Tag Archive | "security"
Put All Your Hospital’s Data Security Policies in One Place
Make sure your security compliance program has these 4 policies. Once your hospital has created an information security management process, you are ready to create the rest of the policies and procedures that will help you comply with HIPAA security regulations. Jim Sheldon-Dean, director of compliance services with Lewis Creek Systems LLC, told participants in a recent audio conference that your hospital’s policies and procedures must reflect what your real operations are.
Continue reading...Your Hospital’s Quick Start Guide to Information Security Management
Wednesday, December 9, 2009
Do you have a security compliance plan? Take these 5 steps first. Hospitals are understandably spending much time and money these days trying to prepare or go live with an electronic medical records system, but don’t forget that interconnected health records bring a new threat to data security. If you don’t want your facility in tomorrow’s headlines, make sure you have an information security process in place that will guide you if and when you experience data breaches. “In the future, with interconnected health records, when you can go into hospital and they can call up your records from across country, what if a chunk of it is fraudulent?” asked Jim Sheldon-Dean, director of compliance services with Lewis Creek Systems LLC, in a recent audio conference. “The importance of getting this right cannot be overstated.” The possible…
Continue reading...HIT Cool Tool: Help Staffers Combat PHI Security Breaches
Wednesday, December 2, 2009
Train your health care staff with this checklist of 10 security incident warning signs. Would you bank on your staff’s ability to spot a security violation? Don’t gamble with your compliance program — use this list to help your staff see through security scams. You Could Be Experiencing A Security Incident If: • your application’s response time slows down significantly. • your passwords stop working. • a messages pops up asking for your personal information. • someone tries to coerce you into giving over your login information.
Continue reading...HIT Staffing: Do We Need IT Experts or Health Care Experts?
Wednesday, November 18, 2009
Or do we need both? Training & teamwork strategies that bridge the divide. Refugees from the technology and financial busts are flooding into health care to get their share of stimulus billions, but health care providers won’t get their money’s worth unless they build collaborative teams who really understand what the ‘H’ means in HIT. If you read IT industry news, you come away with the impression that IT professionals with no health care setting experience have all they need to ‘fix’ HIT. A recent ‘Career Tips’ article for IT professionals who want to get into health care is an example. Between 50,000 and 100,000 new HIT jobs will sprout up by 2015, says Information Week, an IT industry trade publication that’s been around for years. “If you’re considering a career path into health IT — but have limited have previous experience working in clinical environments, don’t despair,”…
Continue reading...Health Care Organizations Lag on HIT Security
Wednesday, November 11, 2009
Despite new legal requirements like HITECH, health care organizations have not made a lot of progress in the last year in preparing for security challenges such as privacy breaches and electronic PHI, according to a new survey released Nov. 3, 2009 by the Healthcare Information and Management Systems Society. “Healthcare organizations have made relatively little change since the assessment of the market HIMSS conducted in 2008 across a number of important areas of the security environment,” warns the industry group in its 2009 Security Survey. “Respondents characterized their own maturity level as mid-range, budgets dedicated to security remain low, and many organizations still do not have a formally designated CSO/CISO.”
Continue reading...Stolen BCBS Laptop Miffs Connecticut Attorney General
Tuesday, November 10, 2009
Anthem Blue Cross Blue Shield did not follow PHI breach notification procedures, AG charges. What began as a personal laptop stolen from a one of three cars parked in a Chicago neighborhood on August 25 has become a provider and public relations nightmare for Anthem Blue Cross Blue Cross Blue Shield. Connecticut Attorney General Richard Blumenthal wants to know why some Connecticut providers weren’t notified about the possible security breach until recently, reports The Connecticut Post. The AG also criticized Anthem BCBS for offering only one year’s credit monitoring and insurance to those whose PHI might have been leaked in the breach. Anthem has since extended credit protection to two years. So what happened in the first place?
Continue reading...Sending PHI Via Email? How to Make Sure It Stays Safe
Tuesday, September 8, 2009
Look at alternatives to encryption when you deem them necessary. An email that contains a patient’s protected health information (PHI) can be completely harmless —unless it falls into the wrong hands. But fortunately, there are a few ways that you can head off potential email security breaches. Although many health care providers have started encrypting their emails, you aren’t specifically required to do so yet. As the interim final rule published in the Aug. 24 Federal Register indicates, that “a covered entity may be in compliance with the [HIPAA] Security Rule even if it reasonably decides not to encrypt electronic PHI and instead uses a comparable method to safeguard the information.” Several readers have inquired what might constitute a “comparable method,” and some even asked why this is required in the first place. And we’ve got your answers here …
Continue reading...Cloud Computing for HIT: Stormy Weather or Silver Lining?
Wednesday, August 26, 2009
Here are pros and cons to know before you hop on the cloud. More and more IT companies with little to no experience in health care — but plenty of market share on the Internet — are heading into the HIT business, offering providers and other health care professionals off-site server space where they can maintain patient records. This is known as “cloud computing” — in which providers use web-based software provided by the IT company to access that server space, so that their records exist in the so-called “cloud” of the Internet. Cloud computing, according to the National Institute of Standards and Technology, “is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” AUDIO: Reduce your…
Continue reading...Need EHR Help? HHS Plans to Open 70 Regional Centers That Can Assist You
Saturday, August 22, 2009
Kathleen Sebelius Plus: HHS officials give an ETA for their ‘meaningful use’ definition. Need a jump start to institute your electronic health record (EHR) system? The government plans to give the program a shot in the arm by injecting $1.2 billion in grants that will go toward helping healthcare providers implement EHRs. The grants will go toward two areas, said Kathleen Sebelius, Health and Human Services (HHS) secretary, during an Aug. 20 conference call with members of the healthcare media. AUDIO: Is someone besides HHS helping you out with EHR? How to make sure well-intentioned EHR deals don’t run afoul of Stark. With health care attorney Wayne Miller. The first goal includes $598 million to fund about 70 regional centers. The centers will “support physicians and hospitals in the adoption and meaningful use of EHRs,” noted David Blumenthal, MD, CMS’s national coordinator for health information technology, during the call.
Continue reading...HHS OCR Is New HIPAA Security Regulator
Tuesday, August 4, 2009
You’ve got a new sheriff in town for HIPAA enforcement. The Department of Health and Human Services is handing over the administration and enforcement of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HHS Office for Civil Rights. CMS formerly oversaw enforcement of the rule. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic-protected health information. OCR has enforced HIPAA’s Privacy Rule since 2003. CMS hopes the Security’s Rule’s move to OCR will trim some administrative inefficiency and improve regulation, given that privacy and security are so closely connected. “The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule,” points out
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Wednesday, December 16, 2009
0 Comments