Healthcare and Technology news
48.0K views | +0 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Healthcare Providers & Vendors Need HIPAA Cloud Solution!

Healthcare Providers & Vendors Need HIPAA Cloud Solution! | Healthcare and Technology news | Scoop.it

Cloud solutions are quickly becoming the new norm for the way businesses operate today. Many companies are moving from legacy software systems to online “hosted” alternatives, such as SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) or IaaS (Infrastructure-as-a-Service). The benefits of cloud-based solutions over desktop software are wide-ranging, affecting everything from productivity to data security. Healthcare organizations also need to take the appropriate precautions to ensure that they have a HIPAA compliance cloud.

 

It makes sense to see why so many organizations are adopting cloud-based solutions–improved efficiency, flexibility, cost reduction, mobility, as well as around the clock support are all driving forces behind the growth of cloud services.

 

Yet, HIPAA compliance cloud services also raise some concerns in regards to security and compliance, which go hand-in-hand to help organizations keep their sensitive healthcare data safe. For businesses operating in the healthcare industry, which accounts for approximately one-fifth of the US economy, these concerns escalate due to HIPAA regulatory requirements that mandate the privacy and security of patients’ protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, Social Security numbers, phone numbers, medical records, and full facial photos, to name a few.

 

HIPAA applies to covered entities, such as providers and insurance plans, as well as business associates who perform certain functions for, or on behalf of another health care organization that involves receiving, maintaining, or transmitting PHI.

 

For example, a cloud service provider (CSP) who are involved in handling PHI for a covered entity whether it is data storage or a complete software solution such as a hosted electronic medical record system, are still considered a business associate and need to implement a HIPAA compliance cloud.

HIPAA Compliance in the Cloud

In a nutshell, both covered entities and business associates need a HIPAA compliance cloud that allows for the creation of an effective compliance programThe Department of Health and Human Services (HHS) released detailed, five-step guidance on cloud computing that parties must adhere to in order to maintain HIPAA compliant relationships. This HHS guidance on HIPAA compliance cloud services includes:

 

  1. Execute a Business Associate Agreement– A business associate agreement outlines what business associates can and cannot do with the PHI they access, how they will protect that PHI, how they will prevent PHI disclosure, and the appropriate method for reporting a breach of PHI  if one would occur. It also defines liability in the event of a data breach.
  2. Conduct a HIPAA Security Risk Assessment– The covered entity or business associate that works with a cloud service provider must document the cloud computing environment and security solutions put in place by the cloud service provider as part of their risk management policies.
  3. Abide by the HIPAA Privacy Rule– A covered entity must enforce proper safeguards in order to keep PHI safe and information can only be disclosed to a business associate after a business associate agreement has been executed.
  4. Implement HIPAA Security Safeguards– A business associate must comply with all three key security safeguards outlined in the HIPAA Security Rule: Physical, Technical and Administrative.
  5. Adhere to the HIPAA Breach Notification Rule- In the event of a data breach, covered entities and business associates are required to document and investigate the incident. All breaches must be reported to HHS OCR. All affected parties must be notified as well.

 

The only exception to the Breach Notification Rule is if the data was properly encrypted. If, for example, a properly encrypted device containing PHI goes missing, then there is a low probability that the data will be accessible by an unauthorized user. In this case, a breach will not have to be reported under the provisions of the Breach Notification Rule.

 

However, it is crucial that all HIPAA covered entities and business associates read the standards outlined in the regulation to determine the proper level of HIPAA encryption for different modes of data storage and transmission.

 

If a covered entity does not execute a Business Associate Agreement with a third party vendor with whom they share PHI, both organizations are leaving themselves exposed to a significant risk of HIPAA violations.

A HIPAA Compliant Cloud Will Save You Money

Data breaches are very costly–not only due to monetary penalties but also because of the long-lasting reputational damage a breach can have on an organization.

 

HIPAA breach fines can range anywhere from $100 to $50,000 per violation or record, with up to a maximum of $1.5 million per violation. When multiple violations or a large scale data breach occurs, these fines can compound and lead to millions of dollars in HIPAA fines. As if that isn’t bad enough, breaches are publicly listed on the “Wall of Shame,” maintained and enforced by HHS OCR. This list shows all HIPAA breaches affecting 500 or more individuals. Even worse, some HIPAA violations can lead to criminal charges, carrying the potential for jail time.

 

In order to avoid violations and fines, healthcare providers and business associates must comply with HIPAA regulations which means protecting the security and privacy of their patients.

Compliance Group Can Help!

Compliance Group helps healthcare professionals and business associates effectively address their HIPAA compliance with our cloud-based app, The Guard. The Guard allows users to achieve, illustrate, and maintain compliance, addressing everything that the law requires.

 

Users are paired with one of our expert Compliance Coaches. They will guide you through every step of the process and answer any questions you may have along the way. Compliance Group simplifies compliance so you can get back to confidently running your business.

 

And in the event of a data breach or HIPAA audit, our Audit Response Team works with users through the entire documentation and reporting process. At Compliance Group, we go above and beyond to help demonstrate your good faith effort toward HIPAA compliance.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Health IT outsourcing poised for growth in 2015, beyond

Health IT outsourcing poised for growth in 2015, beyond | Healthcare and Technology news | Scoop.it

The market for IT outsourcing in healthcare and life sciences is expected increase at an 8.6 percent compound annual growth rate through 2019, with the adoption of cloud-based services among the major trends, according to global research firm TechNavio.

Organizations might be outsourcing just a few applications or their whole IT operations, relying on managed services to eliminate the need for an in-house IT staff. IT outsourcing helps healthcare providers to deploy business applications rapidly and focus on their core business.

Hospitals and clinics, which have difficulty keeping with up myriad changing government regulations, tend to outsource applications related to operations, finance, database management and infrastructure, according to the report. This outsourcing helps to reduce operational and maintenance costs.

The report also points to the rise in use of predictive and content analytics for clinical and operational insights.

By 2020, 80 percent of healthcare data will pass through the cloud at some point in its lifetime as providers increasingly turn to the cloud for data collection, aggregation, analytics and decision-making, IDC Health Insights recently predicted.

IDC also estimated that half of health and life science buyers by 2018 will demand substantial risk sharing with their outsourcing partners.

Hospitals increasingly plan to outsource coding efforts in the coming year, according to a survey published by Black Book Rankings, which found in a separate survey that a majority of hospital CFOs plan to either outsource or purchase new revenue cycle management software by the end of 2015.

Dick Escue, CIO of Valley View Hospital in Colorado, made the case for buying effective services, not mega-expensive hardware, in a November article published at Becker's Health IT & CIO Review.

Yet Peter Odegard, information security officer at Children's Hospitals and Clinics of Minnesota, told FierceHealthIT that it's increasingly difficult for hospitals to keep track of all the vendor partners that host, store or analyze data, adding to the complexity of security patient data.


more...
No comment yet.
Scoop.it!

Your keys to safer, even more secure healthcare cloud services

Your keys to safer, even more secure healthcare cloud services | Healthcare and Technology news | Scoop.it

In my last HealthBlog post, I made the case that we need to focus more on simplicity in healthcare and health IT. Simplicity should be the watchword for solutions in 2015. Thus far, many technology, business and delivery system solutions in the healthcare sector seem to be making life harder instead of better. Isn’t technology supposed to help set us free?

I think cloud computing and storage falls into the category of something that should make health IT solutions better, more scalable, easier to manage, easier to use, and less costly. Now, I’ll admit that when the world first started talking about cloud computing for healthcare, I was a bit of a skeptic. However, I also know that both IT leaders and clinicians have long been seeking solutions that don’t take a basement full of servers and a large staff of IT professionals to manage. “Plug and Play” is a much better strategy for healthcare if you can find it. For that reason alone, health customers around the world have been migrating more and more of their IT to the cloud. The cloud delivers greater simplicity and helps lower costs.

Of course in healthcare, especially where personally identifiable health information is at play, you can’t just focus on simplicity without paying a whole lot of attention to privacy and security. If anything keeps healthcare organizations at distance from considering public cloud solutions for their IT needs, it is concerns about that. Many of those concerns can be addressed by working with IT providers that are fully HIPAA aware and willing to sign Business Associate Agreements (BAA) with their clients. But I think health organization IT leaders are seeking even more assurance than that when they turn over their precious data for safe keeping with a public cloud services provider. They are also seeking world-class tools to help manage the services and data they are trusting to the cloud. That’s why today’s announcement from Microsoft is good news for hospitals and health organizations. Forgive me if this is a bit techie, but I know IT professionals will fully appreciate the news about something we are calling Azure Key Vault.

Azure Key Vault helps customers safeguard and control keys and secrets using a Hardware Security Module (HSM) appliance in the cloud, with ease and at cloud-scale. Key Vault can be configured in minutes, without the need to deploy, wait for, or manage an HSM and has a single programming model across HSM-protected and software-protected keys.

This makes it easier and more economical for customers to encrypt sensitive data, sign certificates, and safeguard secrets in the cloud. For example, with Key Vault, customers can easily encrypt a SQL Server Virtual Machine with TDE (Transparent Data Encryption) using the SQL Server Connector available for Key Vault. Furthermore, customers can deploy an encrypted Virtual Machine with CloudLink SecureVM with the master keys in Key Vault.

So, there you have it. One more reason for hospitals and healthcare systems to turn to the cloud to simplify what they do and help IT departments focus more on their organization’s core business (patient care) and less on projects to maintain complex IT infrastructure and storage.

more...
No comment yet.
Scoop.it!

An Overlooked Provision of H.R. 4302

An Overlooked Provision of H.R. 4302 | Healthcare and Technology news | Scoop.it

While everyone is talking about Sec. 212 of the Protecting Access to Medicare Act of 2014 (H.R. 4302), which would delay the compliance date of ICD-10 for another year, there is another significant provision in the bill for informatics observers.

Sec. 218 of the temporary Sustainable Growth Rate (SGR) "doc fix" bill, which was passed in the House and Senate and is awaiting Presidential approval, would provide quality incentives for computed tomography diagnostic imaging and promoting evidence-based care. Part of this provision requires the Secretary of the Department of Health and Human Services (HHS) to define clinical decision support mechanisms, determined by various industry stakeholders, that will be used by providers prescribing advanced imaging procedures for Medicare patients.

In a nutshell, says Cindy Moran, a Reston, Va.-based American College of Radiology (ACR) executive vice president of government relations, it mandates ordering physicians to use clinical decision support tools to justify the prescription of those advanced imaging procedures. The provision requires those clinical decision support mechanisms to be used in certified electronic health record (EHR) technology.  Only when the provider informs which clinical decision support mechanism was used to prescribe that study can they receive payment for those services under Medicare.

This evidence-based guideline is a “very important concept,” to Moran and the ACR folks. So much so, they asked for its inclusion in the bill working with various Congressmen and other stakeholders, she says.

They also asked for two other provisions, related to imaging.  One provision forces the Centers for Medicare and Medicaid Services (CMS) to produce data to justify a 25 percent multiple procedure payment reduction on certain imaging procedures provided to the same patient, on the same day, in the same session. The other put a ceiling on the reduction of certain codes.

ACR was one of the few groups to outright support the passage of the SGR “doc fix” bill. It applauded the delay of the ICD-10 mandate as well. Moran said that while the organization didn’t specifically request the delay, she said it will be helpful to the average physician practice, which is overwhelmed by the transition.

Overall, ACR is looking for a permanent fix to the SGR, Moran says. However unlike other advocacy groups, it is pleased with the passage of H.R. 4302.

The ACR wasn’t the only one to applaud those imaging provisions.  The Access to Medical Imaging Coalition (AMIC), which is a nonprofit group that consists of various imaging industry stakeholders, was equally as happy with the bill. In statement, the group said the appropriateness policy is encouraging.

"The best way to support physicians in ordering the right diagnostic imaging scan at the right time is for Medicare to encourage physicians and patients to make treatment decisions that best suit individualized needs and circumstances,” Tim Trysla, executive director of AMIC, said in a release.


more...
No comment yet.