Healthcare and Technology news
47.6K views | +4 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Healthcare Providers & Vendors Need HIPAA Cloud Solution!

Healthcare Providers & Vendors Need HIPAA Cloud Solution! | Healthcare and Technology news | Scoop.it

Cloud solutions are quickly becoming the new norm for the way businesses operate today. Many companies are moving from legacy software systems to online “hosted” alternatives, such as SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) or IaaS (Infrastructure-as-a-Service). The benefits of cloud-based solutions over desktop software are wide-ranging, affecting everything from productivity to data security. Healthcare organizations also need to take the appropriate precautions to ensure that they have a HIPAA compliance cloud.

 

It makes sense to see why so many organizations are adopting cloud-based solutions–improved efficiency, flexibility, cost reduction, mobility, as well as around the clock support are all driving forces behind the growth of cloud services.

 

Yet, HIPAA compliance cloud services also raise some concerns in regards to security and compliance, which go hand-in-hand to help organizations keep their sensitive healthcare data safe. For businesses operating in the healthcare industry, which accounts for approximately one-fifth of the US economy, these concerns escalate due to HIPAA regulatory requirements that mandate the privacy and security of patients’ protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, Social Security numbers, phone numbers, medical records, and full facial photos, to name a few.

 

HIPAA applies to covered entities, such as providers and insurance plans, as well as business associates who perform certain functions for, or on behalf of another health care organization that involves receiving, maintaining, or transmitting PHI.

 

For example, a cloud service provider (CSP) who are involved in handling PHI for a covered entity whether it is data storage or a complete software solution such as a hosted electronic medical record system, are still considered a business associate and need to implement a HIPAA compliance cloud.

HIPAA Compliance in the Cloud

In a nutshell, both covered entities and business associates need a HIPAA compliance cloud that allows for the creation of an effective compliance programThe Department of Health and Human Services (HHS) released detailed, five-step guidance on cloud computing that parties must adhere to in order to maintain HIPAA compliant relationships. This HHS guidance on HIPAA compliance cloud services includes:

 

  1. Execute a Business Associate Agreement– A business associate agreement outlines what business associates can and cannot do with the PHI they access, how they will protect that PHI, how they will prevent PHI disclosure, and the appropriate method for reporting a breach of PHI  if one would occur. It also defines liability in the event of a data breach.
  2. Conduct a HIPAA Security Risk Assessment– The covered entity or business associate that works with a cloud service provider must document the cloud computing environment and security solutions put in place by the cloud service provider as part of their risk management policies.
  3. Abide by the HIPAA Privacy Rule– A covered entity must enforce proper safeguards in order to keep PHI safe and information can only be disclosed to a business associate after a business associate agreement has been executed.
  4. Implement HIPAA Security Safeguards– A business associate must comply with all three key security safeguards outlined in the HIPAA Security Rule: Physical, Technical and Administrative.
  5. Adhere to the HIPAA Breach Notification Rule- In the event of a data breach, covered entities and business associates are required to document and investigate the incident. All breaches must be reported to HHS OCR. All affected parties must be notified as well.

 

The only exception to the Breach Notification Rule is if the data was properly encrypted. If, for example, a properly encrypted device containing PHI goes missing, then there is a low probability that the data will be accessible by an unauthorized user. In this case, a breach will not have to be reported under the provisions of the Breach Notification Rule.

 

However, it is crucial that all HIPAA covered entities and business associates read the standards outlined in the regulation to determine the proper level of HIPAA encryption for different modes of data storage and transmission.

 

If a covered entity does not execute a Business Associate Agreement with a third party vendor with whom they share PHI, both organizations are leaving themselves exposed to a significant risk of HIPAA violations.

A HIPAA Compliant Cloud Will Save You Money

Data breaches are very costly–not only due to monetary penalties but also because of the long-lasting reputational damage a breach can have on an organization.

 

HIPAA breach fines can range anywhere from $100 to $50,000 per violation or record, with up to a maximum of $1.5 million per violation. When multiple violations or a large scale data breach occurs, these fines can compound and lead to millions of dollars in HIPAA fines. As if that isn’t bad enough, breaches are publicly listed on the “Wall of Shame,” maintained and enforced by HHS OCR. This list shows all HIPAA breaches affecting 500 or more individuals. Even worse, some HIPAA violations can lead to criminal charges, carrying the potential for jail time.

 

In order to avoid violations and fines, healthcare providers and business associates must comply with HIPAA regulations which means protecting the security and privacy of their patients.

Compliance Group Can Help!

Compliance Group helps healthcare professionals and business associates effectively address their HIPAA compliance with our cloud-based app, The Guard. The Guard allows users to achieve, illustrate, and maintain compliance, addressing everything that the law requires.

 

Users are paired with one of our expert Compliance Coaches. They will guide you through every step of the process and answer any questions you may have along the way. Compliance Group simplifies compliance so you can get back to confidently running your business.

 

And in the event of a data breach or HIPAA audit, our Audit Response Team works with users through the entire documentation and reporting process. At Compliance Group, we go above and beyond to help demonstrate your good faith effort toward HIPAA compliance.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Healthcare Technology trends to watch out 

Healthcare Technology trends to watch out  | Healthcare and Technology news | Scoop.it

The healthcare industry is on the cusp of a digital revolution. People are empowered with health information, thanks to technological innovations in digital health. It’s vitally important that healthcare professionals continue to stay up to date on advances in technology that will improve not only their internal systems but also patient treatment and care.

 

In this article, we’ll focus on top healthcare technology trends for 2018 in three main areas, namely Patient Engagement, Hospital Workflow, and Treatment.

 

Patient Engagement


2018 will witness more developments in the arena of patient-centric care. Mobile health is gaining prominence, pointing us to the fact that individuals are taking a more active role in their own health. Wearables and fitness trackers are gaining mass adoption by people of varying demographics. About 50% of healthcare consumers are expected to be active digital health tech adopters in 2018. Now, more than ever, patients will begin to have a say in their choice of treatment and expect transparency of information exchange from healthcare providers.

 

Telemedicine is another model of healthcare that is gaining traction in this hyper connected world. Get ready to see a rise in demand by consumers for health advice and information in the coming months. Adoption of telemedicine will connect patients and doctors like never before. The digital health empowered individual will pose a challenge to traditional healthcare services that are slow in adapting to the digital transformation happening around. The quality of service from healthcare providers will be measured by the ease of access to information by patients.

 

Hospital Workflow


Technology continues to advance as people become more and more accustomed and able to access information in seconds rather than hours or even days. Because of this, slow-paced administrative processes in hospitals are becoming increasingly frustrating to patients. This includes things as simple as difficulties of scheduling an appointment, to accessing medical reports, or even trouble in exchanging information between providers.

 

Hospitals are expected to make use of digital platforms and cloud computing services as part of their patient engagement measures. The motto of 2018 will be data access, anywhere, anytime.

 

Mobile health, telemedicine, and Electronic Health Records (EHR) will produce a plethora of data that healthcare providers can utilize to improve patient care. One of the challenges that many providers will face is the issue of storing and securely transmitting sensitive patient health information (PHI). Many organizations still depend on legacy fax equipment to securely transmit documents despite the criticism of relying on this ancient technology. Thankfully, 2018 will be the year hospitals decide to choose alternative technologies like online faxing that is secure, cost-effective, and environmentally friendly.

 

Other exciting news awaiting us as we talk about secure transmission of data is the blockchain. Utilization of the blockchain will disrupt the way data has been handled until now. IDC Health Insights predicts that 20% of healthcare organizations will actively develop systems utilizing the blockchain to keep data secure and enable easy exchange of information between trusted partners.

 

Treatment


Robots are coming - Not Terminators, but life savers.

 

Experts suggest that practitioners will make use of Artificial Intelligence (AI) for better diagnosis, surgeries, assistants, and more. Virtual Reality and Augmented Reality will become common tools at the hands of doctors for educating patients. AI bots will slice and dice data to help doctors make more accurate clinical decisions. The combined force of blockchain and AI will open a new realm in healthcare which will ultimately help provide better patient care. Use of AI will increase the efficiency and productivity of doctors as well. For those who fear a robotic conquer of the world, be assured that AI in healthcare is not going to replace doctors, but empower them.

 

These technological developments will help to fuel a positive change in the healthcare industry in 2018. It’s impossible to predict the pace of these implementations in hospitals, as these require not only capital and training but also an open-minded and forward thinking CIO that’s willing to adopt new and innovative technologies. The pertinent question is, are you ready to embrace the change?

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Will Wearable Devices Change Patient Outcomes? | Blog

Will Wearable Devices Change Patient Outcomes? | Blog | Healthcare and Technology news | Scoop.it

Nine months ago, I started wearing an activity tracker, and it’s completely changed the way I approach health and fitness. And I’m part of a major trend. Whether you want to measure heart rate, activity level or caloric burn, there’s an ever-growing number of devices that do the job. Both non medical and medical companies are trying to get in the game, from theNike Fuelband to Fitbit to Apple’s new iOS Healthbook.

 

In a perfect world, a single tracker would do everything, à la the Star Trek Tricorder. But in real life it doesn’t work that way. The resultant explosive growth — a potential multibillion-dollar market — has left us with fragmented solutions that aren’t engaging the patients who account for the greatest share of healthcare spend.

Nine months ago, I started wearing an activity tracker, and it’s completely changed the way I approach health and fitness. And I’m part of a major trend. Whether you want to measure heart rate, activity level or caloric burn, there’s an ever-growing number of devices that do the job. Both non medical and medical companies are trying to get in the game, from theNike Fuelband to Fitbit to Apple’s new iOS Healthbook.

 

In a perfect world, a single tracker would do everything, à la the Star Trek Tricorder. But in real life it doesn’t work that way. The resultant explosive growth — a potential multibillion-dollar market — has left us with fragmented solutions that aren’t engaging the patients who account for the greatest share of healthcare spend.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

Women and Nonbinary People in Information Security

Women and Nonbinary People in Information Security | Healthcare and Technology news | Scoop.it

I’ve got great news for you! My interview series continues.

Last week, I spoke with Nicola Whiting, cyber hygiene specialist, and Titania Chief Strategy Officer.

 

This time, I had the privilege of speaking with defensive security expert Liz Bell. We talked about the 90s internet, blue teaming, sexism and transphobia in tech as well as what pen testing can teach you about defensive security.

 

Kim Crawley: Please tell me a bit about yourself and what you do.

Liz Bell: I work for a cybersecurity defense company that provides network monitoring and response tools for customers in the finance, government, and energy sectors. I work on the internal monitoring team, which means I help keep our own networks safe. Before that, I worked in penetration testing punctuated with some time in academia doing research on applying machine learning techniques to attacking ciphers, and before that, I was a software engineer. I’ve been interested in security since I was little, though. Being lucky enough to have grown up with the web, I just caught the tail end of the BBS era, and so I got to see security start to become something people actually took seriously. Being curious, my general instinct was to find ways to circumvent limitations. Now I get to spot people trying to do those same things.

 

KC: It sounds like you’ve been online since the 90s. I’ve been online since 1994. Is there anything about the 90s internet that you miss these days?

LB: There are a few things that I’m kind of nostalgic about like MSN chat rooms, hearing my phone sing the internet song to the gateway, downloading Win32 viruses from Napster and Limewire, earning badges and posting angsty poetry on Bolt.com, but I think the main thing I miss is the openness and generosity of the web back then. These days, it feels like, if you’re fortunate, you have a series of walled gardens, and if you’re not, you’re facing a never-ending stream of racist/homophobic/transphobic content and intrusive adtech.

 

KC: You mentioned P2P malware, which is still a problem these days. How do you think online cybersecurity challenges are different now compared to back then?

LB: I think a major difference between then and now, if not the main difference, is money. Once we started being able to shop and bank online, users became a good target for scammers, extortionists and other organized crime groups. Not to mention the environment is now extremely different; a lot of people now have a lot of their lives stored in phones, tablets, and laptops, and some of those also end up connecting to corporate or industrial networks. For organizations, this means that just defining what your network perimeter is can sometimes be impossible.

As far as national security is concerned, the public at large has become much more aware of the scale of state-level activities on communication networks, much more than when the ECHELON disclosures happened, as far as I can tell. I think that has also led to something of a change in what people’s threat model looks like.

 

KC: Echelon! I knew someone who worked at Lawrence Livermore back in the day, apparently on that particular project.

LB: That’s awesome! I work with a lot of former IC and .mil people who I understand have probably been involved in a lot of things that would make for extremely interesting conversations, but alas, I’m not cleared.

 

KC: How has your penetration testing experience helped you with your blue teamwork?

LB: It’s a big help. Understanding the different kinds of techniques and tools used by adversaries to compromise accounts, intercept traffic or steal data means I have more of an ability to spot patterns or suspicious outliers in our sensor data. Likewise, seeing how blue teams operate makes me better at doing the offensive work or, at least, doing it in a way that’s less likely to get me caught! I’m increasingly a proponent of getting the red team and blue team members to trade sides occasionally or work together to have a better understanding of how the other side operates.

 

KC: Has sexism ever been a challenge in your career?

LB: Honestly, I don’t know. When I first started, I hadn’t transitioned yet, and so I was perceived as an (effeminate, not assertive) man, and so presumably I benefited from that when it came to getting my career started. At a previous employer, after transitioning, I was the only female penetration tester in the office, the only woman I knew of working in a technical role, and the only out queer person, and I started getting more complaints about my performance. I ultimately ended up leaving, and it definitely became harder to find work afterward, but then again, what I was looking for was pretty specific. I’m lucky enough to have been hired by a woman and be managed by a woman, in my current role, even though the team is still largely white cisgender straight men.

 

KC: Well, you’re not the first transgender woman I’ve interviewed in this series. I’m happy to see more transgender people in cybersecurity.

LB: I actually applied to the place I’m working at now because a good friend of mine, who’s also trans, worked there. It was an incredible privilege to go from this extremely homogenous environment to getting to work professionally in information security with another queer trans woman.

 

KC: Is there anything you miss about your pen testing days?

LB: I do miss the “let’s be evil” feeling, sometimes and the interaction with external clients from all kinds of different industries. My job now has maybe a little less variety, but I get to stick with projects longer, and being an investigator definitely makes up for not getting to pretend to be a criminal anymore!

 

KC: I have spoken to Defensive Security Handbook authors Ian Brotherston and Amanda Berlin, who believe that defensive security is underrated in our field. Do you agree?

LB: I think that offensive security gets a lot of the glamor, but penetration testing is really only a small piece of what keeps users safe. Blue team folks definitely don’t get nearly enough credit or support; offensive security people need to only find one problem, but defensive security practitioners can’t make a single mistake.

 

KC: Do you think a lot of organizations overlook defensive security?

LB: In my experience, a lot of organizations tend to maybe focus on the wrong things: or rather, they optimize for meeting regulatory requirements. Rules say they need a firewall and quarterly penetration tests, so they buy a firewall and contract the tests out. Security should be baked in everywhere; into the software development lifecycle, the monitoring and maintenance of the corporate network, training of new employees and continuous training of your existing staff and even how the organization interacts with suppliers. The line between ‘defensive information security’ and ‘physical security’ gets fuzzy, and I don’t know if many organizations prioritize either at sufficiently many levels of the stack.

 

KC: I’ve learned a lot from you. Do you have anything else you’d like to add before we go, Liz?

LB: I think it might be worth mentioning that machine learning is increasingly something people are exploring in both the defensive and offensive information security space, and in order to both defend against robot hackers and defeat Skynet, or build either, it helps to have that blended blue and red team exposure. Otherwise, thank you so much for your work here boosting not-male voices!

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Safe Texting In HealthCare : Do’s And  Dont’s 

Safe Texting In HealthCare : Do’s And  Dont’s  | Healthcare and Technology news | Scoop.it

Texting is the most popular feature of a smartphone and 97% of Americans sent texts to their friends and family because texting is easy, quick and an effective method to communicate. However, texting is considered as an unsafe method of communication for healthcare purposes. In the healthcare world there are many rules that govern this form of communication.

 

The privacy and security rule of HIPAA/HITECH covers communication of electronic protected health information (ePHI) that includes social media, email and text messages. For example, the nurses at a nursing facility sent patient information to the medical providers through a text message. Though there was no evidence that an unauthorized person viewed the messages, CMS chalked out a ten point remediation plan to train staff and appoint a HIPAA security officer and change the HIPAA policies and procedures of the nursing facility.

 

Immediate action was taken by CMS because texting creates a record, unlike a telephone call. In a telephone call, it is easier to know that you are communicating to the right person. While texting sensitive patient information is not at zero risk, because at least one third of people who have text their medical information to public surveys say that they have sent it to the wrong person by mistake. Further, HIPAA/HITECH privacy violation rules can charge fines up to $50,000. It is advisable to avoid the tendency to text patient information to a colleague for a quick patient consultation.

 

HIPAA Compliant Texting

 

Even though texting has many downsides, a secure mobile messaging compliant with HIPAA can be used with the following rules:

  • Secure data centers – Offsite or onsite data centers must adhere to high levels of physical security and policies. This is to control and conduct continuous risk evaluation for data exchange through texts.
  • Encryption – ePHI must be encrypted both in transit and at rest.
  • Recipient authentication – Confirmation that text communication containing ePHI goes only to the intended recipient
  • Audit controls – The ePHI message must be automatically recorded and it should be available for any type of audit such as sender, receiver, content, etc.

The volume of text messages indicates the preference for all to follow this method of communication. The number of texts sent by American in 2008 was 1 trillion and the number of text sent by Americans last year was 1.92 which is almost the double. Therefore texting cannot be abandoned fully, but the HIPAA rules mentioned above can make it safer to send and receive patient information through texting.

 

Appointment and Wellness Reminders using Text message

 

It may be a practice in your clinic to send reminder texts to patients for appointments. There are statistical evidence that text reminders reduces the rate of patient no-show. HIPAA rules does not regulate communications that are not a part of ePHI.

 

Text reminders help patients to follow medication, healthcare and recommended lifestyle. Researchers point out that text reminder help patients with chronic disease to manage diabetes. It helps African Americans to take their medication for time, especially those suffering from high blood pressure. Reminder texts help people to exercise and maintain their physical activity levels. In addition to the above advantages, more research is required to find out more best practices in texting patients.

 

Secure texting for the above services are now made available by Healthcare vendors through simple apps that allow medical professionals and physicians to use texting within a HIPAA approved platform. Government agencies usually do not use these apps, so it is important to make sure that these apps are HIPAA compliant. If you wish to avail texting service using a third party secure texting platform check for the three guidelines that offer security to PHI: integrity, confidentiality and availability. Nowadays, more than 80% of medical clinics and physicians use EHRS to communication with patients. Electronic health record systems allow communication with patients through text or email over a secure patient portal that meet the Meaningful Use requirement.

Whichever method of electronic communication is used, train your staff at the medical clinic to never transfer ePHI over a non-secure mode to save yourself from being penalized.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

A positive view of health reform, no thanks to the HITECH Act

A positive view of health reform, no thanks to the HITECH Act | Healthcare and Technology news | Scoop.it

Recently I completed the Commonwealth Fund’s 2015 International Survey of Primary Care Doctors. They wanted to know what I thought about our health system; if fundamentally it worked or needed to be better. They asked questions about my satisfaction with practicing medicine, the quality of care my patients receive, and my experiences with electronic medical records. (You can click here to read through the 2012 survey, to get an idea of what it’s all about.)


Their final question was about health care reform.

“Thinking about the health care law that was passed in 2010, also known as the Affordable Care Act (ACA) or Obamacare, would you say that you have a very favorable opinion, somewhat favorable opinion, somewhat unfavorable opinion, very unfavorable opinion, or not sure.”

And I realized, as I answered this:


That I have a somewhat favorable opinion of the Affordable Care Act. It is good for patients to have access to health insurance, even though there are ongoing and severe issues with access to care.

I have a very unfavorable opinion of the much-less-talked about HITECH Act, that rolled out about the same time as the ACA, and which has profoundly shaped physician practice and patient access. The HITECH Act pays doctors to use electronic medical records in a meaningful way in order to spur the widespread adoption of EMRs. But it didn’t provide any oversight of the EMR market to ensure that the EMRs could provide meaningful functionality in an efficient way.


When we used paper charts, I used to be able to comfortably see 24 patients and finish charting by the end of the day. Now with the suboptimal EMR adopted by our health center, I can barely see twenty, and I have to spend extra hours on evenings and weekends finishing computer charting. Sadly, the EMR hasn’t added clinical functionality beyond what paper charts did — each system is still fragmented, I can’t access records from specialists’  offices or most hospitalizations, lab results may or may not be integrated into the system, radiology reports are scanned in — only now I have to slowly click through each separate screen, rather than riffling through a chart to find what I need. A colleague described the process: “Death by a thousand clicks.”


I am not alone in taking longer with EMRs. A 2014 study in JAMA Internal Medicine showed that, nationwide, physicians average an additional 48 minutes a daycharting when using EMRs. When it take physicians longer, we take, on average 2 hours longer each day. But there are outliers — two-fifths of physicians are taking the same amount of time, or less. 2 percent even report being much more efficient! What I want to know are — what EMR products are the physicians using who find EMRs equal to or more efficient than paper charts? And can I use those too?


Not all EMRs are created equal. I have worked with three different systems since residency — one was awesome (integrating records across a county system), one was equivalent to paper (same amount of time to chart, but same challenges in accessing records from different systems adopted in the ED, inpatient, outpatient). This last EMR has been terrible. Of the hundreds of products on the market, some EMRs are more efficient than others, and deliver on the promise of improved functionality. Sadly, those are the minority. Some of the products on the market are so bad that doctors sued the companies that sold them the dysfunctional EMRs. There are health centers that have gone out of business while trying to implement inefficient EMRs. Primary care physicians have been pushed out of practice by EMRs, contributing to our primary care shortage.


So how do I feel about health care reform?


The Affordable Care Act was health insurance reform, and I like its provisions ensuring coverage.


The HITECH Act was health record reporting reform, replacing functional paper systems with what sadly, too frequently, have been dysfunctional electronic medical records.  I have a very disfavorable opinion of the impact of incentivizing the adoption of any old EMR, without requiring that EMRs meet basic functionality requirements.


Together, the ACA and HITECH Act created a destructive environment for primary care doctors, where we take longer to see fewer patients when there are more patients to be seen. The mismatch of time and need are burning us out.


But let’s not blame our health care woes on Obamacare. Let’s blame it on HITECH, and seek to improve the functionality and efficiency of our electronic health records. We don’t need to appeal the ACA. We need to improve the HITECH Act, and ensure all EMRs on the market meet minimum standards out of the package, and that all systems can talk to each other to facilitate information exchange and better clinical care. Then we’ll get a healthier America, with happier primary care doctors. And I have a very favorable opinion of that prospect.

more...
No comment yet.