Healthcare and Technology news
48.6K views | +1 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

New HIPAA Regulations in 2019

New HIPAA Regulations in 2019 | Healthcare and Technology news | Scoop.it

While there were expected to be some 2018 HIPAA updates, the wheels of change move slowly. OCR has been considering HIPAA updates in 2018 although it is likely to take until the middle of 2019 before any proposed HIPAA updates in 2018 are signed into law. Further, the Trump Administration’s policy of two regulations out for every new one introduced means any new HIPAA regulations in 2019 are likely to be limited. First, there will need to be some easing of existing HIPAA requirements.

 

HIPAA updates in 2018 that were under consideration were changes to how substance abuse and mental health information records are protected. As part of efforts to tackle the opioid crisis, the HHS was considering changes to both HIPAA and 42 CFR Part 2 regulations that serve to protect the privacy of  substance abuse disorder patients who seek treatment at federally assisted programs to improve the level of care that can be provided. Other potential changes to HIPAA regulations in 2018 included the removal of aspects of HIPAA that impede the ability of doctors and hospitals to coordinate to deliver better care at a lower cost.

 

These are the most likely areas for HIPAA 2019 changes: Aspects of HIPAA Rules that are proving unnecessarily burdensome for HIPAA covered entities and provide little benefit to patients and health plan members, and those that can help with the transition to value-based healthcare.

How are New HIPAA Regulations Introduced?

The process of making HIPAA updates is slow, as the lack of HIPAA changes in 2018. It has now been 5 years since there was a major update to HIPAA Rules and many believe changes are now long overdue. Before any regulations are changed, the Department of Health and Human Services will usually seek feedback on aspects of HIPAA regulations which are proving problematic or, due to changes in technologies or practices, are no longer as important as when they were signed into law.

 

After considering the comments and feedback, the HHS then submits a notice of proposed rulemaking followed by a comment period. Comments received from healthcare industry stakeholders are considered before a final rule change occurs. HIPAA-covered entities are then given a grace period to make the necessary changes before compliance with the new HIPAA regulations becomes mandatory and enforceable.

New HIPAA Regulations in 2019

OCR issued a request for information in December 2018 asking HIPAA covered entities for feedback on aspects of HIPAA Rules that were overly burdensome or obstruct the provision of healthcare, and areas where HIPAA updates could be made to improve care coordination and data sharing.

 

The period for comments closed on February 11, 2019 and OCR is now considering the responses received. A notice of proposed rulemaking will follow after careful consideration of all comments and feedback, although no timescale has been provided on when the NPRM will be issued. It is reasonable to assume however, that there will be some at least some new HIPAA regulations in 2019.

OCR was specifically looking at making changes to aspects of the HIPAA Privacy Rule that impede the transformation to value-based healthcare and areas where current Privacy Rule requirements limit or discourage coordinated care.

 

Under consideration are changes to HIPAA restrictions on disclosures of PHI that require authorizations from patients. Those requirements may be loosened as they are considered by many to hamper the transformation to value-based healthcare.

 

OCR is considering whether the Privacy Rule should be changed to make the sharing of patient data with other providers mandatory rather than simply allowing data sharing. Both the American Hospital Association (AHA) and the American Medical Association (AMA) have voiced their concern about this aspect of the proposed new HIPAA regulations and are against the change. Both organizations are also against any shortening of the timescale for responding to patient requests for copies of their medical records.

 

OCR is also considering HIPAA changes in 2019 that will help with the fight against the current opioid crisis in the United States. HHS Deputy Secretary Eric Hargan has stated that there have been some complaints about aspects of the HIPAA Privacy Rule that are stopping patients and their families from getting the help they need. There is some debate about whether new HIPAA regulations or changes to the HIPAA Privacy Rule is the right way forward or whether further guidance from OCR would be a better solution.

 

One likely area where HIPAA will be updated is the requirement for healthcare providers to make a good faith effort to obtain individuals’ written acknowledgment of receipt of providers’ Notice of Privacy Practices. That requirement is expected to be dropped in the next round of HIPAA changes.

 

What is certain is new HIPAA regulations are around the corner, but whether there will be any 2019 HIPAA changes remains to be seen. It may take until 2020 for any changes to HIPAA regulations to be rolled out.

Changes to HIPAA Enforcement in 2019

Halfway through 2018, OCR had only agreed three settlements with HIPAA covered entities to resolve HIPAA violations and its enforcement actions were at a fraction of the level in the previous two years. It was starting to look like OCR was easing up on its enforcement of HIPAA Rules. However, OCR picked up pace in the second half of the year and closed 2018 on 10 settlements and one civil monetary penalty – One more penalty than in 2018.

 

2018 ended up being a record year for HIPAA enforcement. The final total for fines and settlements was $28,683,400, which beat the previous record set in 2016 by 22%.

At HIMSS 2019, Roger Severino gave no indications that HIPAA enforcement in 2019 would be eased. Fines and settlements are likely to continue at the same level or even increase.

 

Severino did provide an update on the specific areas of HIPAA compliance that the OCR would be focused on in 2019. OCR is planning to ramp up enforcement of patient access rights. The details have yet to be ironed out, but denying patients access to their medical records, failures to provide copies of medical records in a reasonable time frame, and overcharging are all likely to be scrutinized and could result in financial penalties.

 

OCR will also be continuing to focus on particularly egregious cases of noncompliance – HIPAA-covered entities that have disregarded the duty of care to patients with respect to safeguarding their protected health information. OCR will come down heavy on entities that have a culture of noncompliance and when little to no effort has been put into complying with the HIPAA Rules.

 

The failure to conduct comprehensive risk analyses, poor risk management practices, lack of HIPAA policies and procedures, no business associate agreements, impermissible PHI disclosures, and a lack of safeguards typically attract financial penalties. OCR is also concerned about the volume of email data breaches. Phishing is a major problem area in healthcare and failures to address email security risks are likely to attract OCR’s attention in 2019.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

How Relevant CTI Can Be

How Relevant CTI Can Be | Healthcare and Technology news | Scoop.it

CTI stands for Computer Telephony Integration and it refers to any type of technology that allows computer and phone central functionalities to be interconnected resulting in an added value service portfolio.

 

In the beginning of the telephony era, you were not given the chance of dialing; you would simply “signal” a call center and a human operator would ask you what you required. Then once you stated you wanted to call someone, that human operator would establish a point-to-point connection between your terminal equipment (phone) and the destinations.

 

The funny thing is that nowadays, when you ask your smartphone’s personal assistant to call someone, the process as perceived by us humans is, in fact, the same, and we like it better than having to dial the number or look for the contact.

 

Phone Centrals have become Computers instead of the long-gone PBX backbones, nevertheless the integration of such computers (which perform the role of phone centers) with terminal equipment’s which are in fact computers (like smartphones) and computer software like CRM and ERP Servers or Cloud-based App Services has made the CTI concept more relevant by the day.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

What Does 2015 Have In Store For China's Healthcare Economy?

What Does 2015 Have In Store For China's Healthcare Economy? | Healthcare and Technology news | Scoop.it

For companies and investors working in China’s healthcare economy, it would be a mild understatement to say that 2014 was a year where the signal to noise ratio was pretty high. Lots of interesting new policies, but certainly also many ongoing disconnects between the best intentions by the central government, and what infrastructure and reimbursement mechanisms will actually benefit Chinese families and further incentivize industry.

Overall, with the exception of the jaw dropping fine the Chinese government levied on GSK, the government created lots of space for the private sector. This meant the market for medical devices, pharmaceuticals and new healthcare services across China remained strong. Companies benefited from being in China, and they will likely also benefit in 2015. Having said this, what are the most important issues within China’s healthcare economy that are going to present themselves in 2015? There are seven issues we are focusing on, which follow as questions companies and investors should monitor over the course of 2015.

1. Many of the biggest healthcare reforms are done, such as allowing foreign investment in hospitals and senior care as just two examples; but, what the healthcare economy needs now are more incremental but fundamental policy changes. A good example of this is the need to expedite reforms around allowing doctors to practice at multiple sites. Another good example of is around home healthcare, a sector where we have been working a lot over the last three years. China has made very positive steps forward to allow WFOE structures (100%, or Wholly Foreign Owned Enterprises), in healthcare and senior care; however, specific types of primary care, clinics and home healthcare remain within the purview of China’s Ministry of Health, with a regulatory scheme that does not know how to adequately discern between these different types of service providers. Consequently, companies who want to provide higher acuity healthcare services that cannot cost-effectively take place within a hospital setting, many times find themselves getting routed through a regulatory system originally designed to handle large hospital projects. These approval processes lack the sort of flexibility and streamlining that smaller footprint healthcare delivery models need. What happens in practice is either foreign companies end up operating outside of their formal license scope, or they get a cumbersome work-around approved from regulators that has too many gaps and dead ends. Most of this type of reform is needed on the healthcare delivery side of things, where China most needs foreign direct investment, but where regulations also lack the flexibility to adjust requirements based on the delivered service acuity.

2. Funding increases to the CFDA. Coming out of the December US-China Joint Commission on Commerce and Trade held in Chicago were some very positive commitments by China to address what pharmaceutical companies have called their China “drug lag.” This occurs when new therapies are not allowed into the China market because China’s FDA has standards inconsistent with those other countries have already harmonized around a set of global standards. This hurts Chinese patients and obviously burns precious time that newly patented medicines have to access the China market. Beyond the drug lag question, the same meeting in Chicago also yielded positive news on the country’s pledge to accelerate approvals for specific medical devices. These are promising developments that address some long-standing concerns that have been causing problems for western multinationals; however, what everyone needs to watch is whether or not the CFDA in turn receives the kind of additional budgeted funds to actually build the infrastructure, training programs and tracking systems that will ensure these promises are matched to newly developed capabilities. Absent these sort of major investments, the drug lag and sluggish device approvals could remain contentious issues.

3. Hospital funding, with specific attention to doctor’s pay. Of all the problems the last twenty-four months should have taught everyone interested in China’s healthcare economy, none is more important than the ongoing difficulties the country’s public hospitals have paying their bills, and how inadequate doctor compensation remains. The roots of every corruption scandal we have heard take place within China’s hospitals have these problems at their core: China’s public hospitals are sorely under-funded, and its doctors under-paid. Want to fundamentally address the corruption problem in China’s hospitals? Crackdowns like what happened between the summer of 2013 and the end of last year will only net short-term results. Longer-term reform requires doctors who do not have to seek out supplementary gray income from pharmaceutical companies, families and hospital management. One of the biggest problems in China’s public healthcare system is that the recent crackdown proves to be short-term, and the structural reimbursement and compensation problems are not addressed. If that proves to be the case, in another couple of years, the government will again be forced to make a lesson of another company, and in the mean time Chinese families will suffer.

4. On-line prescription sales get piloted. If you are broadly familiar with China, you will recognize the thinking about how China’s healthcare system, while badly behind today, could emerge with some really innovative and disruptive ideas simply because of the need for such drastic, paradigm-shifting ideas and the infrastructure paucity that exists today. This has happened in other sectors such as telecommunications, where China leap-frogged the west simply because China did not have to deal with legacy-issues. Could China achieve something similar in healthcare? If they can, one area to be watching is within the on-line sale of prescriptions. Lots of questions remain around this, including supervision and how distribution channels between businesses and consumers will be monitored. We have already seen Alibaba make public their intention for this to be one of the company’s strategic areas of focus over the next year, and a number of China’s largest pharmaceutical retailers are getting their own infrastructure prepared to deal with the point of sale, oversight and delivery requirements. Watch this space closely, because it has the potential to also address a major thorn in the side of China’s public healthcare: how and where primary care is accessed (or, as the case tends to be, how it is not accessed).

5. Telemedicine is getting ready to be a huge platform in China. We already know that Alibaba and Ping’an are making investments in telemedicine. This is because for on-line pharmaceutical sales to be legal in China, a doctor’s consult is still required. Think that is purely a formality? In the short-term it could be. But in the long-term, this could prove to be an important step in re-directing how and where Chinese families seek out initial primary care consultations. Today, too much of this happens within the public hospital system. Tomorrow, it is entirely possible telemedicine could provide Chinese families with the ability to get basic primary care services. The integration between telemedicine, on-line prescription sales, on-line scheduling of follow-up diagnostic or specialty physician appointments, and electronic medical records could be a game changer for China’s healthcare system.

6. Does the Chinese government expand the yia bao (China’s version of Medicare) and allow foreign, for-profit hospitals to benefit? China deserves a lot of respect for how much progress it has made with coverage levels of its national insurance plan (now at 98% of the country’s population). Cynics are quick to point out how little this plan actually covers; those more positive about this view the national insurance plans as a foundation upon which the government can build. 2015 needs to be a year where the amount of coverage increases (which will inevitably put more pressure on things like what is included on the Essential Drug List), where new procedures are covered, and where more flexibility around where a consumer chooses to use their government plan is accommodated.

7. Will the government, either through its Anti-Monopoly Laws (AML) or anti-corruption probes, focus on any more domestic or foreign companies within the pharmaceutical or medical device sectors? For all the hand wringing about how the GSK crisis was going to impact multinationals, as of today the waters have calmed down. Will additional AML or anti-corruption cases drop in 2015? Perhaps. If they do, three things will be important. First, does the Chinese government follow-through on its commitment made in Chicago last December to allow foreign companies to bring counsel in with them when the company in question is facing a government board for a potential AML case? Second, how do the cases balance out between foreign and domestic companies? Third, is the nature of the behavior egregious or does it reflect the “rules of the road” for what companies have found is required to do business in China?

For most of the last twenty years, pharmaceutical companies could count on their growth rate within China to roughly be double that of the country’s growth rate. An 11% GDP growth rate meant your baseline for growth that year was 22%, and a number of companies out-performed this. Now, with China’s more concerted effort to build a sustainable healthcare system, the government has turned its attention on price controls, reimbursement policies, and tendering methods that all work to control costs while also expanding access. Overall, the most critical factor to positive growth within China’s healthcare system is out of any company’s control: the stability of China’s economy.

Policy makers in China deserve an enormous amount of credit for successfully navigating two economic crises not of their making (the 1997 Asian financial crisis, and the 2008 American Great Recession). What remains to be seen is how the country will navigate a structural financial crisis entirely of its own making, a process that may very well be underway now. Should China’s central government find itself having to shuffle around the state’s financial resources away from planned healthcare spending towards supporting banks alongside municipalities and SOEs with bad debt, the planned public investment in China’s healthcare system could falter. This would cloud the picture for investors and companies in this sector simply because in such a moment, the Chinese government could again come to believe that it was in the Party’s best interest to re-direct popular frustration away from the government, towards business.   The resulting shift in China’s political winds could greatly complicate the efforts multinationals and institutional investors have made in China and make the turmoil of the last eighteen months pale in comparison.


more...
No comment yet.
Scoop.it!

These 6 Healthcare Cybersecurity Tips Could Save You Thousands

These 6 Healthcare Cybersecurity Tips Could Save You Thousands | Healthcare and Technology news | Scoop.it

n 2017 alone there were more than 330 data breaches in the US medical and healthcare sector, which exposed 4.93 million patient records.

 

What’s more, data breaches in the healthcare sector are among the most costly with the average breach costing $408 per stolen record. In comparison, the global average of other industries across the world is $148 per record. The medical and healthcare industry in the United States is particularly vulnerable to data breaches. Here are a few reasons why:

  • Healthcare organizations store a high volume of patient records with valuable and private data
  • A lack of mobile security protocols with the BYOD (Bring Your Own Device) trend makes it easier for hackers to breach a network.
  • IoT medical devices and other popular technologies in the healthcare industry like multi-cloud IaaS or SaaS environments provide cybercriminals with more opportunities to hack into a network.
  • The healthcare industry is one of the lowest performing industries when it comes to endpoint security, and the sector as a whole ranks poorly in terms of cybersecurity strength compared to other major industries, making it an easier target for cybercriminals.

 

Chances are you don’t want to spend $50,000 or more in fines for a HIPAA violation, so it’s more critical than ever for you and your healthcare organization to implement the required cybersecurity protocols to ensure you’re protecting sensitive patient data from cybercriminals and hacks.

 

Here’s how you can improve your IT security and make sure you’re implementing healthcare security best practices.

1. Ensure All Employees are Properly Trained

One of the best ways to prevent the risk of data breaches is to make sure all employees and contractors receive the training they need to meet HIPAA requirements and keep data safe.

A proper employee training program will include factors such as:

  • Disaster Response
  • Fire Response (RACE) and Prevention
  • Workplace Violence Prevention and Response
  • VIP Security Control
  • EMTALA (Emergency Medical Treatment and Labor Act)
  • Command Center Operations
  • HIPAA Controls and Compliance
  • Training on The Joint Commission and other Accrediting Bodies
  • Crime Prevention
  • Safety Compliance

What’s more, your training program should go beyond initial training to provide frequent updates to your employees so they can stay on top of the latest trends and threats.

Download the Free HIPAA Regulation Checklist

2. Prioritize Real-Time Evaluation and Response

Want to save your organization thousands of dollars every year? A study by Ponemon Institute discovered that IT teams wasted 425 hours per week trying to solve false negatives and false positives. Healthcare organizations saved an average of $2.1 million yearly by implementing a system where IT teams were able to evaluate security posture in real time, patch all devices for known vulnerabilities, and proactively address emerging threats with data controls and/or patch distribution. This also increases your chances of preventing the risk of an expensive cyber-attack.

3. Leverage the Power of Automation

Since many healthcare organizations are decentralized, it can be more difficult to coordinate software patching and updates. To make sure software updates are fast but thorough, leverage the power of automation where possible to eliminate any vulnerabilities a cybercriminal might exploit.

4. Restrict Access When Needed

Even though employee training is critical, ensuring that your employees can only access sensitive or critical data on a need-to-know basis is another healthcare security best practice.

 

All data should be stored in a centralized location that is protected by a role-based access control system. Those with access should only see what they need to do their jobs and once the information is no longer required access should be removed automatically.

 

Moreover, technologies should be implemented to track and analyze data access as a way to spot suspicious activities.

5. Have a Disaster Recovery Plan in Place

To comply with HIPAA Security, you must have a disaster recovery plan in place and ways to recover and maintain ePHI (electronic Protected Health Information) in case of an emergency. That means you should be backing up all files regularly so data restoration can be quick and easy. A good rule of thumb is to back up your data both locally and remotely (ex: on a recovery disc as well as on a cloud-based server) and you should aim to store all backed-up information away from the main system whenever possible.

6. Encrypt All Data

Data encryption makes sensitive information unreadable, which makes it much harder for cybercriminals to gain access to that data even if a network is hacked or a mobile device is missing or stolen.

 

It’s also important to make sure that all data is encrypted not only when it is at rest (being stored) but also when it is in motion (ex: sending an email). This way sensitive information is protected at all times.

 

Since the healthcare industry is one of the most frequent targets for cybercriminals and one of the most expensive when it comes to addressing a data breach, it’s vital to implement these healthcare security best practices and stay on top of the latest trends in IT security. Help your organization avoid the risk of data breaches and costly fines and give yourself peace of mind knowing that all HIPAA requirements are being met and your patients can trust their sensitive information in your hands.

 

Following these tips will help keep your healthcare company safe and reduce the risk of expensive cybersecurity threats.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

HIPAA Physical Security is Just as Important as Cyber-Security

HIPAA Physical Security is Just as Important as Cyber-Security | Healthcare and Technology news | Scoop.it
HIPAA Physical Security is Just as Important as Cyber-Security

There are many misconceptions when it comes to HIPAA and security controls for covered entities. While security is related to technical measures such as encryption, firewalls, and security risk assessments, it also addresses physical and administrative safeguards that must be in place to protect patient information. In order to comply with HIPAA regulation, healthcare organizations must address each standard and safeguard outlined in the HIPAA Security Rule.

 

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has now released new information further emphasizing the importance of physical safeguards for healthcare organizations across the country. HIPAA not only requires technical controls to protect the confidentiality, integrity, and availability of protected health information (PHI) but also proper physical security controls.

 

Physical safeguards are generally seen as the simplest and cheapest forms of protecting PHI, yet many organizations tend to overlook this important element of security. There are even some physical security controls that cost nothing- such as simply locking up portable electronic devices when they are not in use (laptops, portable storage devices, and pen drives).

 

Although this may seem like a very basic form of security, it is one of the most effective ways of preventing theft. To illustrate the importance of HIPAA physical security safeguards, OCR focuses on a 2015 HIPAA settlement with Lahey Hospital and Medical Center that affected 599 patients. This breach and subsequent HIPAA fine were triggered by the theft of an unencrypted laptop from the Tufts Medical School-affiliated teaching hospital.

 

The laptop was stolen from an unlocked treatment room off an inner corridor of the radiology department and contained ePHI. Lahey Hospital was fined $850,000 for failing to implement physical controls–a high price to pay for something that could have been avoided if some simple physical security safeguards were in place.

 

Prior to the Lahey Hospital settlement, QCA Health Plan paid $250,000 to OCR in 2014 for potential HIPAA violations. QCA Health Plan neglected to implement physical safeguards for all workstations to restrict access to ePHI to authorized users only. In this case, an unencrypted laptop was stolen from an employee’s vehicle.

 

Massachusetts Eye and Ear Infirmary (MEEI) also settled a HIPAA violation with OCR in 2012 for $1.5 million. Again, this incident was related to the theft of an unencrypted laptop, resulting in the exposure of patients’ ePHI.

 

In 2016, Feinstein Institute for Medical Research settled potential HIPAA violations with OCR for $3.9 million. Feinstein Institute failed to physically secure a laptop that was stolen from an employee’s vehicle containing the ePHI of 13,000 patients.

 

In July 2016, the University of Mississippi Medical Center was fined $2,750,000 for a failure to implement HIPAA physical security safeguards. An unencrypted laptop that contained ePHI of approximately 10,000 patients was stolen from its Medical Intensive Care Unit.

Preventing HIPAA Physical Security Breaches

It is up to covered entities and their business associates to decide on the most appropriate physical security safeguards that will protect their patients’ ePHI. One way organizations can implement these physical security controls is by adopting an effective compliance program.

 

Compliance Group gives health care organizations confidence in their HIPAA compliance with The Guard. The Guard is our HIPAA compliance web-app that covers every element of HIPAA compliance.

 

Our Compliance Coaches will guide users through every step of their compliance program with the help of our HIPAA compliance web-app. The Guard is built to address the full extent of HIPAA regulation, including everything needed to implement an effective HIPAA compliance program that will help safeguard your practice from violations and fines.

 

With The Guard, health care professionals will not only address their physical security safeguards but the technical and administrative safeguards as well, along with the other HIPAA requirements.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...