals at the time of publication. The largest breach was earlier this year from Anthem Insurance, reporting over 78 million records being breached. According to the Guide to the De-identification of Personal Health Information, the costs incurred for a breach – including notification, legal fines, legal fees, forensics, PR and more – is approximately $208 per person. The average data breach was over 100,000 records and cost $24 million. States with the highest number of individual records breached were Indiana, California and Washington State.

The infographic looks at breaches by type, the need for more HIPAA organizational knowledge and training and new data privacy and security challenges as the use of secondary health data grows.

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Information Security

September 4th, 2015 by Melanie Matthews

Healthcare Information SecurityImproving regulatory compliance and security awareness and training are among the top concerns of healthcare information security professionals, according to a new infographic by ISC2.

The infographic also drills down on the competencies and certifications that healthcare organizations look for when hiring information security professionals.

Covered Entity Manual Covered Entity Manual is a template-style download manual that can be easily adapted to align with your compliance needs as a covered entity. All content complies with the Omnibus Rule.

Covered Entity-Specific Manual provides you with a generic, comprehensive set of policies and procedures: 33 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 12 forms and templates, including a notice of privacy practices.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: HIPAA Privacy and Security Rules Cheat Sheet

August 19th, 2015 by Melanie Matthews

Healthcare providers and business associates must protect ePHI across all systems and technologies to prevent data breaches and remain HIPAA compliant, according to a new infographic by Scrypt, Inc.

The infographic looks at how data breaches occur, how to prevent a breach and the risks surrounding mobile devices. The infographic also provides a HIPAA checklist based on the Department of Health and Human Services’ recently released guide to the Privacy and Security of Electronic Health Information.

HIPAA Training for Employees DVD
HIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.