Tag Archive | "PHI"
Cost of Security Breaches Continues to Escalate
Surprise! Stuff on a middle manager’s laptop is more valuable than stuff on a CEO’s. Yet another health care company made the news recently with a stolen laptop: A local Florida paper reported on Feb. 15, 2010 that two laptops stolen from AvMed Health Plans’ corporate office in Gainesville, FL contained personal information — including PHI — of over 200,000 people. Studies show that security breach incidents are costing companies — including health care providers and plans – more and more money, as well as customers. In the AvMed case, the data was not protected properly, according to a statement by AvMed, which began notifying affected patients in early February of the breach, which occurred in late December.
Continue reading...Electronic Exchange of PHI Might Help Quality of Care, Says GAO
Wednesday, February 24, 2010
Are government regs blocking our way to becoming ‘meaningful users’? Electronically share information! But be sure to protect it! Providers are caught between two competing federal initiatives, according to the latest General Accounting Office study, and security concerns over PHI might actually be holding them back from achieving better of quality of care. As required by the HITECH Act, the GAO released a study on Feb. 17, 2010 titled “Health Care Entities’ Reported Disclosure Practices and Effects on Quality of Care.”
Continue reading...HIPAA Compliance: Practical Breach Notification Tips
Wednesday, January 27, 2010
If a breach involves 500+ people, here’s what your health care organization will suffer. Picture this: A nurse hands a patient someone else’s discharge papers but promptly discovers the error and retrieves the protected health information. Would your health care organization have to report that as a breach of unsecured PHI under HIPAA notification rules? The answer: It depends. The scenario wouldn’t constitute a breach — “if the nurse can reasonably conclude that the patient couldn’t have read or otherwise retained the information,” according to the Health & Human Services’ (HHS) interim final rule implementing the new requirements. But suppose the patient turned the corner and was out of sight momentarily and the discharge orders included “a sensitive diagnosis such as HIV, and the facility was in a small community”— or the nurse had reviewed the discharge orders with the patient, says Chicago attorney Michael Roach. Those scenarios could trigger the notification requirements, he…
Continue reading...If a PHI Breach Fits One of These Exceptions, You May Be Home Free
Wednesday, January 27, 2010
Include this information as part of your risk analysis. Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows: Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.
Continue reading...Follow These 3 Tips to Protect PHI
Tuesday, January 19, 2010
Hint: Paper files can be breached just as easily as electronic files. You may be sure that you’ve dotted all of your i’s and crossed all of your t’s, but if you miss even a small piece of the privacy puzzle, you can compromise your entire system. Take a look at these three reminders to ensure that you’re starting 2010 with your privacy program on the right foot: 1. Don’t Let Paper Get Lost in the Shuffle. You may think of patient privacy exclusively in terms of protecting electronic patient data, but paper files are just as likely to be compromised. “With the advent of the HITECH changes, breaches occurring with paper records will be treated the same way as electronic data,” says Gregory Michaels, manager of security and compliance solutions at BluePrint Healthcare IT in Cranbury, N.J.
Continue reading...Remote Workers? Protect PHI With This Sample Document
Wednesday, January 13, 2010
Don’t have a policy for employees who work with PHI? We’ve got what you need to write one quickly. Your practice has tough decisions to make when allowing employees to handle patients’ private health information (PHI) while working from offsite locations. You may require encryption, you may prohibit them from working on their personal laptops when dealing with PHI, or you may even only allow remote work when it’s done for emergency reasons. But no matter what, you need to communicate your privacy expectations to your employees. Consider this sample document as a guide, contributed by Glenn Allen, information security director with Fairview Health Services in Minneapolis, Minn:
Continue reading...Got Remote Employees? Get These PHI Safeguards
Wednesday, January 6, 2010
Health system puts over a million records at risk. If you’ve been putting privacy compliance on the back burner, it’s time to bring it up front again. Investigators are paying attention, and you should, too. Last year, for example, officials of a health system in Connecticut announced that an unencrypted hard drive with about 1.5 million patients’ information on it was stolen, potentially subjecting that protected health information (PHI) to abuse. Stories like this are certainly eyecatching — and add to that the new focus in privacy with the introduction of the HITECH act — and you can be sure that patient privacy is gearing up to take center stage. And with employees taking work home and bringing laptops or cell phones with them to the office, you should be sure that your office’s security is tight. Next: Practical encryption tips …
Continue reading...Slightly Snarky Tweet or PHI Breach? You Decide
Wednesday, January 6, 2010
HIPAA & Free Speech clash at Mississippi’s University Medical Center A simple tweet has sparked a HIPAA compliance and public relations mess at Mississippi’s University Medical Center, and an administrative assistant is out of a job as a result, reports a local TV station. The controversy began when Mississippi governor Haley Barbour posted this tweet on his Twitter page: ”Glad the Legislature recognizes our dire fiscal situation. Look forward to hearing their ideas on how to trim expenses.” “Schedule regular medical exams like everyone else instead of paying UMC employees over time to do it when clinics are usually closed,” tweeted UMC administrative assistant Jennifer Carter. She had heard that the governor had come into UMC for a physical one Saturday three years ago, and that the clinic had to be staffed up with 15-20 workers just for his visit. Next: Carter paid dearly …
Continue reading...Trends: Medical Identity Theft Increases
Wednesday, December 2, 2009
Resource: Look for a new report from the World Privacy Forum early in 2010. Even as the feds repeatedly postpone the compliance deadline for the Red Flags Rule, medical identity theft is on the rise, reports The Wall Street Journal. Experts say the recession is one factor contributing to the climb, as patients use the insurance cards of relatives or friends to obtain care they can’t afford. A bigger problem is the influx of fraudsters who see PHI as easy pickings. These crooks typically pay health care workers for insurance information and then resell it. Up Next: PHI theft hot spots …
Continue reading...EHR Resource: Privacy Impact Assessment (PIA) Road Map
Tuesday, October 27, 2009
Wondering exactly what a PIA is? We’ve got the short answer here, plus a link to a cool tool that will help you with your own PIA, pronto. A PIA is a risk mitigation tool that helps you prevent privacy problems before they occur, (unlike retrospective audits, which pinpoint past or existing breaches). PIAs evaluate whether a new HIT system or procedure complies with HIPAA. It helps ensure a good return on your EHR investment because it offers a systematic way to identify and remove any inherent risks. AUDIO TRAINING EVENT: Adopting Electronic Medical Records: Your Guide to Preparation, Pitfalls, and Performance, with Jim Sheldon-Dean. It’s vital to start a PIA as early as possible — ideally in the project initiation phase — to recognize any major issues embedded in a new system’s design before you implement it, stressed Erik Pupo, practice manager at Project Performance Corporation in McLean, Va., at…
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Wednesday, March 3, 2010
0 Comments