Saturday, December 28, 2013

Health IT: Most Got Raises in 2013

Most health IT professionals received raises in 2013, with larger ones going to executive management than to department heads and staff, according to a compensation study by the Healthcare Information and Management Society (HIMSS).

% Average salary of respondents was $113,269 (median, $95,000). While 72% reported a raise, only 46.8% got a bonus; median bonus was 3.5% of the their annual salary.

"Male respondents reported average raises of 4.75%, boosting their average salary to $130,800. Women—who represented 56% of the respondents—reported average raises of 3.71% and an average salary of $99,523.."
- HIMSS 2013 Compensation Survey
Respondents in the Mid-Atlantic states had the highest average salary ($127,549) while those in Alabama, Kentucky, Mississippi, and Tennessee were lowest ($95,243).
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Most HIT professionals got raises in past year, HIMSS survey shows - www.ModernHealthcare.com, 12/26/2013

Friday, December 20, 2013

Survey: IT Salaries Increasing

IT salaries will increase in 2014, according to a survey by the Society for Information Management (SIM). An Information Week article also confirmed a trend of rising IT salaries in 2014, from a recent survey conducted by IT staffing firm TEKsystems.
"It's a good time to be a geek: Salaries are increasing...."
- Leon Kappelman, Professor, University of North Texas
The SIM survey also asked CIOs to identify their most important issues for 2014. Analytics and business intelligence headed the list and 20% said skills shortage keeps them awake at night. As organizations ramp up their analytics programs they can utilize low-cost on-demand SaaS analytics services to deliver business insights.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) IT salaries, training on the rise in 2014, says SIM - www.FierceCIO.com, 12/18/2013

Thursday, December 19, 2013

HHS: DeSalvo to Replace Mostasari as National Coordinator

U.S. Department of Health & Human Services (HHS) Secretary Kathleen Sebelius announced today that Karen DeSalvo, currently the City of New Orleans Health Commissioner and Senior Health Policy Advisor to Mayor Mitch Landrieu, will be the next National Coordinator for Health IT.

Dr. DeSalvo will replace Farzad Mostashari, who resigned from ONC in October; she will begin her new role on Monday, January 13.

"DeSalvo's experience "is a perfect fit for ONC's role of using health IT to improve the healthcare system nationwide ." - Acting National Coordinator for Health IT Jacob Reider
Sebelius said, "During her tenure, Dr. DeSalvo has been at the forefront of efforts to modernize the New Orleans healthcare system" and "she has led the planning and construction of the city's newest public hospital, which will have a fully-integrated HIT network."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ONC taps Karen DeSalvo as next National Coordinator -www.FierceHealthIT, 12/20/2013

Wednesday, December 18, 2013

OIG: EHR Audits Not Used to Full Extent

The Office of the Inspector General (OIG) found that nearly all of the 800 hospitals surveyed in late 2012 had federally recommended electronic medical record (EHR) audit functions in place, but "may not be using them to their full extent."

Alarmingly, the OIG found that 44 percent of hospitals can delete audit logs. Four EHR vendors surveyed said audit logs cannot be disabled in their systems, but one noted a programmer could disable them. The OIG also said EHRs poorly designed or used inappropriately can result in poor data quality or fraud."

"Hospitals 'may not be using recommended EHR audit functions to their full extent' and '44% can delete logs'."
- Office of the Inspector General
The OIG recommended "audit logs be operational whenever EHR technology is available for updates or viewing," and "ONC and CMS develop a comprehensive plan to address fraud problems in EHRs."

Tampering with logs can easily and rapidly be determined by low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) OIG takes hospitals to task on EHR use - www.HealthcareITnews.com, 12/16/2013

Tuesday, December 17, 2013

Big Data to Combat Healthcare Data Breaches

Despite government regulators, the healthcare industry's reputation for data protection is less than stellar. There are often multiple breaches reported weekly and proliferating health care exchanges under the Affordable Care Act could exacerbate the situation.
"It's impossible for a human to intelligently, accurately and reliably see unusual activity regarding access to electronic health records."
- Lee Kim, director of technology privacy and security solutions, Healthcare Information and Management Systems Society (HIMSS)
Increasingly, healthcare providers are looking to big data solutions to protect their patients' information, since as Lee Kim of HIMSS says "It's impossible for a human to intelligently, accurately and reliably see unusual activity regarding access to electronic health records." Big data analytics can proactively detect unauthorized access to patient records, even by authorized users. And low-cost on-demand SaaS analytics services afford healthcare organizations great flexibility.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Big Data offers means to combat health care hacker attacks - www.CSO.com.au, 11/25/2013

Monday, December 16, 2013

CIOs Accept Breaches are Inevitable

CIOs are investing more in security as they accept that data breaches are inevitable.

Most organizations say their information security functions don't fully meet their needs, and most are maintaining or increasing their IT security spending in order to protect against growing threats, according to an Ernst and Young study -- 83% of organizations say their security is inadequate, and 93% will maintain or increase IT security investments.

"...the number of security breaches is on the rise, and it is no longer a question of if, but when, a company will be the target of an attack ." - Ernst and Young study
The study found a major mindset change in IT security executives. CIOs are accepting the reality that their organizations will sustain breaches. Therefore, rather than only focusing on prevention, there is a growing focus on early detection. For proactive detection of data breaches by insiders, or those posing as insiders, organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient data breach detection. Learn how to proactively identify unauthorized breaches of data, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CIOs upping security spending, accepting inevitability of breaches - www.FierceCIO.com,11/20/2013

Thursday, December 12, 2013

Report: Info Security Priorities

Top security threats included "internal employees" (62%), according to an ISC Global Information Security Workforce Study of international information security professionals. Top priorities for their organizations were "damage to reputation" (83%), "breach of laws and regulations" (75%), and "privacy violations" (71%).

Over 12,000 IT security executives in a number of industries were polled for the study. Other key findings included Among their top priorities was governance, risk management, and compliance (GRC) (74%), with auditing IT security compliance a top GRC priority.

"...more preparatory work to detect and respond to risk issues will be critical."
- Dr. Meng Chow Kang, Director, Information Security,Cisco Systems
The report pointed out that "big data in the security discipline needs to improve significantly" and CSOs must look beyond their organizations and collaborate with others, including using outside services. One-third of respondents expect to increase spending on managed security firms. Organizations in many industries are already utilizing low-cost on-demand SaaS analytics services to proactively detect data breaches and report on user access compliance/attestation.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) A View From the Top: 2013 ISC Global Information Security Workforce Study CXO Report - ISC Foundation - www.priva.com, 10/11/2013

Wednesday, December 11, 2013

EHRs: New Possibilites, New Problems

The Fall CIO Forum of the College of Healthcare Information Management Executives (CHIME) showcased the benefits being obtained from electronic medical records (EMR). However, some presentations pointed out challenges that accompany the massive amounts of available data.

Healthcare providers are no longer just collecting clinical and financial data but are employing analytics to improve care and reduce costs.

"New questions are emerging about how data are going to be accessed and who is going to be allowed to have access to them."
- Praveen Chopra, VP and CIO at Children's Healthcare of Atlanta
Praveen Chopra, VP and CIO at Children's Healthcare of Atlanta, points out "Reporting is descriptive and static" but "when we look at data diagnostically, we can drill down and start doing something with it." To achieve this healthcare organizations can utilize low-cost on-demand SaaS analytics services to gain insights that will improve care.
Learn how Veriphyr Identity and Access Intelligence delivers healthcare insights - with no hardware and no on-site software.
Sources:
(a) New Possibilities, New Problems With Wider Use of EHRs - www.iHealthBeat.org, 12/04/2013

Tuesday, December 10, 2013

Study: Data Breaches Erode Customer Trust

A survey of 3,000 UK consumers found only about one in 10 felt large organizations could protect their personal data.

This high level of distrust applied to every sector that holds their data. Respondents' views were influenced by the many breaches they'd heard about.

"Consumer tolerance for data loss is at an all-time low."
- Network World
The study suggested "the decline in data trust must be countered." Such organizational efforts can include proactive detection of data theft by insiders with low-cost on-demand SaaS analytics services.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data breaches have eroded consumer faith in security, Fujitsu finds - www.NetworkWorld,12/06/2013

Monday, December 9, 2013

Create a Miracle in One Child's Honor

Can You Help Create a Holiday Miracle?

This holiday season we are recognizing every child hospitalized during this special time of the year. With each $5 donation to your Children’s Miracle Network Hospital our Miracle Counter will count down until one million children have been honored. With your support, $5 at a time, our member hospitals can provide the best care for our most precious gifts – local kids.

Click here to support a child at your local member children's hospital.

"A $5 donation will create a miracle in one child's honor."
- Children's Miracle Network Hospitals
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Children's Miracle Network Hospitals - http://holiday.childrensmiraclenetworkhospitals.org, 12/01/2013/

Report: Malicious Insider Risk

Government agencies and consumers demands for improved cybersecurity standards will putting pressure on corporations in 2014 to take action to protect against "legal, financial, and public image risks, according to Kroll's third annual Cyber Security Forecast.

An area of special concern is malicious insiders, according to Alan Brill, senior managing director and founder of Kroll’s global high-tech investigations practice.

"Another area of special concern to general counsel is when a security breach is caused by a malicious insider ."
- Alan Brill, Kroll’s global high-tech investigations practice
Brill advised “It’s absolutely an area where the in-house counsel has to be working with human resources, risk managers, corporate security people and outside advisers...to protect the interests of the organization." To mitigate malicious insider risk organizations can utilize low-cost on-demand to proactively detect data breaches.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Getting In-house Counsel Involved in Cybersecurity - www.Law.com, 12/05/2013

Friday, December 6, 2013

CMS: $17B in EHR Incentives

The federal government’s Medicare and Medicaid electronic medical record (EHR) incentive program has paid out almost $17 billion to date.

By the October, more than 430,000 eligible hospitals and professionals have achieved meaningful use, with 93 percent of eligible hospitals and 80 percent of eligible professionals registered for the program.

"93 percent of eligible hospitals and 80 percent of eligible professionals registered for the program." - Government Health IT
Protecting the privacy of health information is among the requirements for meaningful use. This can be fulfilled with proactive detection of data breaches utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CMS Has Paid Nearly $17B in EHR Meaningful Use Payments -www.iHealthBeat.org, 12/5/2013

Thursday, December 5, 2013

Health Exchange Breach in Vermont

Vermont Governor Shumlin is disappointed that the state's top health official failed to disclose a breach in their health information exchange.

A user was able to access another user's Social Security information in October, but in November Mark Larson, Commissioner of Vermont Health Access told the legislature that there had been no breaches.

"I am tremendously disappointed in Commissioner Larson’s lapse of judgment in this (breach) matter." - Governor Shumlin of Vermont
Health insurance and information exchanges facilitate sharing data that can improve peoples' health but the potential for breaches is magnified. Low-cost on-demand SaaS log analysis services would readily detect that one user was looking at another user's medical records.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health care head reprimanded for not disclosing security breach - www.StoweToday.com, 11/28/2013

Wednesday, December 4, 2013

Patient Data on 4,400 Breached in Florida

An employee at a Southwest Florida medical practice improperly accessed and photographed patient records.

The information breached included names, dates of birth, Social Security numbers and telephone numbers, according to the practice's privacy officer. The breach was discovered when the employee tried to print the photos at Wal-Mart; the manager notified law enforcement.

"The employee improperly accessed and photographed some personal patient records that included names, dates of birth, Social Security numbers and telephone numbers."
- The Herald Tribune
Healthcare organizations don't have to rely on third parties to notify them of breaches. Proactive privacy breach detection, even when data is photographed, is available with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Patient data may have been leaked, doctors group warns - www.HeraldTribune.com, 11/29/213

Tuesday, December 3, 2013

Give Miracles Today, #Giving Tuesday!

Did you know today's Giving Tuesday?! This grassroots cousin of Black Friday and Cyber Monday is kicking off the holiday season on a philanthropic note.

A proud Giving Tuesday partner, Children’s Miracle Network Hospitals encourages everyone to ‘give back’ this holiday season, starting with some charitable giving on the first Tuesday after Thanksgiving. Not sure where to donate? Visit the holiday giving program www.GiveMiracles.org and "Put Your Money Where the Miracles Are."

"Creating Real Miracles by Raising Funds for Local Hospitals."
- Children's Miracle Network Hospitals
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Children's Miracle Network Hospitals, Giving Tuesday - http://givemiracles.org,12/03/2013

Monday, December 2, 2013

Patients Notified of Privacy Breach

A Pennsylvania medical center has notified almost 1,300 patients that their private medical information was breached.

A hospital employee inappropriately accessed patient records over a one year period; data breached included patient names, dates of birth, contact information, treatment and diagnosis information and Social Security numbers. The medical center learned of the breach from a tip by another employee.

"The employee accessed patient medical records, including patient names, dates of birth, contact information, treatment and diagnosis information and Social Security numbers." - WESA FM
There is no need to depend on tips to uncover inappropriate access. There are proactive solutions that put healthcare organizations in control. Actionable intelligence reports on every patient record accessed by every system user are available from low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) UPMC Privacy Breach Prompts Warning to Patients - www.wesa.fm.com, 11/27/2013

Wednesday, November 27, 2013

UK: Punish Companies for Sensitive Data Loss

A majority of UK consumers surveyed said "not enough is being done to uniformly penalize organisations that suffer data loss."

Two-thirds of respondents called for legislation to force organisations to declare data breaches. UK consumer confidence was low with 48% thinking that at some point their personal data will be compromised.

"UK consumers have called for tougher punishments for companies that lose sensitive information."

- Office of Inadequate Security

EU law requires only affected customers to be notified; 64% of those polled would like everyone informed of breaches.

Organisations in any country can improve consumer confidence regarding protecting personal information by proactively detecting data breaches with low-cost on-demand SaaS analytics services.

Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Companies that lose sensitive information should be punished, say UK consumers - www.DataBreachs.net, 11/18/2013

Tuesday, November 26, 2013

State Employee Guilty in Patient Data Breach

The personal information of over 228,000 patients was breached by an employee of the South Carolina Health and Human Services Department.

Christopher Lykes Jr. has pleaded guilty to four counts of willful examination of private records by a public employee and one count of criminal conspiracy, according to South Carolina State Attorney General, Alan Wilson

"Authorities say the agency project manager compiled more than 228,000 Medicaid patients' personal information."
- Modern Healthcare
To proactively detect data breaches, healthcare organizations can now utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Ex-state employee pleads guilty in S.C. data breach - www.ModernHealthcare.com, 10/10/2013

Monday, November 25, 2013

12,000 Employees' Personal Data Stolen

More than 12,000 Baltimore County employees had their personal data stolen by a former contract worker.

While working for the county Courtney Calbert stole personal information such as Social Security numbers, home addresses, county identification numbers, salaries, job classifications, job titles and employees’ race and gender. He also stole individual checking and bank routing numbers.

"Courtney Calbert, 34, of Dundalk made off with employees' banking information, Social Security numbers, and other personal information." - Baltimore County Police
The identity theft was discovered when law enforcement was investigating an unrelated theft involving Mr. Calbert. Rather than learn about data breaches from law enforcement, organizations can detect them proactively with low-cost on-demand SaaS analytics services.

Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former contract worker identified in theft of employee data - www.BaltimoreSun.com,11/14/2013

Friday, November 22, 2013

Cancer Center Identity Thefts, Two Women Charged

Two women have been charged with stealing personal information from a California cancer center, according to Santa Clara prosecutors.

Law enforcement discovered the stolen information and it is unclear if this personal health information (PHI) theft is related to a recent breach at a California hospital.

"More than 100 identity theft victims have been identified from all over the Bay Area, including San Francisco, Contra Costa, Alameda, Santa Clara and Santa Cruz counties." - KTVU, San Francisco
All too often law enforcement is the first to learn of a data breach. Organizations seeking proactive privacy data breach detection can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Women Charged in Cancer Center Identity Thefts - www.PHIprivacy.net, 11/18/2013

Thursday, November 21, 2013

$37B to Create More Data Scientists

$37.8 billion has been awarded to an academic initiative to help create more data scientists.

The White House Office of Science and Technology announced the project, funded by the Gordon and Betty Moore Foundation and the Alfred P. Sloan Foundation. Three universities will partner to "steer graduates into data science work and increase the use of advanced analytics and data management work."

"The demand for talent capable of gleaning useful information from businesses' increasingly large and diverse data sets--generated by sensors, electronic payments, online sales, social media and more--is outpacing the supply of workers."
- Chicago Tribute
A number of studies highlight the growing demand for business intelligence experts and data analysts. McKinsey & Co. report that by 2018, "the U.S. might face a hiring gap of approximately 35 percent in the number of available big data jobs versus candidates to fill them; that equates to approximately 140,000 unfilled jobs."

Organizations that need insights from their data now are utilizing low-cost on-demand SaaS analytics services.

Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) New initiative looks to create more data scientists - www.FierceCIO.com, 11/19/2013

Wednesday, November 20, 2013

Ethics and Compliance for Multigenerational Workforce

Keep workers from several generations focused on building a more ethical and compliant (E&C) organization can present challenges.

A white paper, "Leading and Engaging Today's Multi-Generational Workforce" discusses critical success factors for education programs.

"E&C learning is moving from a top-down experience to a shared one, and the digital and technological tools that come naturally by the millennial generation are helping make this change happen ." - Corporate Counsel
Although the generations vary in their approach to E&C fostering collaborative environment the paper describes several programs that capitalize on those differences. Having a forward-thinking approach to delivering and framing ethics and compliance messages that happens when generations collaborate appears to be good for an E&C program’s overall effectiveness.

Forward thinking compliance departments are also utilizing low-cost on-demand SaaS analytics services to obtain insights into compliance challenges.

Learn how Veriphyr Identity and Access Intelligence delivers compliance insights - with no hardware and no on-site software.
Sources:
(a) Keeping a Multigenerational Workforce Engaged in E&C - www.CorpCounsel.com,11/19/2013

Tuesday, November 19, 2013

WSJ: High Compliance Turnover. Why?

When top compliance staff resigns an organization's goal of building a strong compliance program can falter, according to a Wall Street Journal (WSJ) article.

Heading compliance for a company involved in a scandal can be particularly rough. Hector Sants left his chief compliance post after ten months citing "stress and exhaustion." Gary Peterson at HSBC left a similar post after two years. Such turnover makes it difficult for HSBC to revamp compliance after settling with US regulators for $1.9 billion.

"When you have people leaving or any kind of revolving door, the compliance program suffers and the progress suffers."
- Donna Boehme, a former chief compliance officer
To reduce top compliance staff turnover, Donna Boehme, now a principal at a compliance consulting firm, advises "the board should be asking why that person left."

A compliance department's workload can benefit from insights delivered by low-cost on-demand Identity and Access Intelligence (IAI) SaaS analytics services.

Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) The Morning Risk Report: When Top Compliance Employees Leave - www.wsj.com, 11/15/2013
(b) High Compliance Turnover? Ask Yourself Why - www.CorpCounsel.com, 11/18/2013

Monday, November 18, 2013

Woman Stole Patient Info to Obtain Loans

A Kentucky woman, while employed at a medical office, has been indicted for stealing patients' identity information which she used to obtain loans.

Between 2010 and 2012 she stole patient names, birth dates, and Social Security numbers, violating HIPAA regulations, according to the indictment filed in the US District Court for the Western District of Kentucky.

"disclosed her employer's patients' identifying information by providing names, birth dates and Social Security numbers to loan companies so she could obtain loans for her personal use and advantage."
- U.S. District Court for the Western District of Kentucky
It is unclear if this identity theft was first discovered by law enforcement rather than the medical office where she was working. Healthcare organizations can proactively detect privacy data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
> Sources:
(a) KY: Woman indicted for identity theft, stealing patient information to obtain loans - www.PHIprivacy.net, 11/16/2013

Friday, November 15, 2013

ACC Study: Compliance Moving Out of General Counsel Office

A number of companies are separating the chief compliance officer from the general counsel's office, according to a study co-sponsored by the Association of Corporate Counsel.

The survey found 39 percent of respondents report to the chief executive officer, while 36 percent report to the general counsel. Many experts disagree on separating the GC from the compliance function. In your organization, to whom does the compliance officer report to? Do you think that should change?

"There is still a significant number of CCOs who do report to general counsel. But what I hear from members is more and more they are making compliance a separate function."
- James Merklinger, ACC’s vice president and GC
To assist companies with tight compliance budgets the ACC has created a compliance portal with webinars, videos and presentations. Tight budgets can also benefit from low-cost on-demand SaaS analytics to deliver insights about compliance issues.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) ACC Study Sees Compliance Moving Out of the GC's Office - www.CorpCounsel.com,10/15/2013

Wednesday, November 13, 2013

Health IT Job Growth Underestimated

Analysis of online job postings confirms health IT job growth has exceeded projections, driven by the HITECH Act.

Schwartz et al estimated 48% of job growth was due to HITECH, with the remainder due to growth that would have continued at historical trends prior to HITECH. Other interesting findings between 2007-2011 included health IT jobs growing from 0.75% to nearly 2.5% of all healthcare job postings, a four-fold increase in the number of jobs posted.

"Reports show that the job market for those working with electronic health record (EHR) and related systems continues to be strong for employees and challenging for employers."
- William Hersh, MD, Professor and Chair, OHSU
Other reports show organizations are hiring and maintaining more health IT staff. But Towers Watson found organizations had problems attracting and retaining experienced IT employees, 67% and 38%, respectively. About 80% of providers reported the lack of fully qualified staff as a barrier to achieving organizational IT goals.

Health organizations facing IT staffing shortages often utilize SaaS solutions. Such offerings include low-cost on-demand SaaS analytics services for proactive privacy breach detection and user access compliance reporting.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Further Evidence That Health IT Job Growth Has Been Underestimated, and Some Ramifications - www.HitechAnswers.net, 10/09/2013
(b) Schwartz et al. Tracking labor demand with online job postings: the case of health IT workers and the HITECH Act - www.IndustrialRelationsJournal.com, 2013

Tuesday, November 12, 2013

Can Latest HIPAA Rule Cut Breaches?

Some predict that last month's updated HIPAA rule will lead to better protection of PHI (Protected Health Information).

The update expands the number of organizations directly responsible for compliance with HIPAA requirements, making them liable for failure to secure PHI. Instead of just health care providers, those responsible and liable now includes their Business Associates (BA) as well, such as vendors, contractors and consultants they hire, and even subcontractors of BAs, if they handle PHI.

Rachel Seeger, of Health and Human Services (HHS) Office of Civil Rights (OCR), said BAs and subcontractors are now "directly liable" for compliance with HIPAA privacy and security rules, including "Impermissible uses and disclosures (including more than the minimum necessary)."

"We need to 'build security in,' and make the secure way of doing business the way the business people will use by default. I'm not saying effective awareness training has no value but putting too much reliance on it is not a winning strategy."
- Martin Fisher, director of information security, Wellstar Health System
While some experts think security awareness training will lead to fewer breaches, others disagree. Danny Lieberman of Software Associates said "when there is a financial incentive to steal data and you have an insider or partner with access, then you have motivation and means and all you need is opportunity to have a crime."

Organizations that want proactive detection of insider privacy breaches are utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Can the new HIPAA rule cut PHI breaches? - www.CSOonline, 11/08/2013

Monday, November 11, 2013

WSJ: Increased Compensation for Compliance Professionals

Good news for compliance professionals: even those with limited experience in the field are predicted to see compensation increase by 3 to 4 percent next year, according to a Wall Street Journal article.

With demand strong for compliance staff at every level, there are opportunities for career changers, students and others without prior compliance experience but with skills applicable to the field.

"Compliance professionals, even those with limited experience in the field, are predicted to see compensation rise by 3 to 4 percent next year ."
- Wall Street Journal
An for those with a law degree adding a professional certification in ethics and compliance "can earn you up to 22 percent more take-home pay as a director or manager, and 11 percent more as an assistant or specialist."

Whatever their experience level, compliance professionals can proactively solve data breach detection by utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Help Wanted in Compliance, No Experience Needed - www.wsj.com, 10/22/2013

Friday, November 8, 2013

CMS: $16.5B in EHR Incentive Payments

Centers for Medicare and Medicaid Services (CMS) announced that as of September 2013 it had disbursed $16.5 billion in electronic health record (EHR) incentive payments to 325,124 eligible hospitals and medical professionals participating in the meaningful use program.

CMS Health Insurance Specialist Robert Anthony said they expect an "upward trend" in payments throughout December 2013 and January 2014.

"CMS had disbursed $16.5 billion in electronic health record incentive payments to 325,124 eligible hospitals and medical professionals participating in the meaningful use program."
- Clinical Innovation & Technology
The process of qualifying for meaningful use incentive payments includes a risk assessment and complying with privacy and security requirements. Organizations can comply with these requirements with low-cost on-demand SaaS analytics for user access compliance as well as proactive privacy breach detection.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CMS Paid $16.5B in EHR Incentive Payments Through September - www.iHealthBeat.org, 11/7/2013

Thursday, November 7, 2013

HHS Top HIPAA Privacy and Security Issue

While electronic health records (EHRs) facilitate legitimate data exchange and viewing, they can facilitate unauthorized data exchange and viewing as well.

Healthcare IT News notes, "impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS."

They also note that systems' audit trails aid in catching those inappropriately accessing patient records. Unfortunately, although there are meaningful use audit log requirements, and the HIPAA Security Rule, HITECH Act and the Joint Commission have audit log and patient privacy requirements as well, for most organizations this hasn't translated into proactive detection of breaches. Why not?

"Impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS.."
- www.HealthcareITnews.com
While it's true systems' audit logs hold information about access to protected health information (PHI), the reports that systems can generate, even from the latest EHRs, are unable to deliver a unified view across all clinical and business systems and discern which user access is work related and which is a patient privacy breach. Moreover, the volume of raw data in logs is overwhelming, making analytics the only method for uncover what matters among the data.

For proactive privacy breach detection an Identity and Access Intelligence (IAI) approach is needed. IAI, offered as low-cost on-demand SaaS analytics services, includes behavioral analytics to deliver complete details on all users and patients.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nosy employees? Follow the audit trail - www.HealthcareITnews.com, 11/05/2013

Tuesday, November 5, 2013

Lawsuit Highlights Need to Detect Insider Threats

An Atlanta healthcare organization has filed a lawsuit against a former employee that calls attention to the need to detect insider threats.

The lawsuit alleges the former employee misappropriated confidential data prior to leaving her job and used the information for financial fraud or ID theft, and violated state and federal laws, including HIPAA.

"The breached information includes "highly sensitive and confidential proprietary and trade secret information," including pediatric patient health information;...state license numbers healthcare providers; and attorney-client privileged information."
- Lawsuit filed by Atlanta pediatric system
Unfortunately studies suggest a majority of employees take corporate data from former employers. And it's not just departing employees that organizations need to worry about - current employees can inappropriately access patient and corporate information.

The threat of insider data theft requires prevention and proactive detection. Access to data must be restricted to the minimum needed to perform their job. Proactive detection of data breaches can be accomplished with low-cost on-demand SaaS analytics services. This approach applies behavioral analytics, not just static rules, to discern which access is work related and which is a data breach.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Insider Breach Leads to Lawsuit - www.HealthcareInfoSecurity.com, 11/4/2013

Monday, November 4, 2013

CU4Kids Holiday Icon Campaign

Now through December 31, participating Credit Unions are encouraging members to donate $1 to their local Children's Miracle Network Hospital. The eight-week campaign in part of a collaborative effort in the credit union community to raise funds for children's hospitals, known as "Credit Unions for Kids."

In addition to the charity's yellow balloon icon, several seasonal-themed icons are available for a $1 donation, including a football, a snowflake, a snowman or a holiday light bulb. Members are invited to "purchase" an icon and write a name on it before it is displayed at the credit union.

Since 1996, credit unions fundraising under the Credit Unions for Kids have raised $110 million for Children's Miracle Network Hospitals. Dollars donated help create miracles by funding medical care, equipment, research and education that saves and improves the lives of children treated at 170 Children's Miracle Network Hospitals each year.

"Now through December 31, participating Credit Unions are encouraging members to donate $1 to their local Children's Miracle Network Hospital." - Credit Unions for Kids
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) About CU4Kids - www.cu4kids.org, 11/4/2013

Strategies to Reduce Exposure to Employment Claims

Employment claims against companies are increasing significantly and employers need to reduce their exposure, according to Martin W. Aron, an attorney representing employers in labor matters.

Aron outlines a number of strategies companies can employ, including those to avoid suits brought by regulatory agencies. He recommends conducting periodic audits to determine legal compliance.

"Successful companies have avoided becoming targets by conducting periodic self-audits to determine legal compliance and taking remedial measures when necessary."
- Martin W. Aron, attorney, Jackson Lewis
Wrongful termination or selective enforcement suits related to data privacy breaches can be aided by low-cost on-demand SaaS analytics services that quickly deliver conclusive evidence disproving wrongful termination, allowing the employer to settle the suit on their terms.
Learn how Veriphyr Identity and Access Intelligence delivers audits of employee activities - with no hardware and no on-site software.
Sources:
(a) 10 Strategies to Reduce Exposure to Employment Claims - www.law.com, 10/30/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.