It’s official. The Office of Civil Rights (OCR) is now formally auditing. What does this mean for you as an executive in the healthcare field? It means that the Health Insurance Portability and Accountability Act needs to be on the top of your mind. HIPAA is an extremely complex. Hospitals executives have so much on their mind, being HIPAA compliant isn’t the only thing that they are working on, and many are hiring HIPAA compliance managers. Or they are searching other ways to seek help and make sure that their organization can meet and understand regulatory requirements. Companies that are concerned about staying compliant are working with professionals that specialize in that specific area. At BlueWare we have been in the healthcare field for 23 years, and have been working with HIPAA since it came to fruition in 1996.
BlueWare can help you navigate through the complex twists and turns of such a complex act such as HIPAA. Healthcare professionals from BlueWare can assist healthcare organizations to feel confident that they are ready for an OCR audit, and that they are responsible organizations who take patient privacy very serious. Organizations that have taken such measures are considered industry leaders for healthcare. Ask yourself this, “How prepared are we?”
Are we ready for an OCR audit? Have I done everything that I am supposed to do as a healthcare executive to make sure my organization is ready to protect itself from a data breach, or an audit? Is there more that I can do? Or should be doing? If you are confident in answering, “YES! I am ready!” I applaud you. If you are a little less confident, it is ok to ask the experts. Enter BlueWare.
As industry professionals we know where to look, and what to do if a non-compliance issue is discovered. BlueWare is willing to, but not limited to:
•Walk-throughs of the IT environment.
•Reviewing current policies and safeguards by speaking with key personnel.
•Reviewing how PHI for secondary use is used and are you taking the proper steps to keep compliant with the 18 fields as spelled out in HIPAA.
Consider a HIPAA review if your healthcare organization:
•uses PHI for secondary use
•has been a victim of a data breach, or if you are worried that your organization could be susceptible to one
•wants to make sure they are HIPAA compliant and have done all they can to safeguard their organization
Peace of mind from an OCR audit is peace of mind that you have done all you can to safeguard to your organization, your patients, and your employees safety.
The story, Government health care website quietly sharing personal data, has been reported by the Associated Press and is unbelievable. So here is what is happening, the government's health insurance website is quietly sending consumers' details to companies that will then advertise to these people.
When ever patient data is shared, there are 2 things that need to be done to this data:
BlueWare has a product called BestConsent, this product will ask the consumers', patients, or citizen's is they consent to this type of use of their data. Also BlueWare has a product called BestData to assist in the hospital, insurance company or government to de-identify patient data or pseudonymize the data.
Healthcare's efforts to prevent identity theft are not on par with other industries' efforts, according to a Fortune article.
With an ever-growing number of breaches, cyber criminals are becoming more sophisticated, and yet the healthcare industry still struggles to keep up.
"Essentially, criminals have come to understand that using your medical credentials--your name, Social Security Number and health insurance numbers--to order goods and services that are never delivered and to bill organizations like Medicare and Medicaid, those activities are more profitable than drugs, prostitution, and other crimes they may pursue," Rick Kam, president and co-founder of ID Experts, says in the article.
How many patients affected? Officials say they aren't certain
Cedars-Sinai Health System is notifying its patients of a HIPAA breach, after an unencrypted hospital laptop containing patient medical data and Social Security numbers was stolen from an employee's home.
Despite saying they were mailing breach notification letters this week, hospital officials said they didn't know how many patients were affected by the June 23 HIPAA breach. CS officials launched an investigation into the theft more than two months ago. Multiple requests for the number have been unsuccessful.
The laptop stolen contained patient diagnoses, treatment data, lab tests, Social Security numbers in many cases, patient ID numbers and other personal information.
Personal information for about 4.5 million patients of Franklin, Tennessee-based Community Health Systems--which operates 206 hopsitals in 29 states--was compromised in April and June when hackers gained access to its computer network.
The data included patient names, addresses, birth dates and Social Security numbers, according to a Wall Street Journal article. The data did not include medical or credit card information.
There's been a lot of talk about compliance lately. Federal and state regulations. HIPAA regulations. But, if you're in charge of healthcare security, compliance is far from sufficient, says Jim Routh, chief information security officer for Aetna, one of the nation’s leading diversified healthcare benefits companies.
"The focus of the information security capabilities and controls has less to do with the regulatory requirements and more to do with the shift in tactics and trends for cybersecurity threats," he explains.
Hospitals cannot assume they're safe from hackers, writes Daniel J. Nigrin, M.D., in a perspective on healthcare cybersecurity at The New England Journal of Medicine.
Nigrin, senior vice president for information services and CIO at Children's Hospital Boston, writes about lessons learned from an attack in April believed to be the work of the hacker group Anonymous. There is no direct evidence implicating the group in the attack, though it took up the cause of a teen girl placed in state custody.
"As healthcare organizations push forward to further enable electronic health records... the potential effect of losing Internet connectivity is large, and the analysis required to understand that effect is complete," Nigrin writes.
The news is constantly riddled with stories about the next big data breach. From hospitals to websites to financial services organizations, companies around the world are suffering under the strain of failing to keep confidential data safe, both online and offline.
In a recent article, the ICO projected a number of cases of data negligence landing on their doorstep in the last year- of 15,000 reported cases, just over 5,000 were resolved by the data watchdog.
A Rhode Island hospital, who nearly two years ago notified 14,000 patients of a HIPAA breach involving their data, agreed Wednesday to hand over $150,000 to settle allegations that it failed to safeguard patient information.
The Woman & Infants Hospital of Rhode Island, or WIH, will pay the civil penalty to the Massachusetts Attorney General who slapped the hospital with a lawsuit after discovering 12,127 of those patients were Massachusetts residents.
The HIPAA breach, which was reported in September 2012 despite occurring in the spring, involved 19 unencrypted back-up tapes that went missing. Contained on the tapes were patient names, dates of birth, Social Security numbers, ultrasound images, dates of exams and physicians' names.
Data is helping one of the country's leading hospitals solve tough medical questions.
At Mayo, big data is already improving health care. Consider the case of Javrie Burdell. The six-year-old from Clovis, New Mexico- a cheerful lover of cartoon movies like The Nut Job- had his first seizures at two years old. Josiah and Renata Burdell, both 29, took him to a local hospital. That first night, Javrie's respiration slowed to four breaths a minute. "Watching your child lie unconscious on a table for an hour is pretty real," Renata says.
Puzzled doctors sent the family to Lubbock, 100 miles away, then 220 miles in the other direction to Albuquerque. Seizures continued, diagnoses multiplied, and his parents say Jarvie's development regressed. The Burdells went to four hospitals before, fed up, they Googled the top pediatric neurology departmetns in 2010, then wrote to Mayo.
The tests continued at Mayo. A spinal tap, an MRI, and tests for genes linked to known disorders were all negative. In September 2012, the hospital opened its Center for Individualized Medicine, an interdisciplinary effort to use genomics to identify diseases that have stumped the worlds' top hospitals, and Javrie became of the first patients in its Disease Odyssey program. The idea of Disease Odyssey: to sequence patients' exomes- a subset of the human genome that includes all the body's important instructions for building proteins- and use resulting data to comb for clues.
2290 W. Eau Gallie Blvd. Ste. 212
Melbourne, Florida 32935
+1 (321) 953-5999
US TOLL FREE:
3060 West 13th Street
Cadillac, Michigan 49601
+1 (231) 779-0224