Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
More on Medical Cyber-Security
[By The Doctors Company]
***
***
NOTE
The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each health care provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.
More:
- Understanding the PHI “Minimum Necessary” Rule
- http://www.youtube.com/watch?v=VDrWbjgM3Ik&feature=youtu.be
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Information Technology, Risk Management | Tagged: Cyber Security, EHR risks, protected health information, The Doctors Company |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
The following components would establish a comprehensive cyber risk liability policy for a medical practice:
1. Multimedia insurance. Coverage for both online and offline media. Includes claims alleging copyright/trademark infringement, libel/slander, false advertising and plagiarism.
2. Security and privacy insurance. Coverage for third-party claims alleging a financial loss as a result of a network security or privacy breach. Includes coverage for both online and offline information, virus attacks, denial of service, and failure to prevent transmission of malicious code.
3. Privacy regulatory defense. Coverage for defense costs and fines/penalties for violations of privacy regulations including, but not limited to HIPAA, red flag rules, and the HITECH Act.
4. Network asset protection. Coverage for all reasonable and necessary sums required to recover and/or replace data that is compromised, damaged, lost, erased or corrupted. Coverage also includes business interruption and extra expense coverage for income loss as a result of the total or partial interruption of the insured’s computer system. Includes coverage for cyber terrorism.
5. Cyber extortion. Coverage will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat.
6. Cyber terrorism. Coverage for income loss and interruption expenses as a result of the total or partial interruption of the insured’s computer system due to a cyber-terrorism attack.
7. Privacy breach response costs and crisis management. Includes all reasonable legal, public relations, advertising, IT and forensic expenses.
8. Customer notification and support expenses. Includes, but is not limited to, call center, credit monitoring and postage expenses incurred by the insured for a privacy breach.
http://www.medicalpracticeinsider.com/news/8-areas-insure-against-cyber-threats?email=MARCINKOADVISORS@MSN.COM&GroupID=90115
Ann Miller RN MHA
LikeLike
On Health Data Breaches
“Why Healthcare Cybersecurity Breaches Cost More than Others – A recent study underlines the costly recovery process that can stem from healthcare cybersecurity breaches.”
By Elizabeth Snell for HealthIT Security
[December 12, 2014]
http://healthitsecurity.com/2014/12/12/why-healthcare-cybersecurity-breaches-cost-more-than-others/
Darrell K. Pruitt DDS
LikeLike
Health Care Breaches Will Face Growing Threats
Darrell – The expanding number of access points to Protected Health Information (PHI) and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the health care industry particularly vulnerable to cyber-attacks.
Case in point: It was reported that the FBI released a private notice to the health care industry earlier this year warning providers that their cyber-security systems are lax compared to other sectors.
Health care organizations will need to step up their security posture and data breach preparedness or possibly face sanctions from federal regulators in 2015.
And, patients beware.
Thanks for your contributions.
Dr. David Edward Marcinko MBA
http://www.CertifiedMedicalPlanner.org
LikeLike
As health records move from paper native to digital native
There has been a tremendous explosion of information technology (IT) in healthcare caused by billions of dollars of government incentives for usage of digital healthcare tools. But, IT systems face threats with significant adverse impacts on institutional assets, patients, and partners if sensitive data is ever compromised. Every health enterprise is required to confidentiality, integrity and availability of its information assets (this is called “information assurance” or IA). Confidentiality means private or confidential information must not be disclosed to unauthorized persons. Integrity means that the information can be changed only in an authorized manner so as to maintain the correctness of the information. Availability defines the characteristic that information systems work as intended and all services are available to its users whenever necessary.
It is well known that healthcare organizations face and have been mitigating many risks such as investment risk, budgetary risk, program management risk, safety risk, and inventory risk for many years. What’s new in the last decade or so is that organizations must now manage information assurance risks related to operating its information systems because as operating information systems [OSs] are also at risk. IT is now just as a critical an asset as most other infrastructure managed by health systems. It is important that information security risks are given the same or more importance and priority as given to other organizational risks.
As health records move from paper native to digital native, it’s vital that organizations have information risk management programs and security procedures that woven into the culture of the organization.
For this to happen, basic requirements of information security must be defined and implemented as part of both the operational and management processes. A framework that provides guidance on how to perform these activities, and the co-ordination required between these activities is needed.
Shahid N. Shah
LikeLike
Healthcare Cyber Security Update for 2017
It has become clear that security breaches will continue for at least another year. There are three main reasons:
First, health care providers, from hospital/health systems to single-physician offices to outpatient clinics and urgent care centers, have not uniformly kept up with installing updates to any security software. Since updates are not uniform and the requirement for reporting is not immediate, there are more breaches reported, and often they are several months old (or older).
Second, because patients use many sites for care, and records have to travel to each of the sites (at least occasionally), the security of these transmissions from each site to the next can be compromised with little difficulty. FHIR technology can detect some of these interceptions and alert the sender/receiver, but it typically does not ensure the safe sending between two different platforms that are outside FHIR code.
Third, it is important to remember that healthcare providers and plans send to administrative consultants, such as payment management, benefits consultants, plan sponsors, pharmacies, among others. Their platforms are unlikely to be on the same secure platforms as the health system, nor have the FHIR technology that could alert quickly that someone has seen a record (s) that should not have been accessed.
The most important, zero-tolerance action that needs to be taken is to create an internal mandate at any company that sends or receives medical health records. Everyone on the staff, from receptionist to CEO should be trained and retrained in the security procedures that endanger patient information. There should never be paperwork laying in open areas, the laptops and desktops should be sharing the same security levels and updates.
Any breaches must be immediately reported, with new precautions installed and reported to all staff.
Cyndy Nayer – CEO
Center of Health Engagement
LikeLike