BEI HIT Blog
Healthcare IT News, December 12, 2014
BEI Commentary: Security incidents/data breaches continue to grow, and healthcare organizations have more at risk than many organizations. This article which summarizes a report from Experian, suggests that healthcare executives need to make security a priority in 2015
Nearly half of organizations across all industries were hit by at least one security incident in the past 12 months, according to the report, which has spurred 48 percent of organizations to invest in security technologies and 73 percent to develop data breach response plans. Cyber insurance policies are another important new strategy, more than doubling in popularity, from 10 percent in 2013 to 26 percent in 2014.
The C-suite “can no longer ignore the drastic impact a data breach has” on an organization’s reputation, says Experian officials. Coupled with the fact that consumers are “demanding more communication and remedies” after a breach occurs, healthcare organizations must put preparedness front and center. Read More
Semel Consulting, December 10, 2014
BEI Commentary: If you still have Windows XP machines in your network you need to replace them. Not doing so makes you vulnerable to a data breach AND HIPAA fines.
The Office for Civil Rights (OCR) that enforces HIPAA announced a $ 150,000 penalty for a health clinic data breach that was caused by the lack of firewall protection combined with unpatched and unsupported software.
This validates what we have been saying all along—that Windows XP (and other unsupported software) is not only a risk to the security of electronic Protected Health Information (ePHI,) but also a HIPAA compliance violation because HIPAA requires security patches to protect data against malicious software. Read More
HealthData Management, November 24, 2014
BEI Commentary: Another large fine for losing a laptop – continues to show the importance of encrypting laptops and any other portable devices that could contain PHI.
A major breach at Beth Israel Deaconess Medical Center in Boston after a physician’s personal laptop was stolen in 2012 is costing the hospital more money now that the Massachusetts Office of Attorney General has levied a $100,000 fine for failure to encrypt the device. Read More
Advance Health Network, 3/15/15
BEI Commentary: Just how bad is HIT security? 7 million. That is how many patient records were breached in 2013, an increase of 137% over 2012. As BEI says, and is also emphasized in the article: encrypt your data.
More than seven million health records in the United States were affected by data breaches in 2013, an increase of 137% over the previous year, according to the annual breach report by Redspin, an information security company based in Carpinteria, California.
Since 2009, there has been a rapid rise in the adoption of electronic health records in the US. There have also been 804 breaches of health information affecting nearly 30 million patient health records reported to the Secretary of Health and Human Services, as required by law. Read More
Voice of the Doctor, January 27, 2014
BEI Commentary: We will keep saying it over and over until it is common practice – encrypt your hard drives (especially your laptops). Read about this practice in Canada that had an unencrypted laptop stolen that contained PHI for 627,000 patients.
In this latest release Medicentres Family Health Care Clinics, a 27-clinic medical group in Western Canada had an unencrypted clinic laptop stolen from one of the clinic’s IT consultants.
The laptop contained 620,000 patient names, dates of birth, health card numbers, medical diagnoses and billing codes, officials said. Read More
Healthcare IT News, 11/19/13
BEI Commentary: Many people use dropbox for filesharing. We suspect a lot of you are. It’s easy, free in many cases, and convenient. One problem – it is not HIPAA compliant.
Torie Jones, former chief privacy officer at University of Pennsylvania Health System, had an ironclad rule in place for her staff: “No PHI in the cloud until you have a BAA in place.”
For most cloud-based vendors, those who are used to the specific demands of working in healthcare, getting that business associate agreement in place wouldn’t be much of a problem.
But when it comes to using the popular file hosting service Dropbox, that all-important contract isn’t something that’s readily forthcoming. Read More
American Medical Association, September 10, 1013
BEI Commentary: We know that many of you feel like you are being “HIPAA’d” to death, but we get requests about the new HIPAA rules all the time. Here is a link from the AMA website that has some nice resources on the new HIPAA rules, Encryption and even sample Notice of Privacy Practices and Business Associate Agreements.
Upcoming September 23, 2013 HIPAA privacy and security deadline – The U.S Department of Health & Human Services (HHS) recently adopted new rules which make changes to existing privacy, security and breach notification requirements in what is often referred to as the final “HIPAA Omnibus Rule.” These new rules stem from changes made under the Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of the same law that created the Electronic Health Records (EHRs) Incentive Program under Medicare and Medicaid. Read More
EMR & HIPAA Newsletter, November 5, 2011
According to the 2013 Medicare Final Rule released last week, there are new ways to avoid future payment adjustments under the MIPPA ePrescribing rule for those who have not already taken the necessary steps to avoid them: 1) The exemption request period has been reopened and 2) meaningful use will satisfy the ePrescribing requirements according to specific timetables.
1) CMS is offering a second chance to physicians who missed the June 30 deadline for requesting an exemption to the 2013 ePrescribing penalty (1.5%) under the original 4 categories. Between November 1, 2012 and January 31, 2013, physicians can go to the Quality Reporting Communication Support Page and request an exemption based on one of the following justifications: Read More
New York Times, Octobe 8, 2012
BEI Commentary: A very interesting article about how some physicians are using social media. Obviously there are a lot of issues to work out, but it looks like these technologies can be put to good use in working with patients.
The teenager’s cellphone buzzes. Her doctor, Natasha Burgert, is texting her: “Better morning with this medication?”
Another teenager opens his phone. “Everything is great,” reads Dr. Burgert’s discreet text. “Go ahead with the plan we discussed. Please reply so I know you received.”
And on the morning of college entrance exams, a teenager who suffers from a roiling stomach reads Dr. Burgert’s texted greeting: “Prepared. Focused. Calm. Your body is healthy and well. Good luck today.” Read More
EHR Watch, May 15, 2012
BEI Commentary: If you have an EHR you need an IT support company, or you need internal staff to support your network and hardware. Most ambulatory practices will either partially or totally outsource their IT. It is a good idea to work with a company that understands the healthcare vertical and its rules and regulations (shameless plug: BEI is one such company). Business Associates Agreements are one of the reasons why.
So you’ve been working hard to firm up your IT security protocols and systems, and you’re feeling good about the progress you’ve made.
Now, how about your myriad partners who also have access to your patients’ health information?
As this observer points out, for many providers that’s a different story altogether. He says that “while the HIPAA rules have been around for a while — the Security Rule’s compliance date goes back to 2005 — hospitals and other health care providers have not consistently devoted a significant amount of time to business associate security.” Read More