ONC Final Interoperability Roadmap Released
It has been a long time coming but the wait is over: The ONC Final Interoperability Roadmap has now been released. The Interoperability Roadmap is intended to show healthcare organizations the path towards a fully interoperable health system, one which places the patient at the center of a system that offers real-time health data access by any patient and healthcare provider. The ultimate aim is to develop a healthcare system that...
Meaningful Use Stage 3 Final Rules Released
The Centers for Medicare & Medicaid Services (CMS) together with the Office of the National Coordinator for Health Information Technology (ONC), have released the Meaningful Use Stage 3 Final Rules. Now begins a 60-day commenting period. The release of the Meaningful Use Stage 3 Final Rules has taken some time. Following the release of the draft version earlier this year, the CMS had to review over 2,500 comments collected from...
Mobile App Developers’ HIPAA Questions to be Answered by OCR
The Department of Health and Human Services’ Office for Civil Rights is to answer mobile app developers’ HIPAA questions via a new web portal launched earlier this week. HIPAA Rules can be confusing for entities covered by the legislation; however, many mobile app developers have found the Security, Privacy Rules impossible to fathom, and have struggled to come to terms with the complexities of the regulations. This has resulted in...
ONC Reports 30% Annual Increase in Patient-Physician Secure Message Exchange
More physicians are using secure text message services to communicate with patients. According to a recent Office of the National Coordinator for Health Information Technology (ONC) data brief, secure message exchange with patients has increased by 30% between 2013 and 2014. However, little progress appears to have been made improving data sharing between healthcare providers. At the start of the year, HHS announced it will be moving...
OIG Criticizes OCR over Enforcement of HIPAA Privacy Violations
Last week, the Department of Health and Human Services’ Office of the Inspector General (OIG) released two reports detailing the results of reviews conducted to assess the Office for Civil Rights (OCR) activities relating to the enforcement of HIPAA privacy violations and oversight of HIPAA-covered entities’ compliance efforts. The OCR is the main enforcer of HIPAA regulations, and that role requires the agency to monitor...
When Will the HIPAA Compliance Audits Start? Early 2016, says OCR
When will the HIPAA compliance audits start? According to a letter sent by the Department of Health and Human Services’ Office for Civil Rights (OCR) Director to the HHS’ Office of the Inspector General (OIG), the second phase of HIPAA compliance audits will commence in early 2016. HIPAA-covered entities therefore have very little time left to bring their policies and procedures up to the required standard, and to conduct risk...
Flowers Hospital Data Breach Lawsuit Progresses
A Flowers Hospital data breach lawsuit has survived another motion to dismiss. U.S District Judge, William Keith Watkins, has agreed with the recommendations of a magistrate judge and will allow the case to proceed. Flowers Hospital had protested that the case had no standing as there is no damage to compensate the plaintiffs for. The judge disagreed. Five defendants have now added their name to the lawsuit which has been filed...
Mobile Device Security Risks Explained
The use of mobile devices in healthcare offers a myriad of benefits; however there are a number of mobile device security risks that must be addressed. A failure to address mobile device security risks is likely to leave HIPAA-covered entities exposed to cybersecurity attacks and malware infections. A failure to identify and address security risks would also violate HIPAA Rules; the penalties for which can be severe. The HIPAA...
2016 Start for Phase 2 of the OCR HIPAA Compliance Audits
The second phase of the OCR HIPAA compliance audits have been delayed for more than a year, but the wait is finally over, according to Deven McGraw. Deven McGraw is the Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR). McGraw joined the OCR in 2014, but she has not given a news media interview until now. However, in an exclusive interview with the Security Media...
Cybersecurity Regulations are to be Enforced by the FTC?
A recent decision by the 3rd Circuit U.S. Court of Appeals could mean that cybersecurity regulations are to be enforced by the FTC. The Department of Health and Human Services’ Office for Civil Rights (OCR) is the main enforcer of HIPAA regulations on patient privacy; however a recent decision by the 3rd Circuit U.S. Court of Appeals validates the Federal Trade Commission’s right to enforce cybersecurity regulations and take action...
New Study Shows Improvements in Diabetes Management by Text Messaging
A new study published in the Journal of Medical Internet Research has highlighted improvements in diabetes management by text messaging. Insulin dependent patients must monitor their blood sugar levels regularly; however getting the correct dose of insulin can be a problem initially. Patients are usually started on a relatively low dose of insulin, with the dose then adjusted as necessary. Currently patients receive home-visits from...
ONC Guidance on HIPAA and Interoperability to be Issued
New ONC Guidance on HIPAA and Interoperability will be issued this fall according to National Coordinator for Health IT, Dr. Karen DeSalvo. One of the main aims of the new guidance is to clarify the rights individuals have to access their medical histories, and when this information must be released to patients by healthcare providers. There is still some confusion over when PHI can be disclosed to patients, with some healthcare...
HHS Summary of HIPAA Rules Released
HIPAA-covered entities must abide by Privacy, Security, and Breach Notification Rules, and the best place to start is with the basics, which are detailed in a new summary of HIPAA Rules recently released by the Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR frequently issues guidance for HIPAA-covered entities (CEs) to help them understand what is required of them. Guidelines can be quite specific, to...
How to Mitigate Liability in a Data Breach Lawsuit
A class-action lawsuit is virtually guaranteed to be filed if a data breach is suffered that exposes healthcare data or Social Security numbers of patients or plan members; however it is possible to mitigate liability in a data breach lawsuit. The catch? Action must be taken early, prior to a data breach being suffered. Take proactive steps and you will reduce liability to pay damages as well as reduce the probability of a HIPAA data...
The Rules for Journalists Reporting Protected Health Information Clarified
The Reporters Committee for Freedom of the Press (RCFP), recently clarified the rules for journalists reporting protected health information after a recent media storm following a potential HIPAA violation by a sports reporter. In July, a sports reporter for ESPN heard a story about a famous athlete who had suffered a serious injury. That reporter, Adam Schefter, sent a tweet sharing a picture of the athlete together with his name and...
Wearables and HIPAA Rules: Are the Devices Covered?
There is some confusion about wearables and HIPAA Rules. HIPAA covers much of the data collected by wearable devices, such as heart rate information and other fitness metrics as well as personal identifiers. The devices should, in many people’s eyes, be covered by HIPAA. However, the Health Insurance Portability and Accountability Act only applies to healthcare providers, health insurers, healthcare clearinghouses and a limited number...
Securing Electronic Health Records on Mobile Devices
Healthcare providers operating BYOD schemes, and those that supply Smartphones and other mobile devices to staff, are at risk of suffering a data breach if electronic health records on mobile devices are not appropriately secured. Mobile devices are convenient, are preferred by physicians for communication, and can improve efficiency and productivity; however, electronic health records on mobile devices must be secured. Worryingly,...
HIPAA Privacy Rule Changes Closer as Cures Bill Passed by House
The 21st Century Cures Bill recently went to the vote, and was passed by the House of Representatives by 344 to 77; should the bill be passed by the senate, HIPAA Privacy Rule changes will be required. The bill has caused some controversy due to issues relating to patient privacy; however while there may be critics of the bill, it was passed unanimously by the House Energy and Commerce Committee in May. This vote did not show such...
AHA Opposes HIPAA Health Plan Identifiers
The Proposed Rule on HIPAA Health Plan Identifiers was published on September 5, 2012, by the Department of Health and Human Services, which placed a requirement on healthcare providers to use new health plan ID numbers for all HIPAA transactions. Last year the Final Rule was published, and from November 7, 2016, covered entities will be required to use the new Health Plan Identifiers, if health plans are identified in a transaction....
Healthcare Big Data Privacy Report Released
A new healthcare big data privacy report – compiled by the federal government’s Health IT Policy Committee’s Privacy and Security Workgroup – has highlighted a number of concerns which must be addressed before the benefits of big data can be realized by the healthcare industry. The use of big data in healthcare promises a myriad of benefits, which the government is keen to gain; but big data has caused big concerns, which...
BCBSA Identity Theft Protection Services Offered to All Plan Members
The Blue Cross Blue Shield Association (BCBSA) has taken a proactive step to prevent its members from having their identities stolen by offering identity theft protection services to its 106 million members. The Blue Cross Blue Shield Association is one of the nation’s largest health insurers, providing insurance services to one in three Americans via a network of 36 community-based companies. According to Scott P. Serota, BCBSA...
Breach Notification Laws in Rhode Island Updated
A number of states have revised their laws covering data breaches and security incidents in recent months; now breach notification laws in Rhode Island have been updated. The revised breach notification laws in Rhode Island include one of the shortest breach notification periods anywhere in the country, requiring data breaches involving more than 500 individuals to be reported to the Attorney General within 45 days of discovery. Only...
Breach Notification Laws in Connecticut Updated
Substitute Senate Bill No. 949, Public Act No. 15-142, has been passed, updating breach notification laws in Connecticut. The new Conn. state law on data breaches enhances protections for state residents, most notably by adding a requirement for all individuals and companies doing business in the state to offer credit monitoring services to victims of a data breach. The risk mitigation measure is required for a period of one year...
Study Reveals Most Common Healthcare Mobile Application Issues
A new report issued by the Sans Institute delves into the common healthcare mobile application issues faced by mobile health app developers and security professionals. The “2015 State of Application Security – Closing the Gap” report also explores attitude differences between the two groups and highlights areas where improvements need to be made to achieve a common goal – The release of mobile health apps, on time, and with all the...
CFO Guilty of EHR Incentive Program Fraud
The penalty for EHR Incentive Program fraud can be severe, although a former Chief Financial Officer (CFO) appears to have been lucky with his sentence; receiving only a 23 month term for a false Meaningful Use declaration. The CFO’s claimed that his hospital had achieved meaningful use targets, when this was clearly not the case. The now former CFO of Shelby Regional Medical Center, Joe White, 68, worked for Dr Tariq Mahmood, of...
FBI Medicare Fraud Takedown sees 243 Arrested
A multi-city coordinated FBI Medicare fraud takedown has been successfully executed, resulting in 243 individuals suspected of healthcare fraud being arrested. This is not the first large-scale operation targeting healthcare fraud, but it is the most successful, resulting in the highest total of arrests of any Medicare Strike Force operation to date. The takedown also involved bringing in individuals responsible for the highest total...
VA Senator Backs Murphy’s Mental Health Crisis Act
The Helping Families in Mental Health Crisis Act has been re-introduced by Reps. Tim Murphy & Eddie Bernice Johnson in an attempt to bring legislation covering the privacy of mental health patients and their families up to date. The representatives feel that there are too many obstacles getting in the way of the provision of care to patients, with the HIPAA Privacy Rule being one of them. Virginia State Senator Backs Mental Health...
New Mental Health Law and HIPAA Rules
Rep Tim Murphy (R-PA) and Rep. Eddie Bernice Johnson (D-TX) have reintroduced a new Mental Health law and HIPAA rules are likely to be affected. The new bill was unsuccessful last time around, but some major revisions and a clear need for change to privacy laws may see the bill become legislation this year. The purpose of the bill is to ensure that the privacy of patients is protected but not to the detriment of their health. There...
Breach Notification Rules in Nevada Updated
Earlier this month a new bill was passed which introduces stricter breach notification rules in Nevada. The definition of “personal information” has been expanded, extending the protections for state residents in the event of a data breach. Privacy groups will hail the passing of the bill, which ensures that Nevada residents are better protected against credit card fraud, identity theft, tax and insurance fraud. The new breach...
New Connecticut Data Breach Law Passed
Senate Bill 949 has now gone before the Senate and it has been approved; all that remains before the new Connecticut data breach law is passed is for Gov. Daniel P. Malloy to add his signature, which is expected to happen in the next few days. The new Connecticut data breach law was introduced to increase protections for consumers following a spate of healthcare data breaches to affect state residents in recent months. The new...
Breach Notification Laws in North Dakota Updated
Last week, Senate Bill 2214 was passed which makes three significant updates to breach notification laws in North Dakota, changing elements of subsection 4 of section 51- 30-01 and section 51-30-02 of the North Dakota Century Code. When the new law becomes enforceable on August 1, 2015, any individual or organization that conducts business inside the state will be required to issue breach notification letters to all North Dakota...
Cottage Health System Breach Settlement Reached
The Cottage Health System breach settlement has been a long time coming but the healthcare provider has now decided to settle the lawsuit rather than fight the liability case in court. The damages will now be paid to the breach victims, although CHS/In Sync have not accepted liability. The Cottage Health System breach settlement was reached as the healthcare provider and its BA believed it was in the best interests of all concerned....
Illinois Hospital Breaches HIPAA Rules on Data Storage
An Illinois healthcare provider, Thomas H. Boyd Memorial Hospital has potentially breached HIPAA compliance rules on data storage by selling a property and failing to collect the medical records that were being stored there prior to property ownership changing hands. The Health Insurance Portability and Accountability Act places a number of requirements on holders of Protected Health Information (PHI). The Security Rule stipulates...
OCR Pre-Audit Screening Questionnaires Dispatched
The U.S. Department of Health and Human Services’ Office for Civil Rights is gearing up for its compliance audits; and the OCR pre-audit screening questionnaires have now been dispatched. This signals the start of phase two of the HIPAA compliance audit program. Monitoring Compliance and Enforcing HIPAA Rules The OCR is tasked with enforcing compliance with the Health Insurance Portability and Accountability Act, which it does in part...
Is a HIPAA Violation Cause for Dismissal? Judge says No
Is a HIPAA compliance violation cause for dismissal of an employee? Can an employee’s work contract be legally terminated for a HIPAA violation? The answer is not always clear, as recently shown at an employment tribunal, where a National Labor Reform Board (NLRB) judge ruled that a HIPAA violation did not mean that the employee in question, Britta Brown, lost her rights under the National Labor Reform Act (NLRA). Brown’s termination...
21st Century Cures Bill and HIPAA Privacy
The 21st Century Cures Bill and HIPAA Privacy Rule protections cannot both remain in their current format. The Cures Bill should remove many of the roadblocks that are holding back research, but for that to happen the Privacy Rule must be altered. The Cures Bill has been introduced to help ensure that the U.S. is at the forefront of medical research, and develops the new cures that will be necessary to protect Americans from new...
Potential Breach Notification Violation by Partners Healthcare
A Partners HealthCare HIPAA breach has been reported in which 3,300 patient health records were potentially viewed and copied by a hacker, with the healthcare provider also potentially having caused a breach notification violation. The HIPAA breach occurred when Partners HealthCare workforce members received a phishing email to which some responded exposing their login details. Partners confirmed that the breach was contained to email...
26 Percent Increase in Healthcare HIPAA Breaches
Data security company, Vormetric, has released the results of its recent Harris Poll 2015 Insider Threat Report in which the researchers determined there has been a 26% increase in healthcare HIPAA breaches over the past 12 months. The report also looks at HIPAA-compliance and the effect that it has had on data protection and the number of data breaches that have been suffered. The results suggest that data security is largely driven...
Witness Testimony Privacy Rule Violation Prevented by Florida DOC
The Florida Department of Corrections has taken the decision to remove the name of an inmate from a testimony provided by a whistle-blower; the reason provided was to prevent a witness testimony privacy rule violation. Witness Testimony Privacy Rule Violation Prevented The potential HIPAA breach came about after Doug Glisson, a whistle-blower gave a video testimony under oath at the Senate Criminal Justice Committee’s March 10 meeting...
New EEOC Rules for Wellness Programs Proposed
The newly proposed EEOC Rules for Wellness Programs aim to span the gaps between current legislation and ensure that employees are better protected from cyber theft, medical fraud and identity theft by safeguarding their confidential medical information. Wellness programs are often offered to employees by their employers, in many cases as part of a group health plan. Employers receive benefits or incentives for promoting them and the...
2015 HIPAA Compliance Audits: OCR Refuses to be Drawn
The 2015 HIPAA compliance audits are expected to take place, but the Office for Civil Rights has refused to be drawn on a date when the second round of compliance audits will commence. OCR Unwilling to Give Timescale for the 2015 HIPAA Compliance Audits The OCR had a presence at HIMSS 2015, and while some details were leaked about what the OCR has in store for covered-entities over the coming months, no details of the audits plans...
New Healthcare Data Security Study Released
A new healthcare data security study has been published in the JAMA (The Journal of the American Medical Association) which confirms that the number of healthcare data hacking incidents is indeed on the rise. Kaiser Permanente Healthcare Data Security Study Shows Healthcare Hacks Have Doubled in 12 Months The latest healthcare data security study was conducted by Kaiser Permanente, an integrated managed care consortium, based in...
Current Landscape Surrounding HIPAA Data Breach Claims
HIPAA data breach claims are now a common problem faced by HIPAA-covered entities after any security breach that exposes the Protected Health Information (PHI) of health plan members or patients. At least one class action lawsuit is likely to be filed if patient data is exposed, but how likely is it that these class action HIPAA data breach claims for damages will be successful? Past evidence would suggest that plaintiffs will face a...
5 HIPAA Breach Class Action Lawsuits Filed Against Premera
After hackers gain access to a healthcare provider or insurer’s database, HIPAA breach class action lawsuits are certain to follow. The dust has not even settled after the announcement that Premera Blue Cross suffered a breach in which the healthcare records of approximately 11 million individuals were obtained by thieves, and already 5 class-action lawsuits have been filed against the insurer. This is nothing new, and after a HIPAA...
Can You Retain Patients After a HIPAA Breach?
When a healthcare provider is affected by a data breach and confidential patient information is exposed, disclosed or is stolen, patients are naturally upset or angry, but is it possible to retain patients after a HIPAA breach? Healthcare providers have to face huge costs after a data breach. There are financial penalties from the Office for Civil Rights, Attorney Generals are now issuing HIPAA fines and there is the threat from class...
Clarification of HIPAA Rules for Medical Record Subpoenas
The Health Insurance Portability and Accountability Act lays down a number of rules and regulations regarding the storage, use and disclosure of Protected Health Information (PHI); however there is a potential issue that has come to light recently regarding the HIPAA rules for medical record subpoenas. When presented with a subpoena to release the Protected Health Information of patients to an attorney or third party, covered entities...
HIPAA Compliance and Data Security in The Cloud
Healthcare providers and health plans can gain many valuable benefits from migrating to the cloud, but with the strict regulations covering the use and disclosure of PHI, it is understandable for covered entities to be concerned about the level of data security in the cloud. Can cloud computing really be HIPAA compliant? Data Security in the Cloud The cloud can be a highly flexible storage solution for healthcare providers. Cloud...
Second Round of HIPAA Compliance Audits Delayed
The second round of HIPAA compliance audits appear to be on permanent hold. Office for Civil Rights Director, Jocelyn Samuels, explained at the recent 23rd National HIPAA Summit in Washington that the OCR Audit Protocol has yet to be finalized, according to a recent article in Lexicology. Second Round of HIPAA Compliance Audits Delayed Until Web Portal is Implemented The first round of HIPAA compliance audits was a pilot phase and was...
Last Minute Preparations Take Place for the National HIPAA Summit
Healthcare industry leaders are due to convene next week for the 23rd National HIPAA Summit at the Omni Shoreham Hotel in Washington, DC. The Summit, taking place between March 16-18, provides delegates with an opportunity to find out more about the progress that has been made with HIPAA over the past 12 months and can receive in depth training on HIPAA compliance and gain a better understanding of the issues currently faced by the...
5 Commonest Health IT Security Risks
Security threats are numerous, and with attacks coming from all angles it is important to conduct regular risk assessments; however, be sure to watch out for the commonest health IT security risks. They are often missed, even when risk assessments are conducted regularly. Healthcare providers must protect against hackers, malicious insiders, device loss and theft, employee negligence, snooping on records, malware, viruses, and website...
Damages Sought for 2014 Aventura Hospital HIPAA Breach
A patient has filed a lawsuit in a Florida Federal Court and is seeking damages following the 2014 Aventura Hospital HIPAA compliance breach, according to a recent Courthousenews.com report. The suit names the defendants as Hospital Corporation of America (HCA) and Envision Healthcare Corporation, and has been filed after the plaintiffs personally identifiable information and Social Security numbers were in its 2014 data breach. 2014...
Lone Star Circle of Care HIPAA Breach Caused By Actions of Business Associate
News has emerged of a Lone Star Circle of Care HIPAA Breach which has affected approximately 8,7000 individuals. The community health clinic in Georgetown, Central Texas, has begun sending breach notification letters to all affected individuals to alert them to a data breach which has resulted in their personal information being exposed and accessed by a number of unknown individuals. Lone Star Circle of Care HIPAA Breach Could Easily...
Penalty for Theft of Healthcare Data Can be Severe
The penalty for theft of healthcare data can be severe, yet many individuals choose to risk imprisonment by accessing and disclosing the protected health information of patients without authorization. Medical data and personal identifiers can be sold on the black market for considerably more than credit card numbers, and this makes hospitals and clinics targets for cybercriminals and thieves. This information can be used to obtain...
New Initiative Launched to Prevent Improper Accessing of Patient Data
One of the largest threats to patient privacy comes from hospital staff, but it is difficult to prevent improper accessing of patient data by employees and impossible to totally eliminate risk. It is not clear whether employee snooping is on the rise, or whether healthcare providers are getting better at identifying improper access to records. However, what is clear is employee theft of healthcare data is a big problem, and is...
Staff Training on HIPAA Privacy and Security Rules is Essential
The importance of providing staff training on HIPAA Privacy and Security Rules has been highlighted by a recent breach at New York health insurer, Senior Health Partners. The company has just announced that approximately 2,700 of its members have potentially had their data exposed after two mobile devices were stolen from the apartment of a nurse employed by one of its Business Associates, Premier Home Health. The nurse was provided...
New HIPAA Web Portal Launched by OCR
The OCR is laying the foundations that will allow it to start a permanent audit program with the implementation of a new HIPAA web portal ahead of the second round of audits. The new portal will streamline data collection and will ultimately allow the OCR to conduct more audits. HIPAA Web Portal Essential to the Smooth Running of the Compliance Audits The audits place a considerable administrative burden on OCR auditors due to the...
Deadline for Reporting 2014 HIPAA Breaches
The deadline for reporting 2014 HIPAA breaches is fast approaching and only four weeks remain for organizations to advise the Department of Health and Human Services of the breaches which have occurred throughout 2014 and affected fewer than 500 individuals. The Breach Notification Rule of the Health Insurance Portability and Accountability Act requires all covered entities to submit reports of data breaches to the Department of...
OCR to Clarify Mobile Health HIPAA Rules
The Department of Health and Human Services has accepted that mobile health HIPAA rules need to be clarified and has confirmed that the OCR understands there are issues that need to be addressed and is taking action. OCR is Aware Mobile Health HIPAA Rules Need Clarification HIPAA Privacy and Security Rules place restrictions on the use of technology in healthcare and if devices or systems record, access or are capable of touching...
Secure SMS Messaging Service Will Replace Standard SMS Texts
Mobile communications technology has come a long way in the past 35 years, and as technology continues to advance, it has been predicted that standard text messages will soon be replaced with a secure SMS messaging service, as consumers take greater care to protect the information they send on their portable devices. The first mobile phone to be released – the Motorola DynaTAC 8000x – didn’t offer any form of text message; that took...
How to Make Health IT User Friendly
There are numerous health IT technologies that can be implemented to improve workflow, efficiency and productivity, but all too often these systems prove to be more of a hindrance than a help. The goal may be to cut down on wasted time, but in reality, little time is saved because users do not like the systems that are installed. In order to gain the benefits of a new health IT system, the staff must learn to love the system. For that...
Big Data Legislative Changes Necessary to Protect Patient Privacy
In December last year, the Health IT Policy Committee’s Privacy and Security Workgroup met twice to discuss potential big data legislative changes. The impact big data is having – and will continue to have – on the healthcare industry has raised a number of issues, of which privacy and security of healthcare data is a major concern. By the end of this series of workshops the committee hopes to have produced a list of recommendations...
Better Support for Hospital Mobile Devices Required
Smartphone use in hospitals is now commonplace, and according to a recent survey conducted by Spyglass Consulting on the use of hospital mobile devices, it has been estimated that 96% of physicians now use Smartphones, yet only a tenth of them are prepared to use their own devices in a healthcare setting. There is a lack of trust between IT departments and physicians, and a perceived lack of support for hospital mobile devices. Bring...
New Jersey HIPAA Data Encryption Laws to Change
From July, 2015, all New Jersey healthcare organizations, health plans, clearing houses and business associates will be required to comply with updated New Jersey HIPAA Data Encryption Laws, which make data encryption on all PHI mandatory. The measure is a further safeguard consumers’ privacy in the wake of major data breaches to hit the state in recent months. A new law has just been signed by New Jersey Governor, Chris Christie,...
Wearable Devices: HIPAA Regulations Apply
They are all the rage and they are finding their way into healthcare environments, but beware; when it comes to wearable devices, HIPAA regulations apply! Wearable technology promises to revolutionize the healthcare industry, and small electronic devices containing a wide array of sensors and being developed that can monitor heart rate, check vital signs and can report of a patient is mobile or has fallen. A number of companies are...
How to Send HIPAA Compliant Text Messages
According to recent research, 87 percent of healthcare professionals now use a Smartphone at work, either supplied by their employer, or purchased privately and used as part of a BYOD scheme. The devices offer many benefits, although they do pose a significant risk of causing a HIPAA violation, as while the devices make communication between care teams quick and easy, SMS messages and many chat platforms are insecure. Any SMS message...
CMS Delays HIPAA Health Plan Identifiers Deadline
The Centers for Medicare & Medicaid Services (CMS) issued a new rule demanding a National Health Plan Identifier must be attached to all healthcare transactions. However as the HIPAA health plan identifiers deadline is fast approaching, the CMS has made the decision to delay the initiative. The original HIPAA health plan identifiers deadline was November 5th, 2014, with the enforcement date set as Nov 7, 2016. According to a...
Lack of Support for Older Equipment Presents Medical Device Security Risk
A medical device security risk is not being addressed by device manufacturers according to complaints received by the FDA from healthcare providers. It is alleged in the complaints that manufacturers are not doing enough to help HIPAA-covered entities remain compliant. One of the main problem areas is old medical equipment, which manufacturers no longer maintain or issue patches for. When this happens the covered entity is given no...
FDA Issues Medical Device Security Guidelines
The Food and Drug Administration (FDA) has just released medical device security guidelines for the use of medical devices in the healthcare industry. The medical device security guidelines are contained within a report entitled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. The report covers the management of cybersecurity in healthcare and is intended to help developers of portable medical...
OCR Director Reveals Plans for HIPAA Enforcement in 2015
The new director of the Department of Health and Human Services’ Office for Civil Rights had her maiden speech during National Health IT Week and has explained what the OCR has in store for the healthcare industry, in particular its plans for HIPAA enforcement in 2015. Jocelyn Samuels took over the helm of the Office for Civil Rights earlier this year, replacing former director Leon Rodriguez. The departure of Rodriguez just before...
Second Round of HIPAA Audits are to be Delayed
The Department of Health and Human Services’ Office for Civil Rights has announced that the second round of HIPAA audits are to be delayed in order for a new breach reporting web portal to be implemented. The intention is to streamline the document collation processes to cut back on unnecessary paperwork – and paper chasing – ahead of the next round of HIPAA compliance audits. Announcing that the second round of HIPAA audits are to be...
Deadline Drawing Near for Business Associate Agreement Updates
HIPAA covered entities (CE) only have until September 23, 2014 to complete the Business Associate Agreement updates as demanded by the HIPAA Omnibus Rule. The Omnibus Rule demands that Business Associate Agreement updates should have been made by September 23, 2013; however a final compliance date was also issued to cover BAA’s that had not been renewed before last year’s deadline. Any CE that has not yet updated BAAs must do so in...
HHS Announces Jocelyn Samuels as the New Director at the Office of Civil Rights
The Department of Health and Human Services has named Jocelyn Samuels as the new director at the Office of Civil Rights. Samuels takes over the position from the departing director, Leon Rodriguez. The Office for Civil Rights recently sent an internal email to members of its staff to alert them to the appointment of a new director. Jocelyn Samuels has confirmed acceptance of the position, although a start date for the new director at...
Data Encryption for Stored Healthcare Data
Data encryption for stored healthcare data is essential, as storing PHI on portable devices without using data encryption carries a high risk that the data will be exposed. The devices are highly attractive to thieves in their own right, although the data they contain is much more valuable. Healthcare data can be used to commit medical billing fraud, identity fraud and obtain prescriptions and medical services. Laptop computers and...
Compliant Business Associate Agreement Guidance Issued
Compliant business associate agreement guidance has been added to the American Health Information Management Association and added to its library to assist Business Associates with their efforts to achieve full HIPAA-compliance. The Privacy Rule introduces Business Associates (BAs) into HIPAA legislation, but it was the Omnibus Rule that plugged the gaps and made them accountable for their actions. Since then, BAs must agree to comply...
One Year of HIPAA Omnibus Rule Compliance
The HIPAA Omnibus Rule compliance deadline was six months ago, with the introduction of the legislation taking place around this time last year. HIPAA-covered entities have now had a full year to bring their policies and procedures up to date with the amendments made by the Omnibus update. Unfortunately for the healthcare industry, while the changes introduced by the new HIPAA Rule clarified a number of aspects of the legislation,...
Secure Hospital Pager Replacement for Nurses Needed
Recent studies have revealed that a secure hospital pager replacement for nurses is needed to prevent the risk of HIPAA violations and malware threats. A hospital pager replacement has been found by many nurses. They are using Smartphones to communicate with colleagues via text messages and are violating hospital policies and HIPAA Rules. A recent survey conducted by Spyglass Consulting Group showed that 67% of nurses are using...
Benefits of BYOD Schemes
When many CIOs and CISOs face with the choice of leveraging the benefits of Smartphones and mobile technology, they err on the side of caution because they are unaware of true benefits of BYOD schemes and perceive the security risk to be too high. The penalties for HIPAA violations can be severe, and criminals are looking to ways to gain access to the medical devices of healthcare professionals. Securing Devices in BYOD Schemes There...
Biggest 2014 Healthcare Data Security Threats Revealed
The biggest healthcare data security threats have been uncovered and published in a new report from the Ponemon Institute. The report highlights a number of perceived threats, and how healthcare providers and other HIPAA-covered entities lack faith in their company’s defenses. Affordable Care Act has Increased the Risk of a Data Breach The benefits of Obamacare are clear, but the Affordable Care Act security risk cannot be ignored....
Healthcare BYOD Data Security Challenges Explored
Ask any healthcare IT professional what the main healthcare BYOD data security challenges are and you could be in for a long speech; BYOD schemes are a major security worry and with good reason: There is considerable potential for HIPAA violations and data breaches to be caused when staff are allowed to use their own mobile devices for work purposes. Healthcare providers are being left with little alternative but to introduce BYOD...
Healthcare BYOD Schemes and HIPAA
There are clear benefits to Bring Your Own Device schemes, but healthcare BYOD schemes are often thought to be risky, with some believing BYOD and HIPAA are just not compatible. Under HIPAA Rules, all Protected Health Information (PHI) must be safeguarded by a number of physical, administrative and technical controls. Ensuring those controls are used and remain in place on potentially thousands of privately owned portable devices is...
Data Breach Preparedness Found to be Lacking
Health IT professionals may be able to keep hospital systems operational, but data breach preparedness is nowhere near where it should be. In an ideal world – and with a limitless supply of cash – healthcare computer networks would be nigh on impregnable. Unfortunately, health IT professionals do not live in an ideal world and they have very limited funds: Funds that do not even cover general operations and development work....
HIPAA Security Compliance
The original rules for HIPAA security compliance were compiled in 2003 – and enacted in 2004 – in order to ensure the confidentiality, integrity and availability of Protected Health Information (PHI) both at rest and in transit. As HIPAA security is an ongoing responsibility of the Department of Health and Human Resources´ Office for Civil Rights, amendments to the rules for HIPAA security compliance were introduced in the Health...
Important Ways to Safeguard Protected Health Information
HIPAA demands that all Covered-Entities (CEs) implement the necessary physical, administrative and technical controls to safeguard Protected Health Information. Healthcare organizations must ensure that all of the necessary controls are in place to reduce the potential for a data breach in order not to fall afoul of HIPAA Rules. Safeguard Protected Health Information by Addressing All Security Vulnerabilities In order to address...
The Price of HIPAA Non-Compliance Vs the Cost of Compliance
The introduction of new, tougher HIPAA Rules coupled with increased enforcement against HIPAA violators means the price of HIPAA non-compliance is now far greater than the cost of HIPAA-compliance. Unfortunately, many HIPAA-covered entities discover this too late, once an avoidable data breach has been suffered. In recent months there have been numerous examples of healthcare providers, Business Associates and health plans that have...
BYOD Benefits for Nurses
The benefits of BYOD have been widely discussed in recent weeks; however recent research has highlighted important healthcare BYOD benefits for nurses. The use of Smartphones in the workplace is becoming more popular, with many companies now embracing BYOD schemes. However, there are many obstacles in the way: The Health Insurance Portability and Accountability Act (HIPAA) being the main one. The potential for Protected Health...
BYOD Schemes for Nurses Increase in Popularity
BYOD schemes for physicians have proven to be incredibly popular, and so too BYOD schemes for nurses, according to a new survey recently published by Spyglass Consulting Group. The number of nurses taking personal devices to work has now exceeded two thirds: 69% of nurses now use their own mobile phones in a healthcare environment. A number of studies and surveys have been conducted in recent months on healthcare BYOD uptake, and the...
Physician Mobile Device Use Increases to 86%
Physician mobile device use is growing at an extraordinary rate, according to the results of a recent mobile phone usage survey. The report shows that 86% of physicians are now using mobile devices at work and 47% of physicians are now using desktops, tablets and Smartphones in the workplace, an increase of 8% since the 2012 survey. The report was compiled from a survey conducted by Epocrates, a mobile reference material vendor owned...
The Healthcare BYOD Debate Continues
There has been much discussion about the pros and cons of Bring Your Own Device Schemes (BYOD) in recent months, but it doesn’t look like the healthcare BYOD debate is likely to be settled soon. Proponents of the schemes believe personal devices can be added to a healthcare computer network and operated securely. Others vehemently oppose the use of personal phones at work due to the security risks that come with the addition of...
Mobile Device Security Best Practices to Adopt
There is a significant threat of data theft and loss as a result of using mobile devices or implementing a BYOD scheme; however there are a number of mobile device security best practices that can be adopted that will reduce the risk of suffering a data breach or security incident. It is understandable that many health IT professionals and CISOs delay implementing a “Bring Your Own Device” scheme, or avoid it completely. Regulatory...
Growth of Mobile Technology in Medicine Continues
The benefits of mobile technology in medicine are too good to pass on. Healthcare mobile use is growing at an astonishing rate with some healthcare providers opting to supply mobile devices to medical professionals. Unfortunately, the cost can be prohibitively expensive, especially considering the number of devices that must be purchased and their typical lifespan. Continued Growth of Mobile Technology in Medicine Many healthcare...
Health Industry BYOD Security is Now Easy to Manage
CISOs and CIOs are realizing that mobile phone use in healthcare is as essential. Healthcare professionals use the devices when they are not working, and they want to continue to get the benefits when the go to work. The speed at which mobile devices can be used to communicate with others; access information; schedule meetings; and receive advice makes most healthcare communication systems seem positively prehistoric. BYOD schemes...
Control is the Key to Healthcare BYOD Security
Many CISOs, CIOs and IT heads consider the healthcare BYOD security challenges to be too problematic, and shy away from implementing such a scheme. The benefits many be numerous, but the costs of data breaches cannot be ignored. Especially when there is a high risk of a data breach. According to a recent study – BYOD Insights 2013 – from the Cisco Partner Network, only 36% of respondents believed that their employer would be prepared...
Study Indicates Healthcare Data Breach Preparedness Issues
Handling healthcare security goes beyond just the technical side, as privacy and security compliance is critical to both data breach prevention and response plans. Experian Data Breach Resolution and the Ponemon Institute released a report today, titled Is Your Company Ready for a Big Data Breach?, that is composed of responses from mainly health and pharmaceutical privacy and compliance professionals as well as those from retail and...
Healthcare BYOD Security Tips to Avoid Data Breaches
BYOD schemes offer numerous benefits, but also carry a number of risks: To make it easier to avoid the pitfalls, we have compiled a list of healthcare BYOD security tips that if adopted, will help HIPAA-covered entities avoid Privacy and Security Rule violations (and the penalties that follow). Useful Healthcare BYOD Security Tips There is no single solution that can be applied to solve all of the issues likely to be thrown up by BYOD...
Healthcare Industry BYOD Security Concerns
There is a current buzz surrounding Bring Your Own Device (BYOD) schemes as they offer so many benefits to companies; however, for the healthcare industry BYOD security is a concern. If a BYOD scheme does not enforce robust security controls multiple HIPAA violations are likely to be caused. BYOD Benefits for Healthcare Providers Employees are already using the latest Smartphones and tablets for personal communications and internet...
5 Most Common BYOD Errors
Bring Your Own Device (BYOD) schemes have proven popular with the healthcare industry, allowing Smartphones and tablets to be used by healthcare professionals, without their providers having to cover the cost of supplying the devices. However, while healthcare providers can certainly benefit from the use of Smartphones and other mobile devices at work, there are risks to data security; which if not tackled at the outset, could lead to...
How to Increase Physician Healthcare App Use
Mobile health apps promise to revolutionize how some healthcare services are provided, and there is considerable potential for sizable reductions in operational costs to be achieved; however, physician healthcare app use is not any anywhere close to the level required for cost savings to be realized. How can providers actually encourage the use of mobile health apps among physicians? What is Holding Back Physician Healthcare App use?...
HIPAA Compliance for Small Businesses: Problems Persist
Large healthcare providers, with correspondingly large budgets, are introducing new security measures to protect stored data, but HIPAA compliance for small businesses lags behind. Smaller healthcare providers are struggling to meet the requirements laid down in the HIPAA Privacy and Security Rules mainly due to a lack of resources and highly qualified staff. Unfortunately, regardless of the size of the company, HIPAA Rules must be...
Preparation for HIPAA Audits Essential
According to the results of an HCPro survey, healthcare providers and other HIPAA-covered entities are simply not prepared for a compliance inspection; in fact, preparation for HIPAA compliance audits has not even been properly started by many healthcare providers. The survey, conducted on 400 healthcare professionals, shows that only 17% of respondents said they fully prepared for the OCR audits. Most organizations have started to...
Navigating Privacy Laws for Patient Data Sharing
Under the Health Insurance Portability and Accountability Act’s Privacy Laws for patient data sharing, the sharing of Protected Health Information with a third party is highly restricted and the failure to adhere to privacy laws for patient data sharing can prove costly. In order for data be shared, a number of data security criteria must first be satisfied to ensure that patient privacy is not violated. Navigating privacy laws for...