BEI HIT Blog
Semel Consulting, December 10, 2014
BEI Commentary: If you still have Windows XP machines in your network you need to replace them. Not doing so makes you vulnerable to a data breach AND HIPAA fines.
The Office for Civil Rights (OCR) that enforces HIPAA announced a $ 150,000 penalty for a health clinic data breach that was caused by the lack of firewall protection combined with unpatched and unsupported software.
This validates what we have been saying all along—that Windows XP (and other unsupported software) is not only a risk to the security of electronic Protected Health Information (ePHI,) but also a HIPAA compliance violation because HIPAA requires security patches to protect data against malicious software. Read More
HealthData Management, November 24, 2014
BEI Commentary: Another large fine for losing a laptop – continues to show the importance of encrypting laptops and any other portable devices that could contain PHI.
A major breach at Beth Israel Deaconess Medical Center in Boston after a physician’s personal laptop was stolen in 2012 is costing the hospital more money now that the Massachusetts Office of Attorney General has levied a $100,000 fine for failure to encrypt the device. Read More
Health Data Management, October 20, 2014
BEI Commentary: HHS will pay for providers to manage patients with chronic conditions. Participation requires the use of a certified EHR.
A final rule on Medicare physician payments in 2015 emphasizes improved chronic care management (CCM) and the supporting role of electronic health records, and loosens certification criteria a little more. Read More
HealthData Management, September 22, 2014
BEI Commentary: This is the first in a series of announcements that we are expecting to come from Apple and EHR vendors. Here, Apple and Epic are announcing data sharing between Apple HealthKit and Epic’s MyChart EHR. This will allow physicians to track patients health when they are outside the doctor’s office.
Hospital and physician software vendor Epic Systems Corp. is integrating Apple’s HealthKit into its EHR systems, which serve more than 170 million patients per year. Specifically, Epic customers will be able to use HealthKit through Epic’s MyChart app, which the company says is the most popular U.S. patient portal.
MyChart provides patients with access to their lab results, appointment information, current medications, immunization history, and more on their mobile devices. Sumit Rana, chief technology officer for Epic, told Health Data Management that the company has updated its MyChart app to—with a patient’s permission—access data from Apple’s HealthKit data repository and share it with their provider. And, on the provider side, Rana said clinicians can set rules as to what types of information they want access to. Read More
WBALTV.com, September 22, 2014
BEI Commentary: More innovative uses of telemedicine in Maryland, where use of this technology is being encouraged!
Five Howard County schools will use telemedicine technology to boost health and student performance, officials announced Monday.
Sen. Barbara A. Mikulski, Howard County Executive Ken Ulman and Howard County Schools superintendent Dr. Renee Foose announced the ground-breaking initiative.
The officials, joined by Howard County Health Officer Dr. Maura Rossman, visited Phelps Luck Elementary School in Columbia to showcase the telemedicine equipment being connected to the Inter-County Broadband Network.
The connection will allow direct remote physician consultations between the school and the University of Maryland Children’s Hospital in Baltimore. Read more
Physician’s Practice, August 27, 2014
BEI Commentary: If your practice is using texting to communicate with patients you should read this article!
Texting is to this decade what e-mail was to the last. It’s the “killer app” that people of all ages and demographics love. In fact, it’s so endeared and easy to use that we regularly see physicians and staff sending text messages to patients, without recognizing or mitigating the risk. It’s the rare practice that has developed text usage policies and procedures, or encrypted the mobile devices of physicians and staff.
Understand this: Standard “SMS” (Short Message Service) texting is not encrypted or secure. It’s not HIPAA compliant. Without taking proper precautions, texting with patients puts your practice at risk for data breaches, security hacks, and HIPAA violations. Read More
Healthcare IT News, July 11, 2014
BEI Commentary: EHR Payouts are rising steadily, as are Medicare and Medicaid participants. But only 8 hospitals have attested to Stage 2 Meaningful Use.
Electronic health records incentive payments to eligible hospitals and providers have continued their upward trend, with the Centers for Medicare and Medicaid Services paying out a whopping $24.4 billion to date.
That rose steadily from June’s $23.7 billion, and May’s $22.9 billion.
Also on the rise are the numbers of participating Medicare eligible providers, which climbed 991 to 317,294, Medicaid EP’s increased 1,249 to 157,890 and hospitals inched up by 10 to 4,737. Read more
FierceHealthcare, July 11, 2014
BEI Commentary: A nurse was fired over posting a picture of an empty trauma room to social media. How do you feel about this?
This week FierceHealthcare covered a story that struck a nerve with readers, raising questions about social media use, HIPAA, the bias shown to doctors versus nurses and firing practices at hospitals.
In case you missed it, an emergency room (ER) nurse in New York was fired after posting a photo of an empty trauma room after clinicians saved the life of a man hit by a subway train. Read More
Physicians Practice, July 9, 2014
BEI Commentary: This article summarizes the data from a survey of over 1,400 physicians and practice managers how they are using technology in their practices.
Hands down, EHRs are the largest piece of technology that medical practices purchase. Whether your practice is part of a large integrated delivery system or a small independent “shop,” EHR is the scaffolding that supports all other technology use. According to our 2014 Technology Survey, Sponsored by Kareo, which asked over 1,400 physicians and practice administrators how they are using technology in their practices, 53 percent of respondents say they have a “fully implemented EHR,” and another 17 percent use a system provided by a hospital or corporate parent. Only 20 percent of respondents say they do not currently have an EHR. When compared to past years, the trend is a slow but steady adoption of EHR: In 2010 (the year meaningful use became effective) 48 percent of responding practices had implemented an EHR, in 2014 that number was 70 percent. Read More
Physicians Practice, June 18, 2014
BEI Commentary: This is a pretty good list of hot spots to check for data loss – portable devices, sightlines, PC desktops, paper, fax machines and children.
Here are some common sources of data loss to examine. CMS has made it very clear that the onus for protecting the confidentiality of patient data is not on EHR vendors, but squarely on physicians and their practices. Fortunately, a great deal of that responsibility calls for old-fashioned common sense.
In addition to reviewing your HIPAA compliance documents and making sure that you are abiding by any state-specific privacy regulations (which you did when attesting to the Stage 1 rules of meaningful use), Stage 2 requires that you conduct a security risk analysis of your practice. The obvious first step is to make any necessary upgrades to your software. After that, you’ll need to take a look at the many other ways patient privacy can be breached. Take a tour of your practice looking for places— both high- and low-tech — where patient data might leak. Read More