● Roundup: 2013 Forecast – HIPAA Privacy & Security
Experts comment on the HIPAA Security Rule and discuss solutions designed to help ensure the integrity of protected health information (PHI).
By Phil Colpas
industry approximately $6 billion a year. From augmenting security through a plethora of means to exploring various ways of fending off cyber attacks; from maximizing audit readiness to the challenges of securing mobile media, keeping protected patient information safe has become of paramount importance to the healthcare industry. According to the U.S. Department of Health and Human
Services (HHS), T e Health Insurance Portability and Ac- countability Act (HIPAA) Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used or maintained by a covered entity. T e Security Rule requires appropriate ad- ministrative, physical and technical safeguards to ensure the confi dentiality, integrity and security of electronic protected health information. Health Management Technology asked select industry ex-
perts to comment on the HIPAA Security Rule and discuss some state-of-the-art solutions designed to help keep patient information secure.
Pietro Parravicini, senior vice president, area manager - Americas, Anoto Digital pens provide protection With the growing emergence of wireless technologies in healthcare, the need for HIPAA privacy-compliant solutions is more critical than ever. Many health organizations are turning to digital pen-and-paper tech- nology, which is Bluetooth enabled, very easy to use and fulfi lls all of the necessary security requirements. With digital pen-and-paper technology, each individual piece of paper has unique identifi ers in the microdot pattern that make it distinct. T e digital pen’s strokes also have a unique ID, enabling hospital staff to identify which individuals made which pen strokes at what time. T is results in a highly secure system for gathering HIPAA consent form signatures. Addi-
18 February 2013
ust because we’re paranoid doesn’t mean they’re not out to get us. In fact, Accellion, a provider of secure fi le-sharing solutions, estimates data breaches cost the healthcare
tionally, users are not only able to capture the forms digitally for electronic health record (EHR) purposes; they are also provided a hard-copy record of the patient’s consent. When it comes to security, digital pens provide greater
protection than many other data capture devices. If the pen is lost or stolen, the information that is on the pen cannot be decoded because it is encrypted with undecipherable “x” and “y” coordinates. T e solution also captures time and date in- formation, which can reduce fraudulent paperwork activities. In fact, digital pens have a much lower risk of theft in general compared to tablets or laptops. Since it looks like an ordinary pen, it doesn’t draw as much attention to itself, lowering its overall risk of being stolen.
Bud Michael, president and CEO, eSoft Cyber attacks: T e new normal in healthcare Healthcare providers of all sizes are now
attractive targets of cyber thieves because of the types and sheer volume of patient data stored. Not only can a data breach cost your company money, breaches made public under HIPPA regulations can expose your company to litigatio n, damage its image and impact shareholder value. For years, cyber security has been thought of as an IT issue.
T is mindset needs to change. Cyber security should be an issue of importance to the C-suite, elevating the need for boards of directors, general counsels, chief risk offi cers and chief information security of- fi cers to understand and monitor their organization’s level of planning and preparedness to address cyber risks. A recent study by Corporate Board Member/FTI Consult-
ing Inc. found that one-third of the general counsel surveyed believe that their board is not eff ective at managing cyber risk. Only 42 percent of directors in that study said that their com- pany has a formal, written crisis-management plan for dealing with a cyber attack; yet 77 percent of directors and general counsel believe that their company is prepared to detect a cy- ber breach, statistics that reveal a “disconnect between having written plans and the perception of preparedness.” Indeed, a 2012 governance survey by Carnegie Mellon CyLab concluded
HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com