• Insights
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • acutecareprovidersIn 2013, a covered entity reported to the U.S. Department of Health and Human Services Office for Civil Rights  that one of its workstations was infected with a malware program. This resulted in the impermissible disclosure of 1,670 individuals’ electronic protected health information. The ePHI included names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses and procedure codes.

    The covered entity, a hospital in the Northeast, determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because the organization did not have a firewall in place.

    This is a common, basic lapse in compliance of covered entities. So, let’s examine the HIPAA settlement related to this organization. to better understand how you can improve your HIPAA compliance program. (more…)

    From the Experts, Security, Solutions

    , , , , , ,

    No comments yet

    Print

    Security should be a driving force and not an afterthought for senior executives and their boards.

    It is important that senior executives require that their organization formally establish a credible cyber security program. It starts with setting strategic security objectives that must be achieved by December 31, 2016, and December 31, 2017. Think near-term, and think far! The organization must address security and compliance as a life-cycle, as a process. It will lower business risk! (more…)

    Content Management, From the Experts, Security, Strategy, Technology

    , , , , ,

    No comments yet

    bizhub_c754_panel_kno2_silo_2_resized

    As the old adage goes: Don’t take a good thing for granted.

    How often do we do this in our personal and professional lives?  Probably more than we’d like to admit.  So when that good thing comes along, recognize it, take pride in it and promote it.  That’s precisely what we’re doing with our interoperability capabilities as they grow and become more relevant for more of our healthcare customers. (more…)

    Content Management, From the Experts, Security, Technology

    , , , , , , , ,

    No comments yet

    The Bar for HIPAA Compliance

    , Chief Executive, ecfirst

    health2Based on the frequency and amount of HIPAA fines in 2016, one thing is clear, very clear: the lack of a credible HIPAA compliance program for an organization today, will lead to an increase in business risk.

    Multiple alleged HIPAA violations resulted in a $2.75 million settlement with the University of Mississippi Medical Center (UMMC). HIPAA fines typically are in the seven figures. In addition, it always includes a corrective action map (CAP), which requires a comprehensive HIPAA compliance program, mandated with attestation from an organization’s officer over the duration of the CAP period. The duration of the CAP period is typically a minimum of two years, more likely, three years.

    The recommendation to senior leadership: select a security framework and establish HIPAA compliance within the context of that framework. There are essentially three options for security frameworks: HITRUST, ISO 27001 and NIST. I would recommend HITRUST. Be deliberate, disciplined, and steady to get HITRUST certified.

    Senior executives must treat HIPAA compliance as a life-cycle, as a process. It will lower business risk!

    Let’s examine the settlement related to UMMC to better understand how this impacts where you need to set the bar for HIPAA compliance based on Office for Civil Rights (OCR) enforcement of the regulation. (more…)

    From the Experts

    , , , , , , , , , , ,

    No comments yet

    Is HIPAA in Your Enterprise DNA?

    , Chief Executive, ecfirst

    Ali blogUnderstanding your DNA enables you to take proactive measures in defense of your health and well-being.  Similarly, an organization must carefully examine its enterprise to ensure that it is protected from the multitude of threats posed by cyber criminals, employee/staff incompetence and/or malicious intent.  In this article, we focus on two key challenges for organizations. First, what does HIPAA compliance mean? What must it address? And second, how can an entity address HIPAA compliance and the risk associated with cyber-attacks on a continual basis? We identify options for security frameworks to address this second question.

    HIPAA violations and fines are mounting like never before, as evidenced by the following examples:

    (more…)

    From the Experts

    , , , , , , ,

    No comments yet

    HIMSS_logo

    With another HIMSS Conference behind us, it is a great time to reflect on how the healthcare industry, and healthcare IT in particular, has evolved over the years.  In my experience in this industry – approximately 18 years in the healthcare IT business – things have changed dramatically.  My earliest memory of the HIMSS Conference from late nineties was its focus on HIPAA.  And with the passage of the legislation in 1996, administrative simplification, and implementing the ability to electronically submit claims for payment in a standardized HIPAA-compliant format, was the key messaging at the event.   Today, most of us think of security when hearing the word HIPAA, but in the early stages of the legislation it was really more about improving the process of claim submission and payment, and moving away from paper claims.  (more…)

    From Our Experts, Solutions

    , , , , , , ,

    No comments yet

    ECM2 (2)

    When it comes time to implement your Enterprise Content Management (ECM) solution, there are some areas in which we see many businesses make mistakes. Making the transition to your ECM solution should be a smooth, well-planned process minus any headaches. Don’t fall prey to the following five mistakes that are commonly made which will only make the transition more challenging than necessary. (more…)

    Content Management, From Our Experts, Solutions, Strategy, Technology

    , , , , , , ,

    No comments yet

    HIPAA Blog Image

    Identity theft has become epidemic in the United States — and across the world for that matter. It seems as if we hear about major breaches of personal data on a weekly basis, and now healthcare data breaches are becoming more and more prevalent. Nearly 42 million people have had their protected health information (PHI) breached since 2009.

    Over the past couple of years, a number of organizations, including Anthem Blue Cross/Blue Shield, Community Health Systems (CHS) and Xerox Healthcare, have experienced massive PHI breaches. The Anthem breach affected nearly 80 million records. A breach at the Texas Health and Human Services Commission put the state out of HIPAA compliance. And finally, CHS had 4.5 million patient records stolen by cyber criminals.

    (more…)

    From Our Experts, Security, Solutions

    , , , , , , , , , ,

    No comments yet

    Hot Topics at HIMSS ‘14

    , Healthcare Market Manager

    At the HIMSS Annual Conference in Orlando I spoke with many customers – physicians, hospital administrators, ancillary care providers, and IT professionals.   Konica Minolta has always provided printing solutions to the healthcare industry, and while many HIMSS attendees know about us for reliable office and production print equipment, this was an opportunity for them to see our expanded EnvisionIT Healthcare portfolio.

    Since HIPAA went into effect, we have grown our healthcare offering to include industry specific software, IT services and professional services.  Today, we offer customers a complete solution of hardware, software and services that address the specific challenges in the healthcare industry such as security, document and records management, efficiency and regulatory compliance. (more…)

    From Our Experts, Security, Solutions, Technology

    , , , , , ,

    No comments yet

    Imagine a family practice office on a Monday morning with every seat in the waiting room full, and three people waiting at the check-in window.  Contrast that to an Emergency Room at a community hospital on a Friday night with 40-50 patients waiting to be admitted.  Each scenario is very different, but they have a few things in common – busy staff, anxious patients, and a challenging document workflow.  Add to that the necessity to correctly and quickly capture patient information and clinical notes in order to satisfy billing requirements and regulatory compliance while maintaining the privacy and security of the patient.

    These are typical situations in today’s healthcare environment and are complicated by the fact that electronic health records (EHR) are changing the way clinicians do business.  Perhaps the biggest challenge for a healthcare provider is how to capture all of the paper documents associated with a patient visit or encounter. (more…)

    From Our Experts, Security, Solutions

    , , , , , ,

    No comments yet