Data Breach, News Events

How a Stolen Computer Could Cost You Millions

When a thief broke into “Breaking Bad” star Bryan Cranston’s car earlier this year and took his iPad and a script from the show’s coming season, the media seized on the potential secrets that had been leaked.

For health care providers, secret leaking can have far more serious consequences than making the news on “Entertainment Tonight” or bad TV ratings; violating patients’ rights to privacy can mean literally millions of dollars in fines.

A Massachusetts medical care provider was ordered last fall to pay the federal government $1.5 million to settle potential violations of the Privacy and Security Rules of 1996’s Health Insurance Portability and Accountability Act (HIPAA).

The case began when a laptop with unencrypted, protected health information – including prescriptions and clinical data – was stolen.

In announcing the settlement, the Department of Health and Human Services stated that Massachusetts medical care provider had “failed to take necessary steps to comply with requirements of the HIPAA Privacy and Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of electronic protected health information (ePHI) maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that [the firm] created, maintained and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.”

Proper security protocols can ensure your firm protects the privacy of your patients and stays on the good side of the Department of Health and Human Services.

Have questions or concerns? RISC Management and Consulting can help. Contact us today.

Advertisements
Education, HIPAA / HITECH Enforcement, Meaningful Use

HITECH Meaningful Use – The Past is not Behind Us

ImageMany healthcare providers have said goodbye to HITECH’s meaningful use stage 1 to pursue the stage 2 requirements.  However, the future is not a stranger to its predecessor, requiring a better realization of concepts and metrics of many standards in stage 1.

Stage 1 was the beginning of HITECH’s transformative approach to health care, requiring movement to electronic health records (EHRs) and more efficient transmission and use of the EHRs, which is proving to be beneficial to patients and their care as evidenced by the ease of e-prescribing.  To ensure continuous progress of realizing the vision of greater health information effectiveness, care providers must continue to raise the bar and push for increasing processes such as e-prescribing and introducing processes that share care information with other relative providers while still maintaining the privacy and security standards for patient information.

This stage also solidifies new requirements such as bringing patient health records to the world of internet accessibility and giving the patients greater insight into their own health information.  This increases the potential risks for the providers despite the convenience and usefulness of the program as a whole.  Incurring this additional risk will require organizations to perform additional risk analysis to stay in front of the threats and ensure that best practices are followed while encrypting information in storage and transit as well as working with clients to raise awareness of information security.

Stage 2 will bring a new planning phase, but also a new cycle in the life of what should be a living process.  If you are struggling to optimize your process, let RISC Management help you maximize the potential of meaningful use stage 1 while developing a secure plan and foundation for the new requirements in stage 2.Image

Sponsored by: RISC Management, www.RISCsecurity.com