BMN Blog

The 21^st Century Cures Act is a landmark bipartisan healthcare innovation law that went into effect on April 5, 2021. Cures includes provisions to promote health information interoperability and prohibit information blocking by “Actors,” which include health information networks, HIEs, health information technology developers of certified health IT, and health care providers.

Through ongoing advancements in healthcare technology, healthcare providers and patients can now access broader communication applications thanks to advances in data storage. These advancements have improved collaboration, increased communication outlets and have transformed the way data is stored and shared.

Most medical practices have permitted key business partners to access critical IT systems remotely. This is usually done to provide fast and efficient support of these systems. It could be an EMR vendor that needs to access a database, or perhaps a third-party IT service provider that will access systems for updates. Regardless of the requirement, every form of remote access that is provided to an outside party is a potential risk.  

Many practices are currently leveraging Microsoft Office 365 for e-mail, file storage, and internal collaboration. Unsurprisingly, the number of threats targeting this information (phishing attacks, compromised credentials, etc.) continues to grow at a rapid rate.

As we enter into the last few months of this challenging year, many practices will be looking to perform a HIPAA IT Security Risk Analysis. When considering the approach to this year's analysis, it's important to consider any changes that may have been made to critical IT systems as part of the practice's response to COVID-19.

The importance of a having well-designed website and creating an online presence is crucial to your medical practice now more than ever, regardless of how the pandemic affects your marketing outcomes. You don’t want to risk deterring new and current patients from using your practice.

This is not business as usual, and it is a great time of uncertainty. We are faced with one of the greatest challenges of our lifetime and your services are more critical than ever.

The National Institute of Standards and Technology has published a bulletin that provides several key reminders for people who have had to shift to working remotely as a response to COVID-19. The guidance, which can be found in full at the link below, summarizes previous NIST guidelines for working safely when out of the office.

Unfortunately, significant events like the COVID-19 pandemic typically lead to a rise in phishing attacks that leverage the ongoing situation to fool people into providing confidential information or downloading malicious software. Now is a good time to remember a few key characteristics of phishing attacks to help prevent being a victim of a phishing attack.

By now you have probably heard this and read it a thousand times. But one last time, we will cover it with some background on the whys and how’s.

Information Technology now dominates almost every part of our daily lives and in most cases, we do not have to think or worry the outcomes. We trust that what we input on our phones, keyboards and tablets will result in the right answer. With these repetitive motions it has allowed our business to grow and flourish. But what happens when those items break?

VoIP is a game-changer for the healthcare industry’s communication landscape, allowing for quicker, more reliable communication. However, it also brings with it a multitude of HIPAA concerns that can be confusing to navigate.

There is no one simple solution that will eliminate all business security risks. However, organizations can build a robust internal culture of security that can profoundly decrease those risks. This approach starts from the top down.

Over the last few years, cell phones have become computers, capable of much of the functionality that your office computer has. This is also true for small portable devices such as iPads, Windows and Android tablets. Are these devices and applications as secure as those you use from your clinic? In most cases, the answer is no.

Over the past several years the healthcare industry has become the number one target of cyberattacks. These attacks have exposed tens of millions of customers’ identities worldwide, costing an estimated $1 billion USD in losses.

A recent global study by the Ponemon Institute finds that the financial damage caused by a data breach has risen by 6.4 percent in the last year and now costs companies an average of $3.86 million each.

January 14, 2020 is a special day for Microsoft Corporation (you know that little company that controls 82.88 percent of the computer software market share). On that date, Microsoft will end the life of some of the major software that businesses use. End of life means that the manufacturer will no longer support the product. This list includes:

Is your EHR application in the cloud or are you considering moving to a cloud based provider? If so ensuring that you know the providers processes for data backup, disaster recovery and overall security are extremely important.

Malware are created with the intent to damage or disable our mobile devices, computers or servers. These attempts can include disrupting computing or communication operations, trying to steal sensitive data, accessing our private networks, or hijacking our systems to exploit their resources. With the tremendous growth in email and internet use over the last couple of decades, we have seen a corresponding explosion of growth in malware

One of the greatest challenges healthcare organizations face today is clinical application interoperability – the communication between computer systems, applications, or software to allow them to work in conjunction with one another.

According to the Ponemon Institute – www.ponemon.org  - the average cost of a data breach was $3.62 million dollars. This breaks down to $141 dollars per stolen record. International Data Corporation – www.idc.com – estimates that globally data storage will grow ten-fold by 2025 total of 163 zettabytes (a trillion gigabytes) by 2025. Data is stored in a vast range of devices including your smart phone, laptops, notebooks, workstations, tablets and even on your smart TV. Most businesses focus on the technical aspects of how to avoid data breaches (firewalls, anti-virus, security patches, etc.) and often how physical technical assets are destroyed at the end of their life are often overlooked or do not have a set process in place.