Top data security tips for healthcare orgs
Data breaches in healthcare are growing, insider negligence is the root cause and mobile devices pose extensive threats to patients’ protected health information (PHI). Those are some of the key findings from the “Third Annual Benchmark Study on Patient Privacy & Data Security” conducted by the Ponemon Institute and sponsored by ID Experts. The research was published December 2012. You can get the report at www.idexpertscorp.com.
Despite the fact that 94 percent of the 80 healthcare organizations surveyed in the study suffered data breaches, these events don’t have to be disastrous. Pre- and post-breach processes can be initiated and coordinated to better protect patient data and minimize impact.
ID Experts, a provider of comprehensive data breach solutions, offers the following 10 tips from their experts to creating healthier security habits for your organization.
- Establish mobile and bring-your-own-device (BYOD) policies that include technical controls and employee and management procedures. Rick Kam, CIPP/US, president and co-founder, ID Experts
- Control the cloud, or it’ll control you. Make it a point to fully understand what cloud service-level agreements mean in practice, and then push for meaningful information on failover and disaster recovery practices used. Richard Santalesa, senior counsel, InfoLawGroup LLP
- Have a current breach response plan that is ready and tested. This will help pave the way for a well-executed response that can mitigate the financial, legal and reputational harm caused by a security incident involving patient information. Marcy Wilder, partner and director of Global Privacy and Information Management Practice, Hogan Lovellis
- Conduct small but focused risk assessments rotating control review on a monthly basis to continually understand and measure risk. Most importantly, have a plan to address the risk, through remediation, mitigation or risk transfer activities. Chad Boeckmann, president and chief strategy officer, Secure Digital Solutions, LLC
- Immunize mobile devices against viruses that might steal patient data. Dr. Larry Ponemon, chairman and founder, Ponemon Institute
- Attack your leadership team with phishing and other social engineering campaigns. Nothing raises awareness like catching people and correcting them on the spot – and it’s a lot more interesting than the annual 30-minute online security training. Michael Boyd, director of Information Security Management, Providence Health & Services
- Use a checklist periodically to evaluate whether covered entities and business associates are in compliance with all privacy and security requirements. Sign and date the checklist to show that your organization is not guilty of “willful neglect” in complying with privacy and security laws. Jim Pyles, founding partner, Powers, Pyles, Sutter & Verville, P.C.
- Educate all staff to recognize applications, mobile devices and medical equipment that collect, contain or transmit patient information and/or biometric data. Train them to communicate the risk to those responsible for information security management. Christina Thielst, FACHE, vice president, Tower
- Decide how to handle the residual risk of a data breach, how much risk to accept and how much, if any, risk to transfer through cyber insurance. Christine Marciano, president, Cyber Data Risk Managers, LLC
- Boards should ensure their organizations have robust, board-reviewed and approved security policies and procedures. Larry W. Walker, president, The Walker Company
Claims and Coding
CMS says no more ICD-10 delays
Physicians must use ICD-10 codes on claims to payers for services starting Oct. 1, 2014. That point was made clear in a letter from Centers for Medicare & Medicaid Services (CMS) Acting Administrator Marilyn Tavenner to the American Medical Association’s (AMA) president, Jeremy Lazarus, M.D., dated Feb. 6, 2013. Submitted claims that do not use the new coding system will be rejected. Period.
“We believe that the one-year extension through September 30, 2014, offers physicians adequate time to train their coders, complete system changeovers, and conduct testing,” wrote Tavenner.
More than 80 physician groups represented by the AMA requested that CMS stop the changeover to the more-complex ICD-10 system in December 2012, after the initiative had already been granted a one-year deadline extension in September 2012, from Oct. 1, 2013, to Oct. 1, 2014.
“Many in the health industry are underway with the necessary system changes to transition from ICD-9 to ICD-10,” wrote Tavenner. “Halting this progress midstream would be costly, burdensome, and would eliminate the impending benefits of these investments. Many private and public sector health plans, hospitals and hospital systems, and large physician practices are far along in their ICD-10 implementation and have devoted significant funds, resources and staff to the effort.”
How do doctors feel about mobile healthcare apps?
Clinical information systems provider eClinicalWorks conducted an online survey with responses from 2,291 healthcare professionals in the United States. All interviews were conducted Jan. 18-24, 2013. The sample included responses from 649 physicians.
Can ‘Big Data’ really save money – and lives?
It’s all a numbers game when it comes to analytics, right? Well for Big Data, those numbers are looking up, according to a new study of nearly 200 public IT officials. “Big Data and the Public Sector,” released by the TechAmerica Foundation and commissioned by software solutions giant SAP AG, reveals that Big Data can have big benefits that include:
- Substantial budget cuts: Federal IT officials say real-time analytics of Big Data can help the government cut at least 10 percent annually from the federal budget, or about $1,200 per American, for example, by detecting improper healthcare payments before they occur.
- Lifesaving potential: According to 87 percent of federal IT officials and 75 percent of state IT officials, the use of real-time Big Data solutions will save a significant number of lives each year. For example, medical researchers can aggregate information about healthcare outcomes to reveal patterns that lead to more effective treatments and detection of outbreaks.
- Crime reduction: 75 percent of state IT officials see the practical benefits of Big Data in medicine and public safety as extremely beneficial. Police departments are currently using Big Data technology to develop predictive models about when and where crimes are likely to occur.
The survey also reveals cultural and practical barriers to adoption, including: privacy concerns (making sure Big Data does not equal Big Brother), high costs and return on investment (ROI).
Learn more at www.techamericafoundation.org.
The Society for Imaging Informatics in Medicine (SIIM) 2013 Annual Meeting, June 6-9, Grapevine-Dallas, Texas, is the place to discover today’s imaging informatics essentials and trends. Educational sessions, exhibit hall hours and networking opportunities provide dynamic interaction between practitioners and vendors.
America’s Health Insurance Plans (AHIP) Institute 2013, June 12-14, Las Vegas, invites you to join thousands of health insurance decision makers to experience the industry’s premier educational event.
ANI: The 2013 HFMA National Institute, June 16-19, Orlando, presents financial management how-to solutions for pressing challenges like reform, value, clinical transformation, accountable care and revenue cycles.
The 2013 American Society for Healthcare Human Resources Administration (ASHHRA) 49th Annual Conference & Exposition, Sept. 28-Oct. 1, Washington, D.C., will feature more than 150 exhibitors and plenty of opportunities for networking and knowledge sharing on state-of-the-art services in healthcare HR.
Medical Group Management Association (MGMA) 2013 Annual Conference, Oct. 6-9, San Diego, will host thousands of professionals engaged in managing the business of medicine. Practice administrators and physician leaders are highly encouraged to consider team participation. More than 356 exhibiting companies shared their industry insights, products and services at MGMA12.
The 85th American Health Information Management Association (AHIMA) Convention & Exhibit, Oct. 26-30, Atlanta, will draw HIM professionals from all areas of health informatics and information management for an intense focus on HIM’s global transformation. Learn how to implement some of the most important changes in HIM history. Pre-convention workshops take place Oct. 26-27.
Tags: Industry Watch