Friday, February 22, 2013

Increased Health IT Mergers/Acquisitions

Health IT merger and acquisition deals increased over the past year, according to a report by investment bank BerkeryNoyes.

Total healthcare IT M&A volume increased 21 percent annually, while aggregate value increased 5 percent, from $11.36 billion in 2011 to $11.96 billion in 2012. Private equity firms were responsible for four of the industry's top 10 highest value deals in 2012.

"Health care is in desperate need of technology innovation and fresh ideas and fresh capital."
- Thomas O'Connor, Managing Director, BerkeryNoyes, Investment Bankers
"The robust level of M&A activity shows there are plenty of desirable, fast growing companies – many privately owned and SaaS enabled solutions – that are attracting very high multiples and appealing to both strategic and financial acquirers," said O'Connor. We expect to see a lot of smaller, SaaS enabled solutions in attractive niches and rapidly growing companies come to market in 2013 and attract robust prices.”
Learn how Veriphyr SaaS Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Report Finds Uptick in Health IT Merger and Acquisition Activity - iHealthBeat, 01/14/2013
(b) 2012, Full Year,Trends Report, Healthcare Industry - BerkeryNoyes, 01/10/2013
(c) Healthcare IT Merger, Acquisition Deals See Upward Trend in 2012 - HealthCareITNews 01/11/2013

Thursday, February 21, 2013

$750K to Settle Patient Data Breach Allegations

A Massachusetts hospital agreed to pay $750,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers, according to Attorney General Martha Coakley.

The investigation and settlement resulted from a data breach reported to the AG’s Office in July 2010 that included individual’s names, Social Security numbers, financial account numbers, and medical diagnoses.

"Hospitals and other entities that handle personal and protected health information have an obligation to properly protect this sensitive data, whether it is in paper or electronic form." - AG Coakley, Attorney General, Massachusetts

The allegations against the hospital are based on both federal and state law violations, including failing to implement appropriate safeguards, policies, and procedures to protect consumers’ information, failing to have a Business Associate Agreement in place, and failing to properly train its workforce with respect to health data privacy.

According to the consent judgment, the hospital has agreed to take a variety of steps to ensure compliance with state and federal data security laws and regulations, including requirements regarding its contracts with business associates and third-party service providers engaged for data destruction purposes. They also agreed to undergo a review and audit of security measures and to report results and corrective actions to the Attorney General.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) South Shore Hospital to Pay $750,000 to Settle Data Breach Allegations - Massachusetts Attorney General's Office,05/24/2012

Wednesday, February 20, 2013

The "Moneyball" Approach to Compliance

Increasingly, hospitals use analytics in their compliance programs to get more bang for their buck.

Chief Compliance Officer, Greg Radinsky, says it's like "Moneyball," where a low-budget baseball team leveraged statistics to beat richer teams.

"Analytics are becoming much more important in the compliance realm."
- Greg Radinsky, Chief Compliance Officer, North Shore-LIJ Health System
“You don’t have to spend a lot to be effective but statistics help you demonstrate effectiveness,” says Radinsky. They also allow more selectivity in risk assessments and save auditing time. “One lesson in Moneyball is focusing on the right areas. Even if you have a lot of resources, auditing without finding problems may not be the best use of resources,” he says.
Learn how Veriphyr analytics can improve your patient privacy compliance and deliver business insights Identity and Access Intelligence - with no hardware and no on-site software.
Sources:
(a) Use of Data Analytics Help Compliance Officens Get Bigger Bang for Buck - AIS Health, 01/13/2013

Tuesday, February 19, 2013

Pharmacist Sentenced to Prison for Identity Theft

A former pharmacist was sentenced to 25 months in prison for, among other charges, identity theft.

She used patient names and doctor names and DEA numbers to create fraudulent prescriptions for controlled substances. She filled the prescriptions without the patients’ or doctors’ knowledge, and kept the pills for personal use.

"Of more concern is what happened to the patients and doctors whose information was misused? Did creation of records have the potential to negatively impact patients and subscribers? Yes. Was anything done to remove the fake entries from their records?
I hope so
." - PHIprivacy.net
While keeping the pills for her own personal use is disturbing, the fact that Smith filled prescriptions without patient or doctor consent should be especially eye-opening for healthcare organizations.

This incident raises the question of what can be done to tighten up patient data privacy as it changes hands and data becomes more integrated, and therefore more valuable.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) www.justice.gov - US Attorney's Office, Western District Kentucky, 2/14/2013
(b) Walgreen's Pharmacist Data Breach Raises Questions - Health IT Security, 2/18/2013
(c) Former Pharmacist Sentenced to 25 months in Prison for Using Patients and Doctors Names to Create Fraudulent Prescriptions - PHIprivacy.net, 2/15/2013

Thursday, February 14, 2013

In Emergency, MDs Prefer BoB IT Systems

Citing better clinical decision support, usability and accuracy of documentation, a new report from KLAS shows physicians strongly prefer best of breed emergency department information systems, or EDIS, to enterprise installations.

As hospitals trend toward integrated platform installations, the new report, "EDIS 2013: Revealing the Physicians' Voice," is KLAS' first effort to review ED systems through the eyes of the physician, analysts say.

"For years KLAS has heard physicians express passionate concerns over the impact that inefficient and inadequate emergency department systems can have on their ability to deliver patient care." - Erik Bermudez, KLAS Research
The study shows that emergency department docs' satisfaction with best of breed (BoB) deployments is far higher (nearly 60 percent) than with enterprise systems.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Healthcare IT News - Healthcare IT News, 2/08/2013

Wednesday, February 13, 2013

Patients Sue Over Data Theft; Experts Say Prevention Needed

In a $50 million class action lawsuit, plaintiffs claim a hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole their personal information and allegedly opened fake credit accounts.

Identity theft at hospitals often reveals how patient information can be stolen to commit fraud. But experts, such as Brian Evans, of Tom Walsh
Consulting, agree preventive measures are needed.

"Unauthorized access has been a common problem in every healthcare organization I've worked in...Without proper auditing in place, it's difficult to quantify the scope of employees taking advantage of privileges they have for non-work related purposes like snooping." - Brian Evans, Tom Walsh Consulting
Besides limiting employee access to patients' sensitive information, healthcare organizations can take other steps to prevent identity fraud involving insiders, says Brian Evans. That includes deploying monitoring and breach detection tools, as well as ramping up employee training.

"Organizations' awareness and training programs clearly need to educate the workforce on policy and proper conduct with potential consequences for infractions," Evans says. Also, healthcare organizations can employ breach detection solutions that can flag data access anomalies, he suggests.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

"Written policies and procedures are enforced with a technical solution and unauthorized access is detected and addressed accordingly," Evans says. "More importantly, an organization's culture is changed because consistent and ongoing auditing and monitoring is established, which acts as a deterrent with disciplinary action as the outcome for those employees found in violation of policy."

Sources:
(a) Patients Sue North Shore-LIJ Over Data Theft - www.ModernHealthCare.com, 2/12/2013
(b) Arrests, Lawsuit in Hospital ID Thefts - www.HealthCareInfoSecurity.com, 2/08/2013

Tuesday, February 12, 2013

OCR: Expect More Monetary Fines

The OCR is evaluating audit pilot findings and the audit process itself to determine the permanent program. Audits are expected to continue in late 2013.
"Healthcare organizations should expect more and larger monetary penalties for HIPAA non-compliance...there is plenty of non compliance out there and room for improvement." - Leon Rodriguez, OCR
OCR has an "inventory" of ongoing investigations that are expected to conclude with monetary settlements. Common compliance weaknesses include a lack of a timely and thorough risk analysis, insufficient or outdated processes and procedures to prevent and resolve breaches and insufficient HIPAA training for staff.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HIPAA Enforcer Reveals Audit Timeline - HealthcareInfoSecurity, 12/14/2012

Monday, February 11, 2013

HIMSS Analytics: EHR Fostering Adoption of Advanced IT

The meaningful use program could be spurring adoption and use of higher-level health IT functions at U.S. hospitals, according to HIMSS Analytics, the research arm of the Healthcare Information and Management Systems Society.
"HITECH is achieving its intended result of encouraging increased implementation and meaningful use of electronic health records among hospitals ." - John Hoyt, EVP, HIMSS Analytics
HIMSS Analytics measured the sophistication of hospital EHR systems by conducting surveys and comparing reported data against its Electronic Medical Record Adoption Model. Overall, 104 facilities -- or 1.8% of U.S. hospitals -- have earned Stage 7 status, while 430 facilities -- or 7.3% of U.S. hospitals -- have earned Stage 6 status, according to the analysis.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) HIMSS Analytics: EHR Incentives Spurring Advanced Health IT Use - iHealthBeat, 01/17/2013

Friday, February 8, 2013

Federal Prison for Health Data Breach

A former hospital emergency department clerk was sentenced to prison for selling patient information he improperly accessed in a breach of thousands of patient records. Two co-conspirators in the case, who also pleaded guilty, await sentencing.
"Preventing these kinds of breaches takes people, processes, and technology." - Stephen Wu,partner,Cooke,Kobrick & Wu LLP
Security experts say healthcare organizations can take several steps to help minimize the risk of identity theft. Those include auditing and monitoring worker activity, restricting staff access to patient information and ramping up employee training.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Prison Time for Health Data Theft - Healthcare Info Security, 01/23/2013
(b) Former Hospital Employee Sentenced to Federal Prison for Data Theft - Federal Bureau of Investigation, 01/18/2013

Tuesday, February 5, 2013

Help Childrens Hospitals-National Pancake Day

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, February 5, 2013.

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!

How it Works: IHOP invites guests to visit their local IHOP restaurant on National Pancake Day and receive a free short stack of its famous buttermilk pancakes from 7 a.m. – 10 p.m. In return, they ask that you make a voluntary donation to Children’s Miracle Network Hospitals (or, in select markets, another local charity) while at the restaurant.

For more information on National Pancake Day and to find a participating IHOP near you, please go to www.IHOPPancakeDay.com.


Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.