Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
What it is – How it works?
By Staff Reporters
All medical practitioners and ME-P readers and subscribers are aware that there are stiff penalties for protected health information [PHI] data breaches. And, the HIPPA policies and laws are legendary.
Security Standards
Cyber security standards are standards which enable healthcare and other organizations to practice safe security techniques to minimize the number of successful cyber security attacks and HIPPA information breaches.
Assessment
These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific standards, cyber security certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cyber security insurance.
Link: ISA – Cyber-Insurance Metrics and Impact on Cyber-Security
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- DICTIONARIES: http://www.springerpub.com/Search/marcinko
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE:Financial Planning for Physicians and Advisors
- INSURANCE:Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: "Doctors Only", Information Technology, Insurance Matters, Risk Management | Tagged: Cyber Security, HIPAA, PHI |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Are cloud-based EHRs safer than enterprise systems?
Here’s some interesting news: “Most HIPAA Violations Occur Outside Cloud-Based EHRs” – written by Bob Herman for Becker’s Hospital Review.
http://www.beckershospitalreview.com/healthcare-information-technology/most-hipaa-violations-occur-outside-cloud-based-ehrs.html
“The report also noted that cloud-based EHR systems have all data stored on the software company’s server off site, but 75 percent of the HIPAA breach locations were on-site computers or hard drives and paper records. Only 12 percent of breach locations involved computer networks.”
Dr. Pruitt
LikeLike
Offensive cyber warfare
“Defense Bill Approves Offensive Cyber Warfare”
http://informationweek.com/news/government/security/232301351
Here’s what bothers me about “offensive” cyber warfare. Offensive munitions destroy themselves, rendering them impossible to reverse engineer. On the other hand, internet weapons can be analyzed and turned against us. What’s more, the US is much more vulnerable to offensive cyber weapons than a reclusive nation such as North Korea.
Darrell K. Pruitt DDS
LikeLike
Bank Account Insurance?
Darrell – A new virus has been reported to raid your bank account – but you won’t notice. So, the best way to protect yourself from an online financial scam is to diligently check your bank accounts; right? At least, until now.
Israeli-based Security firm Trusteer has found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts — it also covers its tracks.
http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-bank-account-but-you-wont-notice
Will cyber terrorism ever end?
Dean
LikeLike
10 key factors to weigh when buying cyber insurance
With incidents of data breaches on the rise in recent years, cyber insurance is growing in popularity as a way of mitigating risk.
http://www.healthcarefinancenews.com/news/10-things-consider-purchasing-cyber-insurance?topic=14,19
Dean
LikeLike
The myth of password-protected
Theft of a computer from a California doctor’s office exposes 2500 patients to increased risk of identity theft. But don’t worry, it’s “password protected.”
“Stanford alerts patients to potential privacy breach after computer theft” by Robert Salonga, MercuryNews.com.
http://www.mercurynews.com/breaking-news/ci_21229475/stanford-alerts-patients-potential-privacy-breach-after-computer
“Stanford medical school officials are alerting 2,500 patients that their private health information may have been breached following the theft of a computer from a doctor’s office in July, the university announced Friday.
The theft occurred between July 15 and 16, according to a news release. The password-protected computer is said to have contained patient names and medical records, and even Social Security numbers in some cases.”
Concerning Stanford’s hopeful reassurance of “password-protection,” I would assume that for anyone whose technology skills are sophisticated enough to steal medical insurance, password protection is as obsolete as the Maginot Line.
Since stolen medical identities contained in removable hard drives sell for $50 each, that makes the heist potentially worth over $100,000. With that kind of money on the line, there’s a good chance that the thief might find someone with a small Phillips screw-driver and working knowledge of “righty-tighty, lefty-loosey.”
Is it unprofessional to sarcastically reveal risks others would hide?
D. Kellus Pruitt DDS
LikeLike
Data breach costs only increase
How badly do you really want that electronic dental record, Doc?
It will be a while before dental leaders get around to mentioning it – if at all – while other secretive EDR stakeholders will even hide the bad news from HIPAA covered dentists if given a chance.
Nevertheless, dentists with NPI numbers should know that data breaches from dental offices became much more expensive recently.
“Data breach litigation on the rise—Eleventh Circuit allows data breach putative class-action to proceed” November 26, 2012 By David M. Governo and Corey M. Dennis, CIPP/US
https://www.privacyassociation.org/publications/2012_12_01_data_breach_litigation_on_the_riseeleventh_circuit_allows_data
“The Resnick decision makes clear that an allegation of actual financial loss is sufficient to establish both adequate standing and a cognizable injury in data breach cases. The decision also underscores the importance of maintaining adequate security measures, including encryption of laptops and mobile devices, to reduce the risk of a data breach.”
D. Kellus Pruitt DDS
LikeLike
Cyber insurance IS coming
Cyber insurance is coming, and according to recent industry forecasts, 96% of dentists need the coverage. Have I ever mentioned that de-identifying electronic dental records would be cheaper?
If you store and send electronic Protected Health Information (ePHI), prepare to add yet another open-ended expense that comes with your NPI number: Pay the cost of cyber-insurance premiums or risk going bare – your choice. “Hack Attacks Help Boost Insurance Business” by CNBC Producer Dina Gusovsky was posted yesterday.
http://www.cnbc.com/id/100512627/Hack_Attacks_Help_Boost_Insurance_Business?goback=%2Egde_4636751_member_219083496
William Stewart, the leader of Booz Allen Hamilton’s Cyber Technologies Center of Excellence, tells Gusovsky, “Any high-value organization has been or will be attacked soon — that is almost certain in today’s world.” That includes cloud providers of electronic dental records, Doc… otherwise known as “HIPAA Business Associates.”
In a related CNBC article posted a month ago titled, “Execs Say Cyber-Attacks a Top Threat: AIG Survey,” CNBC Reporter Mary Thompson describes the results: “Of the 258 executives surveyed by Penn Schoen Berland, 85 percent said they were very or somewhat concerned about cyber-attacks on their organizations — topping the 82 percent concerned about income loss, the 80 percent concerned about property damage and the 76 percent concerned about securities and investment risk.”
http://www.cnbc.com/id/100439667
Dentists have always been well represented on HHS’s Wall of Shame for data breaches. That crushes any happy assumption that dental practices are somehow immune. Nevertheless, I know dentists. Here is what will happen over the next few months as HHS steps up HIPAA audits: Slow-moving professionals will reluctantly purchase cyber-insurance only after being deeply frightened by whispered accounts from colleagues who attract federal attention through data breaches and unlucky random selection. About this time next year, expect dentists to (quietly) complain to each other about never-ending increases in premiums that cover less and less breach liability. Unfortunately for the community, no one outside the exclusive niche will hear a peep. In a nation where dentists never risk transparency, I ask who represents dental patients’ interests? Is anyone driving this bus?
I clearly shouldn’t be alone out here. Others should be helping to warn dentists about entrusting their reputations to the security of office-based EDR systems and Business Associates’ cloud systems: There is no cyber-security. What’s more, when angry former patients are notified of a breach, it won’t matter if the BA’s subcontractor (cousin Lou) left his tablet computer at a bus stop… again. The dentist will always be blamed. And if the breach involves over 500 patients, a press release in the local media will let the community know the name of a dentist to avoid. Far too many will never forget it.
According to Ponemon Institute estimates, over 94% of healthcare organizations have suffered at least one reportable data breach in the last two years. So how can dental patients be better protected from Lou without requiring that their dentists abandon computerization and return to pegboard/carbon paper technology? What idea has a reasonable chance of reducing dentists’ exposure to increasingly costly EDR liabilities?
De-identification.
Should Lou’s next fumbled mobile device contain only dental information, HIPAA clearly states that properly de-identified data is not PHI: Dental records alone cannot be used to re-identify the owner (outside the morgue). More importantly, dental records, with or without owners’ names, have less than zero black market value.
Unavailable data will always be infinitely more secure than encrypted data.
Darrell
LikeLike
Cybersecurity Insurance
What Advisors Need to Know.
http://www.financial-planning.com/30-days-30-ways/cybersecurity-insurance-what-advisors-need-to-know-2690864-1.html?utm_campaign=technology-nov%205%202014&utm_medium=email&utm_source=newsletter&ET=financialplanning%3Ae3236654%3A86235a%3A&st=email
Pace
LikeLike
IDENTITY THEFT INSURANCE
There’s no doubt that credit card fraud and identity theft represent scary, increasingly prevalent problems, but paying $100 or so a year for credit monitoring and fraud insurance doesn’t necessarily provide useful protection.
Most banks and credit card companies monitor and safeguard their clients — for no additional fee — by issuing alerts and account freezes when they detect suspicious activity, and they almost always waive responsibility for fraudulent charges.
Clinton
LikeLike
[…] RELATED: https://medicalexecutivepost.com/2011/01/24/on-cyber-insurance-for-doctors/ […]
LikeLike