Top Menu

HIPAA IT Security Blog

Healthcare 2.0 in 2017

Technology will have a big role to play in serving the biggest, most expensive user group of healthcare: the over-65s. But that technology will have to take into account changes in the consumer and society generally. These are factors IT professionals need to have at the front of their minds in 2017. Older customers today […]

0 comments

Convertibles make health care IT flexible

Computers have traditionally come in one of a few carefully defined forms. Desktop computers are systems that you go somewhere to use. Laptop computers are machines you can carry different places to use. Tablets are devices you can use while standing up. Health care professionals and administrators would choose the platform that would be most […]

0 comments

How to stop ransomware attacks in 2017

The screen shows an ominous message. Your system is locked, and you have hours or a few days to pay the ransom to have it unlocked. Conveniently, there’s a big countdown timer on the screen to help you keep track of how much time you have left. You ask around, and there is indeed no […]

0 comments

HIPAA Security Reminder of the Week

What is PHI? PHI is individually identifiable health information which is created or received by a health care provider, health plan, or health care clearinghouse. Such information relates to the past, present or future physical health, mental health or condition of an individual AND can be directly tied to an individual. PHI either identifies or […]

0 comments

HIPAA Security Reminder of the Week

Logon ID Sharing user IDs and passwords is not advisable and may be a non-compliance with your company policy or local legislation. If you shared this information and someone used it to access ePHI, you will be held responsible for the actions that person took using your credentials. Do not to share network logon ID […]

0 comments

HIPAA Security Reminder of the Week

Treat Paper Records & Electronic Data Equally Sensitive information on paper is the same as sensitive information on a computer. Both need to be protected from unauthorized access and should be treated with caution and discretion. In particular, Protected Health Information (PHI) in all forms (e.g. verbal, fax, paper, electronic) is covered by the HIPAA […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 1

Use a password or other user authentication You can configure your mobile device to require a password, personal identification number (PIN), or passcode (a pattern you trace with your finger) to gain access to the device. Keep your password, PIN, or passcode a secret, and don’t store them on your mobile device. You can also […]

0 comments

HIPAA Security Reminder of the Week

Check Devices to Ensure They Are in Compliance All desktops, laptops and other mobile computing devices must encrypted. This is to ensure that all devices that access ePHI will be compliance with the HIPAA Security Rule. Verify that your device has been been encrypted. If you are unsure, contact your IT Help Desk @ 610-640-4223 […]

0 comments

HIPAA TIPS: Implementing a Security Management Process – Part 1

Lead Your Culture, Select Your Team, and Learn Designate a Security Officer(s): Your security officer will be responsible for developing and maintaining your security practices to meet HIPAA requirements. The security officer will work with others to protect your patients’ electronic Protected Health Information (ePHI) from unauthorized access. Discuss HIPAA Security Requirements with Your EHR […]

0 comments

HIPAA Security Reminder of the Week

Secure PHI in Patient or Customer Care Areas Do not discuss PHI or customer details in common places such as cafeterias, elevators, parking lots, or outside the facility. Do not leave hard copy files unattended, for example on top of the desk. Review your company Clean Desk Policy. If you must work with hard copy […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 2

Install and enable encryption What is encryption? Encryption is the conversion of data into a form that cannot be read without the decryption key or password. It is important to encrypt data stored locally on your mobile device (data at rest) and data sent by your mobile device (data in motion) so that it is […]

0 comments

HIPAA Security Reminder of the Week

Social Networking Safety Social engineering is quickly becoming the most common way the “bad guys” are breaking into systems. Our systems are good at keeping the bad guys out. But it’s much harder to keep them out once you’ve let them in by visiting infected websites, clicking on links or attachments in emails, or responding […]

0 comments

HIPAA TIPS: Implementing a Security Management Process – Part 2

Document Your Process, Findings, and Actions The HIPAA Security Rule requires you to document your risk analysis and HIPAA-related policies, procedures, reports, and activities. Also, if you are attesting for Meaningful Use, you are required to retain all records that support attestation. Review Existing Security of ePHI (Perform Security Risk Analysis) In the risk analysis […]

0 comments

HIPAA Security Reminder of the Week

Protecting a Patient’s Privacy Well-known individuals or celebrities have the same rights to privacy as anyone else. Privacy violations involving celebrities are further complicated due to the higher exposure that may follow these types of patients. Remember: Do not access a patient record unless it is necessary in order to perform your job. Do not […]

0 comments

Preparing for the new analytical doctor

A new generation of doctors and medical students is changing the way data informs: The doctors’ interpretations of the information they have The treatment plans the make These changes in approach can carry significant implications for the IT systems that support all those decisions. Network implications Much of the heavy lifting for advanced healthcare analytics […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 3

Install and activate remote wiping and/or remote disabling What is remote wiping? Remote wiping is a security feature that enables you to remotely erase the data on the mobile device if the device is lost or stolen. When you enable remote wipe feature on your mobile device, you have the ability to permanently delete data […]

0 comments

HIPAA Security Reminder of the Week

Clean Desk Policy Keep the minimum amount of paper PHI on your desk – only the documents you are working on at the moment. Why? A clean desk produces a positive image – you are organized and respect patients’ privacy. Sensitive documents left in the open can be stolen by a malicious entity. Remember to: […]

0 comments

HIPAA TIPS: Implementing a Security Management Process – Part 3

Manage and Mitigate Risks Implement Your Action Plan Your action plan should address all five HIPAA security components. Follow your action plan and support ongoing efforts to identify, assess, and manage risks. Prevent Breaches by Educating and Training Your Workforce All of your workforce members — employees, volunteers, trainees, and contractors — need education and […]

0 comments

HIPAA Security Reminder of the Week

Information Systems are a Privilege Your access to information “assets” such as hardware, software, storage media, etc. is a privilege. Use of company-owned software and hardware is for legitimate, job-related activity only. Protect this privilege! Guard your authentication credentials – username, password, ID badge, key fob, etc. Do not share your credentials with any other workforce […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 4

Disable and do not install or use file sharing applications What is file sharing? File sharing is software or a system that allows individual users of the Internet to connect to each other and trade files. Why should you disable and not install or use file sharing applications? File sharing can enable others to access […]

0 comments

HIPAA Security Reminder of the Week

Information Security Reminder Spring is upon us. And while most of us look forward to enjoying the time, scammers and hackers are hard at work trying to foil that enjoyment. Here are a few reminders to help you foil the attackers: • Ensure that your home computer systems are protected with the most current antivirus/anti-malware products. […]

0 comments

SaaS or on-premises? The security challenge for healthcare applications

The healthcare industry faces a difficult paradox when it comes to IT services. Healthcare has some of the most tightly governed restrictions on how information is managed, but it runs the risk of not delivering services effectively enough if it can’t access modern IT service options. There are pros and cons of using cloud-based and […]

0 comments

HIPAA TIPS: Implementing a Security Management Process – Part 4

Attest for Meaningful Use Security-Related Objective You can register for the Meaningful Use Programs anytime, but to attest, you must meet the Meaningful Use requirements for an EHR reporting period. So, only attest after you have conducted your security risk analysis (or reassessment), corrected any identified issues, and documented those changes. Monitor, Audit, and Update […]

0 comments

HIPAA Security Reminder of the Week

Secure Paper Protected Health Information (PHI) too! Sensitive information on paper is the same as sensitive information on a computer. Both need to be protected from unauthorized access and should be treated with caution and discretion. In particular, protected health information (PHI) in all forms (e.g., verbal, fax, paper, electronic) is covered by the HIPAA […]

0 comments

Simplifying security with cloud-based management

Mobile devices improve patient care but broaden the target for hackers. They can also be stolen and lost. Plenty of examples of all three breach types are found on the U.S. Department of Health and Human Services’ “Wall of Shame.” The theft of just one portable device from an Illinois business associate in 2010 compromised […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 5

Install and enable a firewall What is a firewall? A personal firewall can protect against unauthorized connections by intercepting incoming and outgoing connection attempts and blocking or permitting them based on a set of rules. Why should you enable or install a firewall? When you enable or install a firewall, you increase the security for […]

0 comments

Phishing Attack Results in $400,000 HIPAA Breach Fine

A Denver, Colo.-area network of public health clinics paid a $400,000 HIPAA breach penalty after a phishing attack let a hacker gain access to employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients, federal authorities said today. Metro Community Provider Network (MCPN) – which provides primary medical care, pharmacies, social work, […]

0 comments

HIPAA Security Reminder of the Week

Protect Yourself from Data Security Breaches By monitoring your accounts regularly, you can respond quickly if hackers attempt to use your information.   Security Tips: Pay attention to “last logged in” info. Sign up for electronic alerts. Consider a credit monitoring service. Freeze your credit. Change your passwords regularly. Think twice before giving out personal […]

0 comments

Obfuscation makes the cloud work for healthcare

Patient data is sacred when it comes to healthcare. HIPPA tells us so. In virtually every medical practice, cost controls are also sacred, and there are points where regulation and modern tools for reducing IT costs can come into conflict. Remote and cloud-based record processing is common in many fields, but adoption in healthcare has […]

0 comments

HIPAA Security Reminder of the Week

HHS Guidance on Sharing Mental Health Information of a patient The HHS Office for Civil Rights published guidance that addresses some of the more frequently asked questions about when it is appropriate under the HIPAA Privacy Rule for a health care provider to share the protected health information of a patient who is being treated […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 6

Install and enable security software What is security software? Security software protects against malicious software such as viruses, spam and malware. A virus is a self-replicating program that runs and spreads by modifying other programs or files. Spam is the abuse of electronic messaging systems. It is electronic junk mail. Malware is a program that […]

0 comments

Malvern PA: Stolen Laptop Leads to $2.5 Million HIPAA Breach Penalty

The theft of a laptop computer containing information of nearly 1,400 patients was among two HIPAA breaches that led a Pennsylvania provider of remote heart monitoring to pay $2.5 million, federal authorities said this week. Malvern-based CardioNet, Inc., essentially had no process at all for securely managing electronic protected health information (ePHI) of the patients […]

0 comments

HIPAA Security Reminder of the Week

Sanction Policy Both the HIPAA Security Rule and the HIPAA Privacy Rule require Covered Entities and Business Associates to document the disciplinary policy and apply sanctions against members of the workforce who violate the respective regulations.   Sanctions may be applied if you: Access PHI that is not necessary for your job – this includes activities like […]

0 comments

HIPAA Security Reminder of the Week

Breach of PHI Assessment 4-Factor Requirement Do you think there’s been a breach of PHI?   Follow these guidelines to determine if PHI has been compromised: Look at the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification. Find out who accessed the PHI. Was the person […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 7

Keep your security software up to date Why should you keep security software up to date? Security risks and threats are changing rapidly. By updating your security software you know that you have the latest tools to prevent unauthorized access to health information on your mobile device. How can you keep security software up to […]

0 comments

HIPAA Security Reminder of the Week

Where do we place servers that store ePHI? When determining the location of servers with PHI or PII, consider these two main factors: physical and environmental protection. Physical protection should be focused on preventing unauthorized individuals from accessing the server (e.g. storing the server in locked room accessible only to staff). Environmental protection should focus on protecting […]

0 comments

HIPAA Security Reminder of the Week

Tailgating/Access Card Usage Tailgating is one of the most common physical security breaches. It starts out innocently – an employee opens a door and holds it open for other employees, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these lax situations is that they open your facility to undocumented […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 8

Research mobile applications (apps) before downloading What is a mobile app? A mobile app is a software program for mobile devices. Some examples of mobile device apps are games, note taking programs, research programs, and health related tools, such as EHR software. Why should you research mobile apps before you download them to your mobile […]

0 comments

HIPAA Security Reminder of the Week

Your Online Presence Your online presence is all encompassing. The message you send via email or photos needs to be consistent. For a better idea of where this consistency comes in, consider these: Your photo – provide a professional photo for your website and ID badge Emails – make sure you spell-check and grammar-check before […]

0 comments

Is it time to let go of Windows 7?

In September, Microsoft told the world that the number of monthly active users of Windows 10 had gone past 400 million. Many of those users are consumers, but businesses are making the leap as well. What’s surprising about that is that Windows 10 is only a year old. Historically, businesses have taken years to manage […]

0 comments

HIPAA Security Reminder of the Week

Avoid Peer-to-Peer File Sharing Millions of people use free Peer-to-Peer (P2P) file sharing programs / software to swap files over the Internet. P2P can make files on your computer available to potentially millions of users. Sharing copyrighted material over a P2P network may result in legal action against both the user and your company. P2P […]

0 comments

Personal apps: a new healthcare frontier

In the decades since hospitals and doctors’ offices became the traditional way to receive medical treatment, little has changed regarding the way personal health data is managed. Processes remain heavily paper-based, and data about a person’s health and wellbeing is often spread throughout different locations depending on where the consultation occurred. More recently, the arrival […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 9

Maintain physical control Mobile devices are easily lost or stolen due to their small size and portability. A mobile device that is accessible to unauthorized users poses a risk to the confidentiality, integrity, and availability of health information on the mobile device. If you physically secure your mobile device, you can limit the risk of […]

0 comments

HIPAA Security Reminder of the Week

Prevent a Breach of PHI Fax: If you manually enter the fax number, double-check all fax numbers before sending the fax. When discharging a patient, double-check the patient’s identifying information on the discharge instructions and any related prescriptions. Make sure all information matches the patient’s records. Do not leave paper PHI unattended. Logoff any EHR […]

0 comments

Hybrid comes to your EHR systems

There’s nothing simple about the IT needs of a modern medical practice. In a small to mid-size practice, the application infrastructure has to support everything from office productivity applications to advanced imaging, group scheduling, integration with external systems, and collaboration thrown in for good measure. If that weren’t enough, all of it has to be […]

0 comments

HIPAA Security Reminder of the Week

Working Off-Site When working off-site, remember: Do not take confidential information off-site unless: You have official authorization from your department or division manager and department policy or practice permits the information to be taken off-site. The information must be taken off-site to fulfill your job duties (for example: home visits to a patient). For hard […]

0 comments

How to pick the right health software

With aging populations, advances in medical technology and the growing importance of ‘e-health’, software vendors are focusing more attention than ever on the health market. But with so many newcomers, how can you know you’re choosing the right software provider? Healthcare is a buoyant industry, with many opportunities for growth – and technology is a […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 10

Use adequate security to send or receive health information over public Wi-Fi networks What is a public Wi-Fi network? Wi-Fi stands for Wireless Fidelity. It refers to wireless data networking technologies. Wireless data networking links computers, including mobile devices, without wires (such as an Internet cord). The risk of using a public Wi-Fi network (or […]

0 comments

HIPAA Security Reminder of the Week

Potential HIPAA Security Violations When an unencrypted device containing ePHI is stolen or missing, this could result in a HIPAA security violation. For example: A thumb drive containing the Electronic Protected Health Information (ePHI) of approximately 2,200 individuals was stolen from a vehicle. The entity needed to conduct an accurate and thorough analysis of the […]

0 comments

HIPAA Security Reminder of the Week

Unique User Identification – Logon ID The HIPAA Security Rule requires Covered Entities and Business Associates to implement a “Unique User Identification” for systems holding Electronic Protected Health Information (ePHI). It is a “required” implementation specification under the Access Control Standard and should be employed for all information assets that create, receive, transmit and maintain […]

0 comments

HIPAA TIPS: Mobile Device Compliance Part 11

Delete all stored health information before discarding or reusing the mobile device Why should you delete all health information stored on a mobile device prior to discarding or reusing the device? By using software tools that thoroughly delete (or wipe) health information stored on a mobile device before discarding or reusing it, you can protect […]

0 comments

HIPAA Security Reminder of the Week

HIPAA Alphabet Soup The Acts that made all this privacy and security possible: HIPAA: Health Insurance Portability and Accountability Act HITECH Act: Health Information Technology for Economic and Clinical Health Act ARRA Act: American Recovery and Reinvestment Act Key acronyms: BA: Business Associate CE: Covered Entity EHR: Electronic Health Record, also sometimes referred to as […]

0 comments

Making IT systems work on a community care model

The move to a community care model as a way to reduce costs and improve patient outcomes has been a broad trend in healthcare in recent years. However, this raises a question for health providers: how do you best manage operations in this newer and more decentralized environment? Careful thought about your choice of software […]

0 comments

HIPAA Security Reminder of the Week

Identify the Risk Groups and Safeguard PHI Sensitive information, such as PHI and PII, is a critical asset within a health care organization. Identifying the risk groups helps clarify operational context and reveals potential vulnerabilities across the IT infrastructure. By doing this, we establish clear priorities for making security investments so that the most critical […]

0 comments

HIPAA Security Reminder of the Week

Computer Security Log out of and lock your computer when stepping away, even for a moment. For a quick way to lock your PC, press Windows Key + L. Forgetting to log out poses a security risk with any computer that is accessible to other people because it leaves your account open to abuse. Disable […]

0 comments

HIPAA Security Reminder of the Week

Use Email Encryption Encryption is a procedure that scrambles information in a way that is decipherable only to authorized individuals or computers. Encryption should be used whenever sensitive data is at rest or in transition – email, electronic file transfers, laptops, USB drives, CDs, etc. Encryption is used when visiting certain websites that require you […]

0 comments

Boost healthcare productivity and outcomes with mobile tech

How can mobile tech boost productivity? It’s no secret that mobile technology has revolutionized the way we live and work. Whether it’s entertainment, personal finances or shopping, mobile tech is increasingly integrated into our daily life. This trend also includes healthcare, with more nurses, doctors and patients than ever before using mobile tech to boost […]

0 comments

HIPAA Security Reminder of the Week

Shred Paper PHI Shred copies of sensitive information when disposing – do not simply toss them in the trash. Cross-cut shredders are very useful in making printed sensitive information both unreadable and unusable. Or place in locked shredder bins which may be located throughout your facility. Remember to shred any printouts containing any information that […]

0 comments

Big data is revolutionizing healthcare service delivery

Big data is changing the way the world does business. It continues to streamline service provision in everything – from sales to financial services, law, accounting, medicine and healthcare – through faster and faster dissemination of information. The basis of medical research has always been to collect and analyze data – who gets sick, why, […]

0 comments

HIPAA Security Reminder of the Week

Do Not Install Unauthorized Programs Malicious applications often pose as legitimate programs. They aim to fool you into installing the program which then infects your computer. And if your computer is infected, that infection could spread throughout the network. Do not install programs unless they are authorized by Information Security. Authorized installs will be pushed […]

0 comments

HIPAA Security Reminder of the Week

Electronic Media Disposal We all need to ensure that we are careful when transporting or disposing of any type of electronic device. Consider what information might be stored on that media. Know your company’s policy for electronic media disposal.  For example: all workforce members should direct the disposal of all electronic waste to IT or […]

0 comments

HIPAA Security Reminder of the Week

Mobile Phone Use If you are authorized to use your cell phone/smartphone for business, remember: Password-protect your device. Cell phone conversations should not occur in any area where patients or visitors are present. Cell phones should be turned off or set to silent or vibrate mode during meetings, conferences and in other locations where incoming […]

0 comments

HIPAA Security Reminder of the Week

Security Reminders HIPAA 164.308(a)(4) Security Reminders Questions an Auditor may ask you (from NIST 800-66): What methods are available or already in use to make or keep employees aware of security, e.g., posters or booklets? Is security refresher training performed on a periodic basis (e.g., annually)? Is security awareness discussed with all new hires? Are security topics reinforced […]

0 comments

HIPAA Security Reminder of the Week

Keep Physical Assets Secure Assets like files, computing equipment, and information must be secure. The EHR system must be safe from unauthorized access. The single most common way that PHI is compromised is through the loss of devices themselves, either through theft or accidentally. Incidents reported to the HHS Office for Civil Rights show that […]

0 comments

HIPAA Security Reminder of the Week

Social Network Security Reminder Workforce members are not allowed to access social networking sites company-owned equipment. Yet, you might access these sites from your personal computing devices. If so, here are some security tips: Don’t click links if you’re unsure of the destination. Check the domain to make sure it’s the real deal. You don’t […]

0 comments

HIPAA Security Reminder of the Week

Phishing Emails and Links Please be on the lookout for phishing emails or pages with links that try to convince you to click on a link or divulge any personal information. Phishing emails look like emails from a legitimate source but the content requests information that the actual company would not request. Malware filters may […]

0 comments