Our country’s ever-evolving healthcare landscape makes the future very unpredictable. Changes are occurring everywhere – regulation and legislation, reimbursement, technology, medical advances, and even the way healthcare is accessed and consumed. These changes impact how healthcare is delivered, paid for and administered. As such, it is imperative that Konica Minolta take an active role in understanding the industry and provide healthcare solutions in order to help our customers prepare for a future that will look very different than it does today. (more…)
In 2013, a covered entity reported to the U.S. Department of Health and Human Services Office for Civil Rights that one of its workstations was infected with a malware program. This resulted in the impermissible disclosure of 1,670 individuals’ electronic protected health information. The ePHI included names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses and procedure codes.
The covered entity, a hospital in the Northeast, determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because the organization did not have a firewall in place.
This is a common, basic lapse in compliance of covered entities. So, let’s examine the HIPAA settlement related to this organization. to better understand how you can improve your HIPAA compliance program. (more…)
Gartner estimates about 6.4 billion Internet of Things (IoT) devices today, such as DVRs, surveillance cameras, and many others, all connected to the Web and all with Internet (IP) addresses. By 2020, it is expected that the number of Web-connected devices will increase to 20.8 billion.
So, why are these numbers relevant to healthcare cyber-security?
An IoT fact is that these devices were not designed or developed with security at their core. Further, these devices are typically not configured securely.
IoT = Internet of Threats!
The focus of this article is to walk through the security challenges associated with IoT devices, which are proliferating healthcare entities. We will examine four key steps that a health-care entity should take to be better positioned to address this area of emerging cyber-risk.
Why the IoT-driven Internet Wobble on October 21 Matters in 2017 (more…)
As the old adage goes: Don’t take a good thing for granted.
How often do we do this in our personal and professional lives? Probably more than we’d like to admit. So when that good thing comes along, recognize it, take pride in it and promote it. That’s precisely what we’re doing with our interoperability capabilities as they grow and become more relevant for more of our healthcare customers. (more…)
Based on the frequency and amount of HIPAA fines in 2016, one thing is clear, very clear: the lack of a credible HIPAA compliance program for an organization today, will lead to an increase in business risk.
Multiple alleged HIPAA violations resulted in a $2.75 million settlement with the University of Mississippi Medical Center (UMMC). HIPAA fines typically are in the seven figures. In addition, it always includes a corrective action map (CAP), which requires a comprehensive HIPAA compliance program, mandated with attestation from an organization’s officer over the duration of the CAP period. The duration of the CAP period is typically a minimum of two years, more likely, three years.
The recommendation to senior leadership: select a security framework and establish HIPAA compliance within the context of that framework. There are essentially three options for security frameworks: HITRUST, ISO 27001 and NIST. I would recommend HITRUST. Be deliberate, disciplined, and steady to get HITRUST certified.
Senior executives must treat HIPAA compliance as a life-cycle, as a process. It will lower business risk!
Let’s examine the settlement related to UMMC to better understand how this impacts where you need to set the bar for HIPAA compliance based on Office for Civil Rights (OCR) enforcement of the regulation. (more…)
Understanding your DNA enables you to take proactive measures in defense of your health and well-being. Similarly, an organization must carefully examine its enterprise to ensure that it is protected from the multitude of threats posed by cyber criminals, employee/staff incompetence and/or malicious intent. In this article, we focus on two key challenges for organizations. First, what does HIPAA compliance mean? What must it address? And second, how can an entity address HIPAA compliance and the risk associated with cyber-attacks on a continual basis? We identify options for security frameworks to address this second question.
HIPAA violations and fines are mounting like never before, as evidenced by the following examples:
Healthcare is one of the most dynamic and rapidly evolving industries in the United States. The adoption of technology is growing exponentially and the investment in healthcare IT is outpacing nearly every other vertical market. 2016 promises to continue this trend, with security, interoperability and reimbursement leading the way as key healthcare challenges. Cloud, mobile, data analytics and HIPAA compliance will significantly impact purchase decisions as healthcare providers attempt to improve population health, enhance the individual experience of care and reduce the per capita cost of care (otherwise known as the Triple Aim of Care). (more…)
Identity theft has become epidemic in the United States — and across the world for that matter. It seems as if we hear about major breaches of personal data on a weekly basis, and now healthcare data breaches are becoming more and more prevalent. Nearly 42 million people have had their protected health information (PHI) breached since 2009.
Over the past couple of years, a number of organizations, including Anthem Blue Cross/Blue Shield, Community Health Systems (CHS) and Xerox Healthcare, have experienced massive PHI breaches. The Anthem breach affected nearly 80 million records. A breach at the Texas Health and Human Services Commission put the state out of HIPAA compliance. And finally, CHS had 4.5 million patient records stolen by cyber criminals.
Just over one year ago, I was handed a key to an office shell in Silicon Valley and asked to build the US Business Innovation Center. As I was standing in the empty room, I knew I was at the beginning of what would grow to be a driving force of new business lines and opportunities for Konica Minolta. I also knew that these business lines would not be an extension of our legacy products, but solutions born from the needs of our customers, both existing and new.
In August 2013, it was determined that Affinity Health Plan — a New York-based managed care plan — owed the U.S. Department of Health and Human Services Office for Civil Rights $1.2 million for violating HIPAA as part of a patient data breach case, reported Healthcare IT News.
“An HHS Office for Civil Rights investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives.”
HIPAA regulations are not to be taken lightly. It can cost businesses millions of dollars if the proper precautions are not taken when it comes to information sharing and organizational workflow.
There are those working outside the healthcare industry that need to equally protect sensitive patient information. Take, for instance, Summit Educational Resources, a private organization in New York that provides education and therapeutic services to those with developmental disabilities. (more…)