Sep 15, 2017 9:00:00 AM

CMS May Want Their Money Back

The old adage, "Money can make you do crazy things," can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered by the U.S. government several years ago to implement electronic health record (EHR) systems at hospitals and other healthcare organizations. In order to qualify for these incentive payments, healthcare organizations were required to carry out regular security risk assessments to show they were meeting the HIPAA Security Rule requirements. While a large number of healthcare organizations properly followed the rules and carried out the security risk assessment required, a select number received the incentives without doing so.

Continue reading >

Topics: Electronic Health Records

Sep 1, 2017 10:00:00 AM

Are Your Medical Devices Secure?

If your hospital or clinic uses a Windows 7-based version of a Siemens PET/CT or SPECT system, it could be vulnerable to attack by a relatively low-skill hacker, according to a July 26 security advisory from the company.

Continue reading >

Topics: Electronic Health Records

May 19, 2017 11:00:00 AM

Lessons Learned From the WannaCry Ransomware Attack

Last week, the WannaCry ransomware attack hit over 150 countries and infected tens of thousands of systems worldwide. Among those victimized were England’s National Health Service, automobile manufacturers, and government systems. The worm’s ominous red ransom screen, informing the user that all files have been encrypted, was found on only on users’ desktops, but also on ATM screens, parking meters, digital billboards, and industrial control systems.

Continue reading >

Topics: Electronic Health Records

Jan 27, 2017 9:00:00 AM

HFMA Mid-South Institute 2017 Highlights

We’re gearing up for what’s in store in the healthcare arena in 2017 by attending HFMA’s Mid-South Institute. Attendees from Missouri, Arkansas, Mississippi, and Tennessee have gathered to learn of updates in healthcare and how to embrace for the year ahead. Here are a couple of themes that were reinforced during the conference:

Continue reading >

Topics: Electronic Health Records

Oct 7, 2016 9:30:00 AM

Musings from the Road - Key Takeaways from AHLA’s Fraud and Compliance Conference

One of my favorite parts of the opening sessions of AHLA’s Fraud and Compliance Conference is  Ms. Carder-Thompson’s “Year in Review.” She manages to hit the high points of virtually everything that happens during the year. I pay particularly close attention to her topics on healthcare data security and HIPAA. 

Continue reading >

Topics: Electronic Health Records

Oct 6, 2016 11:00:00 AM

Hacking Healthcare: How to Offensively Protect Healthcare Systems

This commentary originally appeared September 20 on the HORNE Cyber Blog.

A breach of a healthcare provider can have a serious impact, both in terms of financial loss and patient confidence. HIPAA violations can involve fines of up to $50,000 per patient record, and in many cases, attackers are able to access all of a provider’s patient records.

Continue reading >

Topics: Electronic Health Records

Sep 1, 2016 11:00:00 AM

Where is Your Data? Why Performing a Data Inventory is Integral in the Digital Age

There’s no denying it—healthcare data has gone digital. The days of paper health records are fast disappearing, and if the Centers for Medicare & Medicaid Services have their way, we won’t be going back. CMS has built meaningful use of electronic health records into its plans for a number of years, and the healthcare industry is responding.

Continue reading >

Topics: Electronic Health Records, Healthcare Data

Aug 11, 2016 10:00:00 AM

Is Paying the Hacker Your Only Defense?

Recently, I received a call from a close friend who wanted advice because his small company had been the victim of a ransomware attack. A hacker had locked the company out of all significant business applications, compromised all the backups, and wanted $250 in the form of Bitcoins to unlock the system. The IT manager tried to restore the systems without paying and without success.

Continue reading >

Topics: Electronic Health Records, Healthcare Data

Jun 28, 2016 10:00:00 AM

10 Takeaways from the AHLA Annual Meeting

One of our favorite sessions at the AHLA Annual Meeting is the Year-in-Review by Jack Schroeder and Elizabeth Carder-Thompson. It is a great way to get caught up on a year’s worth of activity in health law in 120 minutes. Out of the volumes of information Jack and Elizabeth read to summarize for conference attendees, we found 10 pieces of information that were particularly interesting for our practice in these days of constant and rapid change. We felt these would be worth sharing:

Continue reading >

Topics: Electronic Health Records, Hospital Acquisition

Oct 8, 2015 11:00:00 AM

Don't Forget Phone Security

If I had to guess, I’d say you are reading this on your iPhone, iPad, Galaxy or some other mobile device. I’m not clairvoyant; research shows more than half of all emails are opened on mobile devices. It’s likely that if you use tablets or smart phones, you use them in almost every facet of your life from communicating with your friends, family members and work associates to helping with homework, paying bills and working from home. Fortunately, the security built into the systems is generally adequate for most of your personal needs. 

Continue reading >

Topics: Electronic Health Records

Aug 20, 2015 1:00:00 PM

5 Tips for Managing HIPAA Business Associate Risks

Recently, thousands of medical transcripts detailing the medical histories of children and adults, as well as notes made by doctors and psychiatrists, were publicly listed on an Internet search engine. Without proper encryption, confidential and extremely personal information was exposed to anyone who wanted to access it.

Continue reading >

Topics: Electronic Health Records

Apr 23, 2015 10:00:00 AM

A Robust Technology Strategy is Essential

It’s a sign of the times – Dr. Phil McGraw attended this year’s Consumer Electronics Show to pitch his new app “Doctor on Demand.” His app allows a patient with a smart phone or tablet to access a board-certified doctor or psychologist for about the cost of an office visit co-pay. DOD has 1,400 physicians and 300 psychologists in its network.

Continue reading >

Topics: Electronic Health Records

Jul 2, 2014 10:00:00 AM

Not All HIPAA Violation Cases Make the News, Here's Why

The recent $4.8 million HIPAA settlement story about New York and Presbyterian Hospital (NYP) and Columbia University (CU) caught my eye for a number of reasons. It’s the largest HIPAA settlement to date and the cause was unusual.

In the NYP and CU case, the breach was caused by a physician who owned a server in a data network where the network and firewall are shared and administered by the two medical centers. Bring your own device (BYOD) policies carry certain technology risks along with it, but those risks are magnified when the device in question is a network server!   

Continue reading >

Topics: Electronic Health Records

RELATED POSTS