Many practices are currently leveraging Microsoft Office 365 for e-mail, file storage, and internal collaboration. Unsurprisingly, the number of threats targeting this information (phishing attacks, compromised credentials, etc.) continues to grow at a rapid rate.
As we enter into the last few months of this challenging year, many practices will be looking to perform a HIPAA IT Security Risk Analysis. When considering the approach to this year's analysis, it's important to consider any changes that may have been made to critical IT systems as part of the practice's response to COVID-19.
Over the past few years, you may have heard about companies, app makers, and service providers launching two-factor verification or two-factor authentication.
The importance of a having well-designed website and creating an online presence is crucial to your medical practice now more than ever, regardless of how the pandemic affects your marketing outcomes. You don’t want to risk deterring new and current patients from using your practice.
Eric Wallace, M.D., the medical director of UAB eMedicine, and Curt Carver Jr., Ph.D., vice president for Information Technology, both at the University of Alabama at Birmingham, were appointed by Governor Kay Ivey to serve on the Broadband Working Group to provide input and guidance on how to allocate funding from the federal Coronavirus Aid, Relief and Economic Security Act.
Approximately every 40 seconds someone in the United States has a stroke and roughly every four minutes someone dies of a stroke. It causes about one in 20 deaths annually – making it the fifth-leading cause of death – and the primary reason for long-term disability. Moreover, Alabama has the second-highest stroke mortality rate in the United States, behind Mississippi, according to the Centers for Disease Control and Prevention (CDC). This high incidence of stroke has earned Alabama a spot in the stroke belt, dubbed so by the medical community.
The National Institute of Standards and Technology has published a bulletin that provides several key reminders for people who have had to shift to working remotely as a response to COVID-19. The guidance, which can be found in full at the link below, summarizes previous NIST guidelines for working safely when out of the office.
On March 19, the Alabama Department of Public Health (ADPH) issued mandatory health orders to medical practices statewide to delay all elective medical and dental procedures until April 6th. On March 28, the order was amended such that non-emergency procedures are postponed further notice. Under these guidelines, Medical and dental practices have had to reduce office hours and/or close their office.
Unfortunately, significant events like the COVID-19 pandemic typically lead to a rise in phishing attacks that leverage the ongoing situation to fool people into providing confidential information or downloading malicious software. Now is a good time to remember a few key characteristics of phishing attacks to help prevent being a victim of a phishing attack.
By now you have probably heard this and read it a thousand times. But one last time, we will cover it with some background on the whys and how’s.
Just as it’s common for our families to have “Dr. Mom,” it’s also common for one spouse to serve as the family’s Chief Financial Officer (CFO). The family CFO takes the lead in paying bills, making investment decisions, selecting insurance policies and employee benefits, etc. This division of labor is common because one spouse may have more interest in financial matters, and the set-up works fine - as long as both spouses are physically and mentally healthy.
Information Technology now dominates almost every part of our daily lives and in most cases, we do not have to think or worry the outcomes. We trust that what we input on our phones, keyboards and tablets will result in the right answer. With these repetitive motions it has allowed our business to grow and flourish. But what happens when those items break?
VoIP is a game-changer for the healthcare industry’s communication landscape, allowing for quicker, more reliable communication. However, it also brings with it a multitude of HIPAA concerns that can be confusing to navigate.
There is no one simple solution that will eliminate all business security risks. However, organizations can build a robust internal culture of security that can profoundly decrease those risks. This approach starts from the top down.
Over the last few years, cell phones have become computers, capable of much of the functionality that your office computer has. This is also true for small portable devices such as iPads, Windows and Android tablets. Are these devices and applications as secure as those you use from your clinic? In most cases, the answer is no.
Trying to comply with HIPAA can be a challenge for healthcare providers, especially when there is so much confusion about specific aspects of the rules. Policyholders contact SVMIC almost every day for assistance with HIPAA-related issues. In fielding those calls and emails, we have identified some commonalities.
Check-ups, tests, and results. Doctors provide, measure, and deliver data to patients every day, often with profound implications. Financial advisors, at least the diligent ones, offer the same to their clients. Much of our data focuses on helping people have confidence that they can do what they want to do and not run out of money at the same time. Approaches and technical tools may vary, often with significant differences in degrees of sophistication. It has been common practice for advisors to use these tools to help project a portfolio’s ability to provide income for retirement. Rates of return are calculated, spending requirements input, withdrawal rates assumed, and end-of-life portfolio values projected.
Over the past several years the healthcare industry has become the number one target of cyberattacks. These attacks have exposed tens of millions of customers’ identities worldwide, costing an estimated $1 billion USD in losses.
We have heard a lot from the media on active shooter events throughout the U.S., but how many of these include healthcare facilities? The Homeland Security and the FBI define “active shooter” as “an event where one or more persons actively engage in killing or attempting to kill people in a populated area.” Statistics show active shooter incidents involving healthcare facilities are less common than other events, but they can occur, so planning may save lives.
A recent global study by the Ponemon Institute finds that the financial damage caused by a data breach has risen by 6.4 percent in the last year and now costs companies an average of $3.86 million each.
January 14, 2020 is a special day for Microsoft Corporation (you know that little company that controls 82.88 percent of the computer software market share). On that date, Microsoft will end the life of some of the major software that businesses use. End of life means that the manufacturer will no longer support the product. This list includes:
A look at the calendar tells us that we only have a short time left in 2018. That means many practices will be looking to complete their Security Risk Assessments in order to either qualify for the 2018 Merit-based Incentive Payment System (MIPS) or to simply fulfill their obligations to comply with the HIPAA Security Rule.
National Cybersecurity Awareness Month was created in 2004 by the Department of Homeland Security and the National Cyber Security Alliance to remind us that each we all have the power to make the Internet safer.
Is your EHR application in the cloud or are you considering moving to a cloud based provider? If so ensuring that you know the providers processes for data backup, disaster recovery and overall security are extremely important.
Fraud. It’s an ugly thing and it’s everywhere, the medical industry is no exception. When most people think about fraud, they think about white collar criminals stealing millions of dollars from big name companies, or the “dark web” where most of our social security numbers and credit card numbers are floating around just waiting for a buyer. The truth is most businesses will experience some type of fraud during their operation. It is so important for owners and business managers to be constantly vigilant to protect their practices.
Malware are created with the intent to damage or disable our mobile devices, computers or servers. These attempts can include disrupting computing or communication operations, trying to steal sensitive data, accessing our private networks, or hijacking our systems to exploit their resources. With the tremendous growth in email and internet use over the last couple of decades, we have seen a corresponding explosion of growth in malware
One of the greatest challenges healthcare organizations face today is clinical application interoperability – the communication between computer systems, applications, or software to allow them to work in conjunction with one another.
It is especially important for smaller practices to be mindful of Electronic Protected Health Information (ePHI) security regulations – a breach of ePHI can lead to costly notification requirements and potential monetary penalties under the HITECH Act. Managing physicians of small independent practices hold many responsibilities, including the duty to comply with the Security Rule within HIPAA regulations. This article provides a brief overview of federal ePHI compliance safeguards required in a practice. While not meant to be a comprehensive discussion of all requirements, it highlights legal considerations and safeguards a practice must implement to comply with HIPAA ePHI regulations. The federal Security Rule under HIPAA requires a health care provider (typically known as a Covered Entity) to have the minimum ePHI safeguards, listed below.
According to the Ponemon Institute – www.ponemon.org - the average cost of a data breach was $3.62 million dollars. This breaks down to $141 dollars per stolen record. International Data Corporation – www.idc.com – estimates that globally data storage will grow ten-fold by 2025 total of 163 zettabytes (a trillion gigabytes) by 2025. Data is stored in a vast range of devices including your smart phone, laptops, notebooks, workstations, tablets and even on your smart TV. Most businesses focus on the technical aspects of how to avoid data breaches (firewalls, anti-virus, security patches, etc.) and often how physical technical assets are destroyed at the end of their life are often overlooked or do not have a set process in place.
They were surprised, and you likely be will, too. Of the hundreds of healthcare organizations I’ve helped document HIPAA and meet compliance requirements, most are unaware that their Patient Health Information (PHI) is exposed in some way. If a cyber attacker took advantage of this situation, it could cause damage to your patients, bring giant HIPAA fines, and a loss of reputation.
The new tax reform law — commonly referred to as the "Tax Cuts and Jobs Act" (TCJA) — is the most significant tax legislation in decades. Although the law was passed only a few weeks ago, the impact on the economy and business outlook cannot be overlooked as the stock market rally continues and both individuals and businesses appear the most optimistic in quite some time.
Between phone calls with clients on another day in the financial trenches at Raymond James & Associates, I brainstormed for a good topic to pontificate upon to the readers of this fine publication, and I hope you’ll agree I found it.
Physicians serve on the frontlines of our healthcare system, and by extension the many social programs guaranteed by the Social Security Administration. It’s a large responsibility and we owe them a debt of gratitude. These dedicated care providers, across many areas of practice and at varied levels within our medical system, help more than 57 million children and adults who live with disabilities across the United States.
We hate to break it to you, but there's a HIPAA requirement you’re more than likely doing wrong. The Department of Health & Human Services’ Office for Civil Rights (OCR) is cracking down on requiring a true Healthcare Security Risk Analysis.
Most companies assume their cyber security is pretty good… until a breach happens and then you find out where the holes were. We often find that apathy and a lack of being proactive may cost you lots of money. An annual security audit is a necessity for all medical practices and companies in todays ever changing world of technology. It is a vital part of protecting your digital assets and cyber security plan for your organization. It’s not just about discovering any vulnerabilities or shortcomings, rather it’s about opportunities to strengthen your network security.
Your business' data could be compromised by the most unlikely of sources -- your own IT manager.
Over the past couple months, I’ve encountered multiple chilling examples of IT staff gone rogue. Of course, this isn't happening every day. But when it does, it's especially damaging to organizations with a one-person IT department. These lone IT managers often hold the keys to the kingdom. No one person - IT expert or not - should ever have complete control over passwords, access, processes, etc. Why? Consider these two recent incidents:
There is a lot of confusion about SSDI and SSI, the two types of disability benefits that can be received from Social Security. The definition of disability is the same under both programs, but that is where the similarity ends. The following is a very basic description of the disability programs provided under the Social Security Act, titles II and XVI.
No matter the size of the business, a successful business must be paid promptly and in full. However, often a business, including a medical practice is dealing with numerous overdue accounts receivables. Such a financial position can be commonplace in today’s business environment. Although this financial condition is often perceived as “normal” or “accepted” business practice”, savvy business owners should collect promptly and protect their rights in resolving overdue receivables with the proper policy and procedures in place. Effective policy and procedures generally begin with utilizing a new patient form and/or the credit application.
As of September 30, 2017, the Department of Health and Human Services Office of Civil Rights (OCR) has received notices of 237 breaches. 46% occurred as result of hacking or IT security incidents; many at the business associate level. Ransomware is rampant and projected to increase 670%. As a covered entity, although a breach occurs at your business associate, under HIPAA, you are responsible for your protected health information and responding to the breach. OCR has been clear that breaches of 500 or more records will be investigated. Given the significant increase in breaches over the past few years, advance preparation is critical and can reduce the cost and burden of breach response.
Did you know a single patient health record can earn cybercriminals 10 times the price of a stolen credit card number on the black market?
The Office of Civil Rights is auditing small and large healthcare providers alike, imposing multi-million dollar fines in some cases. Meanwhile, the same electronic storage, mobile devices, and cloud-based applications that patients, doctors, and healthcare staff want to use often compromise a practice’s ability to keep that patient data safe.
Social Security Disability under Title II of the Social Security Act*
Surveys have shown that most Americans know little about Social Security law and the vital benefits it provides. By far, the least understood Social Security benefit is Social Security Disability Insurance (SSDI). This lack of knowledge has been measured through objective testing in various academic studies. Anecdotally, I know this to be true based on recurring questions and comments I have received from the public and clients alike over the last several decades of my work as a social security disability attorney.
Recycling electronics is a great way to help conserve and reuse valuable resources and materials found in many gadgets, including glass, plastics, and various metals such as copper, gold, palladium, and silver. Many electronics, especially computers and televisions, contain toxic materials such as cadmium, lead, and mercury. Recycling and reusing electronics helps to keep these toxic materials out of our landfills and water supply.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: