• Member Statistics

    • 773,336 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed Distinguished University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital recruited BOD member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2019]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2018
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$250-$999]January 1st, 2019
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. ******************************************************************** THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

Private v. Public Healthcare

A Look Around the World

Join Our Mailing List

By MPH Degree Programs.com 

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors WelcomedAnd, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Proposed Regulations on HIPAA Accounting of Disclosures

New Rules and Regulations for Covered Healthcare Entities

ADVERTISEMENT

Join Our Mailing List 

By HCR@garfunkelwild.com

Proposed regulations regarding HIPAA accounting of disclosures have been recently published and are open for public comments.  If enacted in their current form, the new regulations will require Covered Entities to make significant revisions to their current HIPAA procedures and may require modifications to current computer systems.  

The HI-TECH Act

Under the HITECH Act, regulations must be enacted that allow individuals to receive a much expanded accounting of disclosures of electronic health information, including disclosures made for treatment, payment and health care operations. 

In order to accomplish this, the proposed regulations differentiate between “accountings of disclosures” and “access reports.”  Accountings will continue to be a list of certain limited types of disclosures.  Access reports will be similar to “audit trails” and must include information regarding each access to an individual’s electronic health information.  Covered Entities must be able to provide, upon request, both accountings and access reports.

Covered Entities

The proposed regulations also include specific requirements, including the following:

  • Accountings and access reports must be available in regard to disclosures or access, as applicable, for 3 years and must be provided within 30 days of the request. 
  • Accountings and access reports will be required only for health information maintained in designated record sets (e.g., medical records, billing records).
  • Accountings and access reports must include information about disclosures of, and access to, information maintained by business associates.
  • There are additional exceptions to the types of disclosures that must be included on an accounting (e.g., exceptions will include disclosures about abuse and to medical examiners).

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

The Unsung Heroes of Medicine

Male Nurses

Join Our Mailing List 

By onlinenursingschools.com via guyism.com

Though male nurses make up a small minority of the nursing population, they still manage to be the butts of a majority of jokes when it comes to the medical profession.

Assessment

However, that shouldn’t be the case and our buddies over at Online Nursing Schools decided it was time to recognize our unsung heroes of medicine.

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise 

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Misdirection in Goldman Sachs’s Housing Short

Goldman Sachs appears to be trying to clear its name

By Jesse Eisinger

ProPublica, June 15, 2011, 3:10 pm

Join Our Mailing List 

The compelling Permanent Subcommittee on Investigations report on the financial crisis [1] is wrong, the bank says. Goldman Sachs didn’t have a Big Short against the housing market.

About The Trade

In this column, co-published with New York Times’ DealBook, I monitor the financial markets to hold companies, executives and government officials accountable for their actions. Tips? Praise? Contact me at jesse@propublica.org

But the size of Goldman’s short is irrelevant.

No one disputes that, by 2007, the firm had pivoted to reduce its exposure from mortgages and mortgage securities and had begun shorting the market on some scale. There’s nothing wrong with that. Don’t we want banks to reduce their risk when they see trouble ahead, as Goldman did in the mortgage markets?

Nor should shorting itself be seen as a bad thing. Putting money behind a bet that a stock (or bond or commodity or derivative) is overpriced is necessary for the efficient functioning of capital markets. Short-sellers can keep prices from getting out of whack and help deflate bubbles.

The problem isn’t that Goldman went short and reduced risk — it’s how.

It is How … Short?

To establish many of its short positions, the Senate report says, Goldman created new securities, backed them with its good name, and then strung together misleading statements to its customers about what it was actually doing. By shorting the way it did, the bank perverted the market instead of correcting it.

Take Hudson Mezzanine, a $2 billion collateralized debt obligation created by Goldman in 2006 [2]. In marketing material, the firm wrote that “Goldman Sachs has aligned incentives with the Hudson program.”

I suppose that was technically true: Goldman had made a small investment in the C.D.O. and therefore had an aligned incentive with the other investors. But the material failed to mention the firm’s much larger bet against the C.D.O. — a huge adverse incentive to its customers’ interests.

Goldman told investors that the Hudson assets had been “sourced from the Street,” which most investors would understand to mean that Goldman had purchased the assets from other broker-dealers. In fact, all the assets had come from Goldman’s own balance sheet, the Senate report found.

In his April 2010 testimony to the Senate, Goldman’s chief executive, Lloyd C. Blankfein, argued that Goldman was merely making a market in these securities and derivatives, matching willing and sophisticated buyers and sellers. But, Goldman was acting like an underwriter, not a market maker.

As the underwriter, Goldman threw its marketing muscle behind Hudson Mezzanine and other C.D.O.’s. When the bank’s salespeople ran into trouble selling the securities, they begged for help from the executives who created them. One requested material to give to clients about “how great” the sector was. One needed the aid to get a client to invest, to be “THERE AND IN SIZE,” according to e-mails cited in the report.

Sometimes, Goldman took advantage of the opaque markets. According to the Senate report, Goldman executives had extensive concerns about the prices of its 2007 Timberwolf C.D.O. Goldman sold the C.D.O. securities anyway, often at higher prices than it had them recorded on its books. In summer 2007, Goldman marked some Timberwolf assets at 55 cents on the dollar, but sold similar securities to an Israeli bank at 78.25 cents at the same time, according to the report. Oh, well, tough luck!

Goldman’s Famous Mantra

For decades, Goldman’s famous mantra was to be “long-term greedy” and a central element of that was putting customers first. In these C.D.O.’s, the bank’s customers were “only first in the same way that on Thanksgiving, the turkey is first,” a former C.D.O. professional told me.

Goldman declined to address these specific disclosures from the report. A spokesman maintained the firm fulfilled its obligations to buyers of these kinds of C.D.O.’s, which were made up of derivatives. The customers were large and sophisticated investors who knew that one side had to be long while the other was short. And they knew, or should have known, that Goldman might be on the other side.

“It was fully disclosed and well known to investors that banks that arranged synthetic C.D.O.’s took the initial short position,” a spokesman wrote in an e-mail.

True, but few thought that the bank that had created and hawked the C.D.O.’s expected them to fail.

Goldman’s techniques harmed the capital markets. Goldman brought something into the world that didn’t exist before. Instead of selling something — thereby decreasing the price or supply of it — and giving the market a signal that it was less desirable, Goldman did the opposite. The firm created more mortgage investments and gave the world the signal that there was more demand, for C.D.O.’s and for the mortgages that backed them.

Assessment

By shorting C.D.O.’s, Goldman also distorted the pricing of the underlying assets. The bank could have taken the securities it owned and sold them en masse in a fairly negotiated sale, though it likely would have gotten less for them than it was able to make by shorting the C.D.O.’s it created.

Because of Goldman’s actions, the financial system took greater losses than there otherwise would have been. Goldman’s form of shorting prolonged the boom and made the crisis that followed much worse.

Goldman executives surely hope to change the subject from the firm’s specific actions to a more general discussion of how much and when it shorted. We shouldn’t let them.

Link: http://www.propublica.org/thetrade/item/misdirection-in-goldman-sachss-housing-short/

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

Fun Facts for Father’s Day

Sunday June 19 2011

Join Our Mailing List 

By bradsdeals.com

Did you know that in the United States there are twice as many hardware stores and three times as many sporting good stores than men’s clothing stores? Or, that we spend most of our Father’s Day cash on taking Dad out to eat?

Assessment

Heck, did you know that Father’s Day not only has an official flower, but that there’s actually a debate about which flower it should be? Neither did we! 

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

The Foreign Exchange Market Explained

Doctors are You Curious to Trade?

From Infographics Archive

Join Our Mailing List 

By CMSFOREX

This infographic was developed by CMS Forex, a Forex industry leader, explains the basics of Forex and presents an excellent starting point for anyone who is curious about how to trade Forex.

Assessment

It’s also great for experienced Forex traders who want to explain what they do to colleagues, friends and family.

 

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details  Product Details

A Review of HIPAA EHR Security Regulations

Join Our Mailing List

Focus on the Hospital Industry

Carol S. MillerBy Carol S. Miller BSN MBA

With the implementation of EMRs, Internet access, intranet availability throughout the hospital and physician complexes, as well as from home or any virtual site, the potential for security violations and associated vulnerabilities may have already caused serious harm to many hospitals and to the IT community in general.  Implementation of HIPAA security standards across the United States at hospitals, clinics, medical complexes, universities, federal facilities such as the VA, DoD or IHS and others have been inconsistent.  In addition, the HIPAA privacy regulations have given the responsibility for the patient health record to the patient — the impact of which has not been fully addressed nor is it supported by healthcare IT rules and regulations.

In Control?

Throughout the entire healthcare industry, there are concerns over who has access, who is in control, and whether the release of information impacts the privacy and security of the patient medical information or presents a risk to patient well-being, the quality of patient care, compliance issues, and potential fines to the hospital community.

The simple fact is that security is a problem that could have a catastrophic effect on any hospital.  Most Chief Information Officers have increased their “security-related” and “computer specialist” staff to address security issues, but most believe that their security is still vulnerable and needs to be improved.  Understanding a complex group of technologies and processes that have been built and modified many times over the years, especially at a large university or medical center complex, will be not only time-consuming, but also costly.  Security, like complex IT systems, was never designed in any organized manner.  It simply expanded as more and more access was made available, patient rights were defined, technology capabilities expanded, and more Internet-related communications and document-sharing occurred.

Hospital Security Concerns

Further, HIPAA security requirements were thrown into the mix in an era when hospital budgets were shrinking, and hospitals were trying to meet their costs through consolidation or reduction of programs and staff.

The prime concerns for information security are:

  • confidentiality – information is accessible only by authorized people and processes;
  • integrity – information is not altered or destroyed; and
  • availability – information is there when you need it.

Hospitals will continue to review, update and further document their security issues, monitor changes, and develop processes to mitigate the problems.  Gap analyses will continue to determine where vulnerabilities are or potentially could occur.  This process will be time consuming, but will enable the hospitals to determine how each system is integrated into their portfolio of systems and applications, and how it will be integrated with new technology.  Most importantly, it will facilitate identification of the detailed process of requesting, securing, and approving access to confidential patient records, systems, or applications.  It will enable hospitals to move forward with other technology enhancements in a secure manner.

Patchwork Security Quill

As stated previously, security has grown piecemeal as needs have been integrated with system, application, and software program growth.  It is literally a patchwork of various security functions and restrictions that may just be applicable to a certain application or software product or may be applicable to several applications but not all.  Various security software or SaaS packages have been deployed at different facilities across the United States that provide firewalls, access controls, tracking systems, and various other HIPAA security compliant capabilities; however, even with all these controls no one person within a hospital environment is fully aware of all the security requirements, security structures, the integration of the security network or whether any of the security network works efficiently and effectively.  Building a basic understanding of the entire network is the basis for developing and improving the entire HIPAA-related security process.  Besides the security involved within the hospital systems and through the Internet, there is still the issue of physical security, security theft or inappropriate access to patient information.

Typical Security Queries

The following list provides examples of typical questions related to security of information stored either on the laptop or on an accessible Intranet site from the laptop that should be addressed. All of these questions relate to additional time and expense in having an assigned individual monitor all aspects of this tracking process:

  • Is there an accurate record or log of each piece of equipment referenced at the hospital?
  • Do I know how many of the laptops are portable and used at home?
  • Are personal digital assistants (PDAs) and laptops encrypted and is the employee required to change passwords frequently?
  • Do I know how many of these portable systems are used for personal services?
  • Do I know how many of these laptops are used by family members?
  • Do I know how secure the portable systems are?
  • Do I know if they are just password protected or whether other security measures are in place?
  • Is every piece of equipment accounted for when employees leave, including PDA, laptop, CD, DVD, or other storage devices?
  • Do I know who can access confidential patient information from a remote office or home?
  • Is there a defined process for discarding old computers and old media?
  • Do employees know the hospital’s reporting process if their laptop is stolen or hacked?
  • Is virus and spyware software continually updated?
  • Are employees provided with information on how to secure their laptops or blackberries?
  • Do employees know what to do when attachments from unknown sources are sent and/or downloaded?
  • Does the employee use home-burned CDs/DVDs on their laptop?
  • Is system backup maintained by every employee?
  • Do employees know to “log off” when leaving their desktop or is there an automatic “log off” capability built within the system?

Security Administrators and Managers

Hospitals are employing security administrators and security staff to identify potential risks, vulnerabilities, risk scenarios, and develop policy and procedures to address all of these issues.  HIPAA compliance reviews and approval processes from HIPAA officers or legal counsel will be an added process for the hospital as part of any security consideration.  All of these security review processes, requirements, and staffing represent new and most likely unbudgeted costs with higher-than-anticipated associated costs to the hospital.  Costs need to be based on the affiliated risk, and the associated manpower or technical systems/software required to fix the risk; these indirect costs (i.e., not direct labor costs related to patient care) are being met from the hospital profits.

Risk Assessment Queries

Every covered entity should complete a risk assessment and review it periodically.  Focus areas that need to be addressed in the risk plan include the following:

  • workforce clearance (does the job require access to patient information and is it documented in the job description);
  • training (ongoing awareness and reminders); and
  • termination (what are the processes and procedures for assuring that a terminated employee does not have future access to any confidential patient information).

Today it is important for all hospitals to focus on contingency plans and disaster recovery to prevent any arbitrary loss of patient information.  Hospitals need to plan for and demonstrate that disasters such as Katrina or 9/11 or Japan or Alabama will not affect the security of the systems or access to patient information.

Many hospitals provide routine reviews, and system maintenance and updates to combat potential security problems or concerns with regard to confidential patient information.  However, inadvertent or even intentional changes to systems can cause serious data problems as the data integrates throughout the hospital IT environment.  Security breaches at this level can come from inside or outside the hospital.  They can be malicious or accidental and they can be related to system function disruption or data degradation.  They can relate to potential failures to properly share data and coordinate information.  They can also be the cause of major patient clinical errors, physician dissatisfaction, inaccurate record information, duplication of records, and as always, additional cost to the hospital that must identify the potential breach, develop a solution, and correct the issue at hand.

Main Concern

Direct access to information is probably the biggest security issue.  It affects personnel access to the systems they need in their daily jobs and tends to be poorly controlled.  Because hospitals need to provide access to information, they are sometimes lax about who has that access.  As an example, ask any hospital to not only identify each access user on the system, but also identify who uses each specific application.  Few hospitals have that capability. They would require additional resources to develop not only a major computerized index, but also the time and attention to monitor and to change users’ rights to access.  Many hospitals routinely request that the business or IT manager provide access for new employees that is similar to what another comparable staff person has — not really addressing the particular “right to know” or determining whether the new employee really needs a particular level of access.  Experience within the hospital environment also shows that many of the staff still have the same access to systems that they have had for years, even though they may have changed positions several times.

Finally, many staff have access to confidential patient information, yet few of the hospitals have ever linked this “right of access” to a background check.  Access to the hospital system is given to employees to perform a job.  In turn, the hospital is widely opening its doors to access a wide range of financial or confidential information, or even competitive information.  Many of these hospitals have employed designated staff to change and delete access rights, or allow read-only access, or read/write access; however, vulnerability still can exist.  Security is a trade-off between control and flexibility and there will always be weak points.  For those hospitals that have in place a comprehensive security review process, policy and procedures, and a contingency plan, the risks and liability can be limited.

Assessment

Regardless of the cost, HIPAA security and privacy regulations have changed the hospital environment.  The hospital and its IT and security staff need to be proactive.  There is simply too much at stake and potentially too many issues where mistakes could cause the hospital a serious system problem or result in a large fine.  HIPAA and the responsibility to provide reasonable patient care risk reduction mandate secure healthcare IT operations.  To do less simply allows patient care and healthcare delivery outcomes to be exposed to unacceptable levels of unnecessary risk.

About the Author

Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported.

She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow, Past President and current Board member and an ACT/IAC Fellow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

%d bloggers like this: