Healthcare and Technology news
51.3K views | +3 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

What is HIPAA And How To Comply With The HIPAA Security Rule

What is HIPAA And How To Comply With The HIPAA Security Rule | Healthcare and Technology news | Scoop.it

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US legalization that requires healthcare professionals and institutions to secure health information from deletions and data breaches.

 

This law has become relevant in today’s dental practice due to increased data breaches caused by ransomware and cyber attacks.

 

The law’s requirements on HIPAA can be demanding and challenging to understand, but we’ve made it easy for you below. There are three areas you need to be compliant with HIPAA.

 

• PHYSICAL – these are measures that prevent loss of devices and physical theft on medical information e.g. keeping workstations away from the public eye and limiting physical access to computers.

 

• ADMINISTRATIVE – measures that make sure patient data is accessible to authorized personnel and is correct. For example, identifying which employees have access to medical information.

 

• TECHNICAL – these are measures that protect your devices and networks from unauthorized access and data breaches e.g. encrypting files that you upload to a cloud or send via email.

 

The components above represent every aspect of your dental practice from your record-keeping and policies to your building safety and technology.

 

HIPAA also requires all your staff members to work together to protect patient data and be on the same page.

 

HIPAA COMPLIANCE

 

The administrative, physical, and technical requirements for HIPAA security may be a lot of information for you to take in.

 

Additionally, it can be overwhelming for you to handle its compliance in your dental practice solely.

 

To make it easier, HIPAA compliance is an organization-wide issue. This means all your employees will have to understand and know their role in securing dental information.

 

Alternatively, you can outsource your HIPAA compliance to consultants, web services, and IT contractors.

 

This ensures your dental practice meets the required standards and makes your life easier.

 

However, outsourcing your HIPAA responsibilities doesn’t mean you ignore your legal obligations.

 

Your company should always stay on top of any HIPAA changes in recommendations and adopt advanced practices to improve medical information security.

 

Ultimately, ensure your dental practice upgrades all its old technology for better and efficient systems that contribute to medical information security.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

No dilemma for innovators in healthcare

No dilemma for innovators in healthcare | Healthcare and Technology news | Scoop.it

The big trends in healthcare today are rising consumerism, a shift to value-based care, emerging data sources, and the use of advanced technologies for improving care delivery and reducing costs. There is unprecedented innovation opportunity in the digital transformation of healthcare.

 

At a recent industry event, I moderated a panel discussion on innovations in health care with a group of technology innovators and healthcare veterans. We all agreed that technology-led innovation was accelerating rapidly, but the innovation landscape had a set of unique challenges as well. In this post, I share some of the key thoughts from the discussion.

The market landscape for healthcare innovation

In the past few years, we have seen several significant changes in the market for technology-led innovation in health care. Here are some important trends.

 

  • A shift towards the virtualization of health care. Many routine health care services are now available on your smartphone – a perfect example would be urgent care visits or routine consultations. According to one report, there are over 300,000 health apps in the Apple and Android stores. However, only a small number have reached critical mass, indicating that consumer preferences for virtual care are changing slowly.
  • Huge amounts of venture capital pouring into digital health: $11.5 billion in 2017, according to one report. The first quarter of 2018 has seen continued investments in digital health, serving as a validation of the promise of digital health innovation and the opportunities in the digital transformation in health care. At the same time, many of these startups are struggling, exits are not keeping pace with expectations, and a few that have raised very large amounts of money, such as Outcome Health, have gotten into trouble for trying to find short-cuts to growth and profitability.
  • Innovations from big technology firms are also struggling to gain traction. Recent troubles at IBM’s Watson Health business which has reportedly laid off significant numbers of employees in the face of market and organizational challenges indicate a deeper problem for the business model itself.
  • New data sources such as genomics, wearables and social determinants are driving a whole new way of managing patient populations. Unstructured data, such as clinical notes, is now the new goldmine that people are digging into, with the help of emerging technologies such as AI. Other emerging technologies, like blockchain, are still in early stages but with great potential. However, data interoperability, especially with the big electronic health record (HER) systems like Epic and Cerner, remains a challenge.
  • We are in the early stages of breakthroughs such as gene-editing with CRISPR (powered by massive data analytics capabilities) that are likely to transform healthcare, along with an explosion in smart sensors and wearables. Other technologies, such as augmented reality (AR) and virtual reality (VR) are in very early stages but show enormous potential in transforming the way healthcare is delivered in the future.

Health care’s innovation focus and the players

A recent survey by Modern Healthcare indicates that health care consumerism is the no. 1 area for innovations, followed by clinical practice, or care delivery, and payment reform or alternate payment models. Most respondents in the survey felt that innovation was accelerating.

 

Data from Rock Health, a venture capital (VC) firm, lines up with the survey responses. While disease diagnosis and treatment remain significant focus areas, consumer empowerment is emerging as a strong funding category, confirming the rise of consumerism in health care. As healthcare shifts progressively away to virtual care delivery models, interest in telemedicine, remote monitoring, and alternate care delivery models continue to drive innovation.

 

It’s not just VC firms that are funding and driving technology-led innovation in health care. We are seeing health systems getting into the innovation game themselves by setting up funds.

 

Examples include Partners Healthcare, UPMC, Intermountain and Mayo Clinic, to name a few. While these funds are relatively small, the opportunity for promising startups with innovative solutions to accelerate the path to product validation and market acceptance improves with the support of the sponsoring health system.

 

We are also seeing some non-traditional partnerships emerging. The big announcement earlier this year by Amazon and Berkshire Hathaway, and the more recent announcement by a consortium of healthcare companies to invest in blockchain technology are examples.

 

Despite health care's reputation as a slow follower of technology, the innovation ecosystem is buzzing. In my book, the Big Unlock, I refer to four categories of technology solution providers: The Custodians such as the EHR vendors, who have the data and the workflow; the Enablers, which are big companies like Google, Microsoft, and Salesforce who have invested in health cloud infrastructures that can be rented for building digital health experiences; the Arbitrageurs, which include global consulting and technology services firms who rely on information and labor arbitrage for developing and delivering technology solutions; and finally the Innovators, which include the hundreds of startups and VC-funded companies who are developing entirely new ways to deliver health care. Every one of these categories is innovating in their own way.

 

At the heart of the innovation ecosystem is a final category of innovators, namely the healthcare enterprises. Leading health systems are innovating with health care delivery models and pricing/contracting models and are using technology to enable their digital transformation.

Into the great wide open

Despite all the activity and the fierce competition, there is good news for innovators; the market is wide open, and there is no single dominant entity in the digital health innovation landscape. Each of the categories of technology providers I refer to have their unique strengths and many would like to become that one dominant solution provider of choice.

 

While it does not seem likely that we will see a dominant digital health innovator in the near term, the window of opportunity for innovators is narrowing. As the high value “white spaces” get filled up and the risks of failure increase, VCs are committing larger and larger amounts of funding to more mature companies in the hope of a successful exit. New entrants in the innovation landscape will either need to find new white spaces or build “better mousetraps” to challenge well-capitalized incumbents on their turf. At the same time, as the pace of exits picks up, VC firms will look for new investment opportunities for their liquidation gains. For now, it’s best for digital health innovators to operate with an abundance mindset. It’s an “all you can eat” world out there. 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Study: Nearly half of patients would withhold data from providers

Study: Nearly half of patients would withhold data from providers | Healthcare and Technology news | Scoop.it

Nearly half of patients participating in a trial looking at patient control of the medical records withheld clinically sensitive information from some or all of their care team.

The Regenstrief Institute, Indiana University School of Medicine and Eskenazi Health (formerly Wishard Health Services) conducted the six-month trial involving 105 patients at a primary care clinic. Patients were allowed to designate who could see their records, including information on sexually transmitted diseases, substance abuse or mental health.

Patients were able to hide some or all of their data from some or all providers--and 49 percent of them did. However, healthcare providers were able to view the hidden data, if they felt the patient's healthcare required it, by hitting a "break the glass" button on their computer screens, according to an announcement.

While patients strongly favored control over their records, providers had mixed reactions. In the trial, 54 percent of providers said patients should be able to control who can see their electronic health record data; 58 percent said restricting providers' access could be harmful to the patient-physician relationship; and 71 percent said withholding data in the EHR would have a negative impact on the quality of care.

The five research papers from the trial, including a point-counterpoint, make up the January 2015 supplement to the Journal of General Internal Medicine.

The growing ability to collect different data sets on patients has been both a curse and a blessing for the industry.

Since recommending that social and behavioral data be included in EHRs, the Institute of Medicine has a committee working out exactly which pieces of information it considers most relevant to health. It has winnowed its recommendations down to 11, including educational attainment, financial resource strain, stress, depression, physical activity, social isolation, and intimate partner violence.

However, a provider's use of an electronic health record can cause a patient to clam up for fear that the data won't be secure, according to a study in the Journal of the American Medical Informatics Association (JAMIA).

In addition, data segmentation poses a problem in EHRs, with teen privacy a particular challenge. Providers, however, worry that without segmentation capabilities, patients will be reluctant to divulge facts about themselves that could have a vital bearing on their care.



No comment yet.
Scoop.it!

Telemedicine and HIPAA 

Telemedicine and HIPAA  | Healthcare and Technology news | Scoop.it

The digital age has presented numerous benefits for a variety of economic sectors with the health industry among the biggest winners.

 

From faster communication between patients and health professionals to better service delivery, health organizations have seen improvements in a variety of daily operations.

 

Sadly, the digital age is a double-edged sword, and as more health organizations use the latest technology, there is the looming threat of poor data security.

 

Threats such as the WannaCry ransomware attacks, which have wreaked havoc on the economy to date, are a constant reminder that data security should be a priority for organizations looking to leverage advancements in technology.

 

For instance, while telemedicine promises improved service delivery, it introduces a security complexity.

 

HIPAA (Health Insurance Portability and Accountability Act) regulations have been a cornerstone for setting and raising the security standards in healthcare, and telemedicine might actually make it easier for health organizations to remain compliant.

 

At the same time, a lot has to be done to improve the security loopholes presented by such technologies.

 

Here are how HIPAA and Telemedicine fit with each other and the things that need to be done for better data security.

The Constant Threat Of A Data Breach

Data collected by health organizations can be a gold mine for most threat actors. Some of the Protected Health Information (PHI) data include personal addresses, names, medical history, identification numbers, and even credit card numbers.

 

In the wrong hands, these data can be used for identity theft, for buying medical supplies fraudulently, or even holding health data at ransom as in the case of WannaCry attacks.

 

The sad truth is that ePHI will be at the disposal of threat actors unless the right security controls are put into place.

 

First, unless internal organization systems are strong enough, it can be easy for hackers to gain access to networks or even user accounts. In some cases, they may only need to access a low-level user account before escalating their privileges.

 

Second, when it comes to third party business stakeholders, failing to pick security-concerned partners will easily lead to data breaches.

 

Lastly, insider threats continue to be a risk. If access control isn’t a staple of a health organization’s security system, it can be easy for a disgruntled employee to offer this data out to threat actors. All these are concerns that can be handled by HIPAA compliance, and embracing telemedicine with HIPAA compliance at the back of your mind is a step in the right direction.

How Telemedicine Has Revolutionized The Health Sector

In a nutshell, telemedicine has made the transfer of medical data at a distant quite easy. Diagnoses, medical history, lab tests, and prescriptions can be transferred more easily and cheaper than normal. It also saves the costs of having to transfer patients from their homes to hospitals for diagnoses that could easily be done via video calls.

The HIPAA Rules That Affect Telemedicine

The HIPAA guidelines cover more than the patients and doctors communicating ePHI at a distance. It deals with the communications channels and any third party involved in the communication process. Ideally, for telemedicine to be compliant with HIPAA, the parties involved need to comply with these security rules:

 

  • Ensure that only the authorized parties gain access to ePHI
  • The channels of communication used to communicate ePHI at a distance ought to be secure enough to the standards of HIPAA.
  • There needs to be a system in place for monitoring the different communications containing ePHI to prevent the chances of accidental or malicious data breaches.

 

As long as physicians have effective safeguards in place for addressing access control, the first bullet point should be easy to comply with.

 

As for the second point, insecure channels such as email, Skype, and SMS are eliminated from ever being used. Lastly, the onus is upon those in charge of the ePHI technology to ensure that there are systems in place that can help monitor communication and facilitate the deletion of unused data if the need arises.

 

Both of the last points also look to address issues relating to where ePHI is stored.

Why Conventional Communication Channels Might Not Suffice

If the ePHI created by a physician (covered entity) is stored by a third party, the third-party and the covered entity have to sign a Business Associate Agreement (BAA).

 

The BAA ought to include details about the methods the third party will use to secure the data and procedures for auditing the data’s security in accordance with the HIPAA guidelines.

 

Since the copies of ePHI are bound to remain in the servers of conventional communication firms, such as Google, Verizon, and Skype, the covered entities ought to have a BAA with such bodies to remain compliant with HIPAA.

 

Sadly, Verizon, Google, and Skype might not enter into such BAAs, meaning that the covered entities will remain liable for fines for any breaches that occur from the lack of HIPAA compliance by these third-party entities.

 

The covered entities, telemedicine providers, might also fail HIPAA audits.

Aligning Compliance And Telemedicine

The ideal messaging solution should be secure. It should also offer the same communication speed as Skype, SMS, or email, while also complying with the HIPAA security rule.

 

This means that only authorized users should be allowed to access ePHI, the communication channel should be secure, and it should be fairly easy to monitor the activity on the channel.

 

The channels of communication should also be user-friendly enough for both patients and physicians to use during interactions.

 

Each authorized user can gain access to the channel through a centrally-issued username and password, which allows them to communicate with other users within the private communication network of the covered entity.

 

The channel should allow all types of communications, including images, documents, and videos.

 

These media should be encrypted both while in transit and at rest. As for monitoring the communication, the messages should be monitored through a cloud-based platform to ensure secure messaging policies are adhered to according to HIPAA rules.

Telemedicine Makes HIPAA Compliance Easier

While this might seem hard to believe, telemedicine might actually make compliance to HIPAA easier for health entities. Unlike convention medical services that had to introduce HIPAA compliance as an afterthought, telemedicine can be crafted with HIPAA compliance at the center of it all.

 

As such, any applications and technologies used in the communication of ePHI at a distance can leverage the latest technological advancements and data security practices.

 

These can include multiple data encryption methodologies and even comprehensive system testing.

 

Any partnerships with third-party vendors will also be based on whether they can have a sustainable BAA with them or not.

 

Telemedicine presents too big an opportunity to be ignored. Even better, the HIPAA guidelines can act as a baseline for security standards for health organizations looking to embrace telemedicine.

 

Since it is easy to be compliant, keen organizations can enjoy its perks without fearing costly fines.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Are you doing your security framework right?

Are you doing your security framework right? | Healthcare and Technology news | Scoop.it
It turns out many healthcare organizations get more than a few things wrong about their information security frameworks – big time. Whether it's about properly integrating a framework or even appropriately tailoring a framework, there's a list of items organizations should pay attention to. 
 
If done right, information security frameworks can be used to meet an organization's risk analysis requirements under the HIPAA Security Rule, in addition to helping define a "baseline of protection," said Bryan Cline, senior advisor at HITRUSTAlliance, but that's only if they're properly selected and implemented. And many organizations don’t necessarily do this successfully. 
 
Cline, who will be speaking at the Healthcare IT News Privacy and Security Forumthis March in a session on data security framework need-to-knows, says the biggest oversight he sees organizations make "is in not tailoring the framework appropriately." Added Cline, "organizations either rely on the framework without tailoring the requirements to address all reasonably anticipated threats, or they tailor the framework's requirements – usually by removing some of them – without fully understanding the additional risk that's incurred."
 
Sure, a security framework will help in the compliance arena, but improper tailoring and failure to keep it updated will inevitably lead to information-related risks being inadequately addressed, he said. This up-to-date piece is crucial, Cline said, because "frameworks also grow stale over time, as it can take several years for most frameworks to be updated and released."
 
Another big oversight, as Cline pointed out? Failing to integrate the framework into everyday operational processes. "For example," he said, "personnel with security responsibilities – whether in the security organization or elsewhere (e.g., HR or IT) – should be tied to the framework's controls and the security services that support their implementation." This, he added, would allow organizations to manage risk through managing the security services.
 
Cline, who is also the managing partner for Cline & Shiozawa Professional Services and previously the chief information security officer at Catholic Health East and The Children’s Hospital of Philadelphia, at his forum session will go over security risk management frameworks and how they can be leveraged and used in an organization's data protection programs. This includes, as Cline pointed out, how they can use these frameworks to meet risk analysis requirements under the HIPAA Security Rule. 


No comment yet.