Healthcare and Technology news
48.6K views | +1 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

How do I report an unsecured Protected Health Information (PHI) Breach?

How do I report an unsecured Protected Health Information (PHI) Breach? | Healthcare and Technology news | Scoop.it

Have you had a HIPAA Breach?  Here's how you report it.

If you are a covered entity and have experienced the loss or theft or accidental disclosure of unsecured or unencrypted Protected Health Information (PHI), you have most likely had a HIPAA Breach. As a covered entity you must undergo specific breach notification procedures as per HIPAA law,  if you discover a breach of unsecured protected health information.  You may need to invoke your incident response plan and involve your attorney depending on the size and nature of the breach.

Step 1- Notify the Secretary of Health and Human Services (HHS)

Your obligations for breach notification to the secretary differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals. If you are unsure how many individuals are affected at the time of submission, provide an estimate.  If the breach affects 500 or more individuals, you need to report the breach to the Secretary no later than 60 days of discovering the breach.

Once HHS receives your breach notification, your information along with some information of the breach will be published on the HHS Breach Portal, also known as the "Wall of Shame".  The Office of Civil Rights (OCR) will then open an investigation.

Step 2- Providing additional information after a breach has been reported

If you discover additional information, submit updates as necessary. If only one option is available in a submission category you should pick the best option, and may provide additional details in the free text portion of the submission.

If you discover additional information that supplements, modifies, or clarifies a previously submitted notice to the Secretary, you may submit an additional form by checking the appropriate box to indicate that it is an addendum to the initial report, using the transaction number provided after submitting the initial breach report.

Step 3- Notify the affected individuals

  1. It is your responsibility to notify each individual of the breach of their PHI, either by notifying them via first class mail, or if they have given permission, you may notify them via email. This notice must include a description of the breach, including the information involved in the breach, steps the individual can take to protect themselves and a summary of the steps you are taking to investigate the breach and what you are doing to prevent future breaches. 

 

What if I don’t have the contact information for Affected Individuals?

 

  1. If contact information for 10 or more individuals is incorrect, you must provide a public notice or media notification in the residential area of those affected individuals, providing them with an 800 number they can call to find out if their information was included in the breach. This number must remain active for a minimum of 90 days.  These individual notices may be substituted by providing notice on your website for a minimum of 90 days or by issuing a media statement notifying the public of the breach.

 

If the Breach Affects 500 or More Individuals:

 

3. If a breach of unsecured protected health information affects 500 or more individuals, you must notify the Secretary of HHS of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.  You must submit the notice electronically by clicking on the link below and completing all the required fields on the breach notification form.  

Step 4- Notify the media and update your website 

If the breach affects 500 or more individuals, you need to report the breach to prominent media outlets in the areas where affected or potentially affected individuals reside.  This helps inform all breach victims of the possibility of the exposure of their protected health information.  

If you do not have up-to-date contact information or addresses of 10 or more affected individuals, then you need to update your website with a notice of the breach.  A link to the breach notice must be prominently visible on your home page.

Step 5- Notify HHS annually of breaches affecting fewer than 500 individuals

If a breach of unsecured protected health information affects fewer than 500 individuals, you must notify the Secretary of the breach within 60 days of the end of the calendar year in which the breach was discovered. (You are not required to wait until the end of the calendar year to report breaches affecting fewer than 500 individuals; you may report such breaches at the time they are discovered.) You may report all your breaches affecting fewer than 500 individuals on one date, but you must complete a separate notice for each breach incident. The covered entity must submit the notice electronically by clicking on the link below and completing all of the fields of the breach notification form.

 

Other considerations

  • Be aware that your state may have more stringent breach notification procedures compared to the Federal Government. 
  • Be cognizant of the timeline of breach notification; delays in notification can cause fines and penalties to be levied.
  • Business Associates are also subject to the Breach Notification Rule. Business Associates must inform covered entities within 60 days of discovering the breach.  Business Associates must comply with requirements specified in their Business Associate Agreement with the covered entity.
  • Contact HHS OCR with questions toll-free at: 1-800-368-1019, TDD: 1-800-537-7697 or send an email to OCRPrivacy@hhs.gov
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Do doctors really hate Obamacare?

Do doctors really hate Obamacare? | Healthcare and Technology news | Scoop.it

Anti-Obamacare critics often claim that “every” physician they know hates Obamacare. For instance, pediatric neurosurgeon and GOP Presidential candidate Dr. Ben Carsontold Fox News that “he’s spoken to hundreds of doctors throughout the country about the Affordable Care Act, and not one of them ‘liked’ President Barack Obama’s signature health care law.”

Doctors hate Obamacare, it’s alleged, because it authorizes government to “control” the practice of medicine and impose “rationing” of care, thereby harming patients.  The conservative Examiner website quotes a New Jersey family physician, Dr. John Tedeschi as saying, “Just as a guitar string has to be tuned, so does a person’s health to get the right tone. The government has taken away, or refocused the intelligence part of the tuning, and has just about destroyed the creative, or compassion component. Now, with Obamacare, we are left with an incompetent mechanism that does not have the best interest of the patient in mind.”  An ER physician quoted in the articles said that the “storm of patients [created by Obamacare] means when they can’t get in to see a primary care physician, even more people will end up with me in the emergency room.”

There is no question that some doctors (mainly conservatives) hate Obamacare, and if they were the only ones you talked to (like the ones who apparently talked to Dr. Carson), you might think that all doctors feel the same way. But the reality is that — surprise, surprise! — primary care physicians’ views are just like the rest of us, split by their partisan leanings.


A new survey by the respected Kaiser Family Foundation found that 87 percent of Democratic-leaning physicians view Obamacare favorably, while the exact same percentage of GOP-leaning physicians view it unfavorably. Independent doctors split 58 percent unfavorable to 42 percent favorable.  Because there were more GOP and independent physicians among the survey respondents, the overall breakdown of primary care physicians’ views on the ACA is  52 percent unfavorable to 48 percent favorable.  Yet only 26 percent of all primary care physicians viewed the law “very unfavorably. “  So it might be said that just one out of four primary care physicians “hate” Obamacare.

And a deeper dive into the survey results directly refutes the contention of anti-Obamacare doctors that the law is leading to poorer quality, physicians turning away patients, or longer waits for appointments:


  • Most primary care physicians say that quality has stayed the same: 59 percent said that their ability to provide high-quality care to their patients has stayed about the same, while 20 percent said it has improved, and 20 percent said it has gotten worse.
  • More primary care physicians report that Medicaid expansion has had a more positive impact on quality than a negative one: “When asked more specifically about the expansion of Medicaid under the ACA, nearly four of 10 providers (36 percent of physicians and 39 percent of nurse practitioners and physician assistants) said the expansion has had a positive impact on providers’ ability to provide quality care to their patients. About two of 10 said it has had a negative impact, and the remainder said it has not made a difference, or they are not sure.”
  • Ease of getting same-day appointments is about the same as before the ACA: “Overall, about four of 10 primary care providers said almost all their patients who request a same- or next-day appointment can get one; another quarter said most of their patients can get such appointments” which is largely unchanged from 2009 and 2012.
  • Most continue to accept new patients: “A large majority of primary care providers (83 percent of physicians, 93 percent of midlevel clinicians) said they are currently accepting new patients . . . A survey conducted in late 2011 through early 2012 found that 89 percent of primary care physicians were accepting new patients and 52 percent were accepting new Medicaid patients.  This indicates that while physicians’ rates of accepting new patients overall may have declined slightly since the ACA coverage expansions went into effect, acceptance rates for Medicaid have remained about the same.”


When asked specifically about their views on the impact of the Affordable Care Act on five dimensions, the ACA fared well, with one exception (costs to patients).


  • Access to health care and insurance in the country overall: 48 percent positive, 12 percent no impact,  24 percent negative, and 14 percent not sure.
  • Overall impact on practice: 31 percent reported no impact, 23 percent a positive  impact, 36 percent negative  and 9 percent not sure.
  • Quality of care their patients receive: 50 percent reported no impact, 18 percent positive, 25 percent negative, and 6 percent not sure.
  • Ability of the practice to meet patient demand: 44 percent no impact, 18 percent positive, 25 percent negative, and 10 percent not sure.
  • Cost of health care for their patients: 17 percent no impact, 21 percent positive, 44 percent negative, and 16 percent not sure.


However, “physicians’ responses to questions that mention the ACA by name are deeply divided along party lines. For example, by a three-to-one margin, physicians who identify as Democrats are more likely to say the ACA has had a positive (44 percent) rather than a negative (15 percent) impact on their medical practice overall. Republican physicians break in the opposite direction by about seven-to-one (57 percent negative, 8 percent positive).”

The survey also does not support the contention that the ACA is contributing to primary care physician dissatisfaction with practice and burn-out:


“Even though providers with different political affiliations do not share views about the Affordable Care Act, a large majority of primary care providers (83 percent of physicians and 93 percent of nurse practitioners and physician assistants) — both Republicans and Democrats — reported they are very or somewhat satisfied with their medical practice overall. The changing environment does not appear to be affecting overall provider satisfaction even among providers who see a larger share of Medicaid patients or work in Medicaid expansion states. Indeed, current satisfaction levels are slightly higher than what was reported by primary care physicians before the ACA. In 2012, 68 percent of primary care physicians reported they were very satisfied or satisfied with practicing medicine.”


Interestingly, Democratic physicians (56 percent) are more likely to recommend a career in primary care than Republicans (39 percent)  or Independents (40 percent).


I know that many conservative primary care doctors have a strong and principled objection to Obamacare, believing  passionately that it gives the government too much power and the physicians, and their patients will be hurt as a result.  I (and ACP) may not agree with them, but I respect their views, and their right to make their case to their colleagues and to the public.


But the Kaiser Family Foundation survey shows us that the anti-Obamacare doctors do not represent the views and experience of most primary care doctors on the front lines, never mind “all” of them.  Doctors (at least those in primary care, who knows about surgeons?) clearly don’t “hate” Obamacare.  Rather, more of them see Obamacare as doing some good things, like improving access; and doing not as well on other things, like lowering costs to patients.  Much of what they do and see in their practices remains unchanged by it, for good or bad.


And that strikes me about right, Obamacare is making many things better, but there is a lot more that needs to be done to improve quality and access, lower costs to patients, and sustain and support primary care.  Of course, such nuances do not make for as good a headline or political talking point as “Doctors Hate Obamacare.”

more...
No comment yet.
Scoop.it!

These 6 Healthcare Cybersecurity Tips Could Save You Thousands

These 6 Healthcare Cybersecurity Tips Could Save You Thousands | Healthcare and Technology news | Scoop.it

n 2017 alone there were more than 330 data breaches in the US medical and healthcare sector, which exposed 4.93 million patient records.

 

What’s more, data breaches in the healthcare sector are among the most costly with the average breach costing $408 per stolen record. In comparison, the global average of other industries across the world is $148 per record. The medical and healthcare industry in the United States is particularly vulnerable to data breaches. Here are a few reasons why:

  • Healthcare organizations store a high volume of patient records with valuable and private data
  • A lack of mobile security protocols with the BYOD (Bring Your Own Device) trend makes it easier for hackers to breach a network.
  • IoT medical devices and other popular technologies in the healthcare industry like multi-cloud IaaS or SaaS environments provide cybercriminals with more opportunities to hack into a network.
  • The healthcare industry is one of the lowest performing industries when it comes to endpoint security, and the sector as a whole ranks poorly in terms of cybersecurity strength compared to other major industries, making it an easier target for cybercriminals.

 

Chances are you don’t want to spend $50,000 or more in fines for a HIPAA violation, so it’s more critical than ever for you and your healthcare organization to implement the required cybersecurity protocols to ensure you’re protecting sensitive patient data from cybercriminals and hacks.

 

Here’s how you can improve your IT security and make sure you’re implementing healthcare security best practices.

1. Ensure All Employees are Properly Trained

One of the best ways to prevent the risk of data breaches is to make sure all employees and contractors receive the training they need to meet HIPAA requirements and keep data safe.

A proper employee training program will include factors such as:

  • Disaster Response
  • Fire Response (RACE) and Prevention
  • Workplace Violence Prevention and Response
  • VIP Security Control
  • EMTALA (Emergency Medical Treatment and Labor Act)
  • Command Center Operations
  • HIPAA Controls and Compliance
  • Training on The Joint Commission and other Accrediting Bodies
  • Crime Prevention
  • Safety Compliance

What’s more, your training program should go beyond initial training to provide frequent updates to your employees so they can stay on top of the latest trends and threats.

Download the Free HIPAA Regulation Checklist

2. Prioritize Real-Time Evaluation and Response

Want to save your organization thousands of dollars every year? A study by Ponemon Institute discovered that IT teams wasted 425 hours per week trying to solve false negatives and false positives. Healthcare organizations saved an average of $2.1 million yearly by implementing a system where IT teams were able to evaluate security posture in real time, patch all devices for known vulnerabilities, and proactively address emerging threats with data controls and/or patch distribution. This also increases your chances of preventing the risk of an expensive cyber-attack.

3. Leverage the Power of Automation

Since many healthcare organizations are decentralized, it can be more difficult to coordinate software patching and updates. To make sure software updates are fast but thorough, leverage the power of automation where possible to eliminate any vulnerabilities a cybercriminal might exploit.

4. Restrict Access When Needed

Even though employee training is critical, ensuring that your employees can only access sensitive or critical data on a need-to-know basis is another healthcare security best practice.

 

All data should be stored in a centralized location that is protected by a role-based access control system. Those with access should only see what they need to do their jobs and once the information is no longer required access should be removed automatically.

 

Moreover, technologies should be implemented to track and analyze data access as a way to spot suspicious activities.

5. Have a Disaster Recovery Plan in Place

To comply with HIPAA Security, you must have a disaster recovery plan in place and ways to recover and maintain ePHI (electronic Protected Health Information) in case of an emergency. That means you should be backing up all files regularly so data restoration can be quick and easy. A good rule of thumb is to back up your data both locally and remotely (ex: on a recovery disc as well as on a cloud-based server) and you should aim to store all backed-up information away from the main system whenever possible.

6. Encrypt All Data

Data encryption makes sensitive information unreadable, which makes it much harder for cybercriminals to gain access to that data even if a network is hacked or a mobile device is missing or stolen.

 

It’s also important to make sure that all data is encrypted not only when it is at rest (being stored) but also when it is in motion (ex: sending an email). This way sensitive information is protected at all times.

 

Since the healthcare industry is one of the most frequent targets for cybercriminals and one of the most expensive when it comes to addressing a data breach, it’s vital to implement these healthcare security best practices and stay on top of the latest trends in IT security. Help your organization avoid the risk of data breaches and costly fines and give yourself peace of mind knowing that all HIPAA requirements are being met and your patients can trust their sensitive information in your hands.

 

Following these tips will help keep your healthcare company safe and reduce the risk of expensive cybersecurity threats.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.