Tuesday, January 22, 2013

Auditor: Inappropriate Access to EHR System

During an EHR implementation, a healthcare facility provided IT staff and contractors with broad access to the system so they could provide assistance to new users. As a result, the auditor said there was an increased risk of accidental changes and fraud, as well as possible noncompliance with the [HIPAA] Security Rule.
"did not limit access to those persons that had a strict business need, resulting in approximately 350 active user IDs with access to change data in multiple functions. " Louisiana State Legislative Auditor
The auditor recommended that the center:
  1. separate EHR duties and access for IT staff and contractors;
  2. closely control and monitor administrative access to the EHR system;
  3. create or modify EHR policies; and
  4. strengthen restrictions on access to patient and confidential information.

The facility agreed with the findings and recommendations and is developing the necessary policies and procedures.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Facility Granted Inappropriate Access to EHR System During Training - iHealthBeat, 01/10/13
(b) Auditor: Inappropriate access to electronic health records at LSU-S - The Advocate, 01/09/13

Monday, January 21, 2013

EHR Incentives Over $10 Billion

Medicare and Medicaid electronic health record payments are estimated to top $10.3 billion to date. CMS will post more complete figures later this month.
"December will be our single largest month of payments by a factor of almost three, and a total of $1.2 billion." - Robert Anthony, CMS' Office of ehealth Standards and Services
Since the program’s inception through December, CMS has paid 106,000 Medicare physicians, 70,000 Medicaid physicians and 4,200 hospitals, according to CMS figures.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EHR Incentives Over 10 Billion to Date - Healthcare IT News,01/09/13

Friday, January 18, 2013

HHS: New Rules Protect Patient Privacy

On January 17, 2013, the HHS announced strengthened privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
"the final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law." - US Health and Human Services
“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office for Civil Rights Director Leon Rodriguez. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) New Rule Protects Patient Privacy, Secures Health Information - HHS, 01/17/13

Monday, January 14, 2013

Venture funds for digital health: $1.4 billion

Venture capitalists invested $1.4 billion in digital health companies in 2012, according to a Rock Health report (FierceHealthIT).
"the 45% increase suggests investors are favoring digital health over traditional health care fields." - Rock Health report
Digital health sector investments included consumer health, personal tracking, electronic health record technology, and hospital administration tools. Investment in these areas accounted for one-third of total venture investments in digital health.
Learn how Veriphyr Identity and Access Intelligence delivers health care business insights - with no hardware and no on-site software.
Sources:
(a) Digital Health Nabbed 1.4b in Venture Funds - ihealthbeat.org,01/09/2013
(b) 2012 Digital Health Funding Report @Rock_Health - ihealthbeat.org,01/03/2013
(c) Digital Health Funding Up 45% in 2012 -FierceHealthIT,01/08/2013

Sunday, January 6, 2013

US Attorney's Office Homepage Highlights Hospital ID Theft/Tax Fraud

Identity theft and tax fraud are highlighted on the US Attorney's homepage.
Just how many conspirators were there, and how many victims had their information stolen? Perhaps we're not aware of all of them; the patient info breaches were known, but the Alabama Dept. of Human Resources, Vinson Guard Services, and Jefferson Davis High School breaches seem new.
"...sounds like there were a number of conspirators and a lot of people who had their information stolen...I've asked the US Attorney's office for clarification.." - PHIprivacy.net
A review of court documents makes it seem there were a number of conspirators and a lot of people who had their information stolen. Was there more than one data theft from Troy? Because the documents are confusing PHIprivacy.net has written to the U.S. Attorney’s Office requesting clarification.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) WOW. - PHIprivacy.net, 10/26/2012
(b)
US Attorney's Office, Middle Alabama - http://www.justice.gov/usao/alm/, 01/03/2013

Friday, January 4, 2013

HHS: HIPAA Breach Settlement Involving Under 500 Patients

Over 60,000 "smaller" health data breaches, each affecting under 500 patients, have occurred in three years. The HHS is intent on pursuing providers implicated in such incidents.
"...regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information... ." - Leon Rodriguez, OCR
In particular, the OCR wants to determine if a risk analysis has been conducted and policies and procedures have been put in place as required by the HIPAA security rule. The hospice involved in this first settlement had not taken appropriate measures in these areas;since the investigation this organization has taken numerous actions to protect patients' information.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HHS announces first HIPAA breach settlement involving less than 500 patients - HHS.gov, US Department of Health & Human Services, 01/02/2013
(b) HONI Settles with OCR: Press Release" - Hospice of North Idaho, 12/27/2012
(c) HHS Resoultion, HONI - HHS.gov, US Department of Health & Human Services, 12/28/2012

Thursday, January 3, 2013

Health IT to be Largest Investment for Hospitals

Health IT spending is growing, despite a drop in capital expenditures owing to reimbursement cuts and reduced admissions.

Reports by Healthcare IT News as well as Modern Healthcare noted plans to increase health IT spending.
"41% expect capital spending to increase compared with last year...most to health IT... ." Modern Healthcare
Many, such as Dough Strong, CEO of University of Michigan Hospitals and Health Center, plan "Investments in IT are targeted to improving patient safety, creating better ways for patients to communicate with caregivers and also improving efficiency in the clinical workflow."

Is your organization planning increased health IT spending? In which areas?
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health IT to be Largest Capital Investment for Many Hospitals - iHealthBeat, 12/21/12

Wednesday, January 2, 2013

Accounting of Disclosures: Healthcare Regulatory Outlook

Specifics about an accounting of disclosures rule,which would require healthcare organizations to provide patients, upon request, reports listing everyone who accessed their electronic health information, is a much anticipated regulation.

Such a requirement is part of a proposed rulemaking. OCR’s Leon Rodriguez hopes the rule will be issued soon but the many comments are still under review.
"Accounting of disclosure rule..would impose a substantial, costly technological burden on covered entities.." - Lisa Soto, Hunton & Williams, LLP
The proposed rule is not without controversy. Lisa Sotto, health data security and privacy attorney with Hunton & Williams LLP, says “It’s complex and confusing and would impose a substantial, costly technological burden on covered entities.”What difficulties will providing patients with an accounting of disclosures create for your organization? Or is your organization already providing, or planning to provide such accountings?
Download a white paper on generating accounting of disclosures without burdening existing staff. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 2013 Healthcare Regulatory Outlook - Healthcare Info Security, 12/28/12

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.