On New-Wave Technology
By Carol Miller RN MBA
To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting – of protected health information.
These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication. Below is a description of one.
Cloud Solutions
Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.
Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.
In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.
***
***
Business-Associate Agreements
Because HIPAA compliance involves stringent privacy and security protections for electronic health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.
Assessment
Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
***
Filed under: Information Technology | Tagged: Box, Carol Miller, Dropbox, HIPAA Cloud Solutions?, PHI |
“Novato firm remains silent about ransomware attack on patient records”
By Richard Halstead, Marin Independent Journal, August 13, 2016.
http://www.marinij.com/article/NO/20160813/NEWS/160819914
Halstead:
“Officials at a Novato company that provides medical billing and electronic medical records services to many Marin physicians aren’t talking about a ransomware attack on their system this month that left doctors unable to access patient records for more than 10 days. Lynn Mitchell, CEO of Marin Medical Practice Concepts, issued a terse email on Aug. 4 confirming that her company had paid a ransom to regain access to its data. She wrote, ‘To date, there is no evidence that any patient information was accessed, transferred or otherwise compromised.’”
Darrell K. Pruitt DDS
LikeLike
“Bizmatics Cyberattack: Assessing the Fallout – Tracking the Impact of Hack of Cloud-Based EHR Vendor.”
By Marianne Kolbasuk McGee for Healthcare Info Security, June 30, 2016.
http://www.healthcareinfosecurity.com/bizmatics-cyberattack-assessing-fallout-a-9234
Darrell Pruitt DDS
LikeLike
Why even bother with HIPAA?
[So much for privacy]
“A Federal Court Says Your Prescription Records Aren’t Really Private. The Supreme Court Might Have Something to Say About That.”
Brett Max Kaufman
[Staff Attorney]
ACLU Center for Democracy
https://www.aclu.org/blog/speak-freely/federal-court-says-your-prescription-records-arent-really-private-supreme-court
“… But the court disagreed, deciding that ‘[p]hysicians and patients do not have a reasonable expectation of privacy in the highly regulated prescription drug industry,’ because a patient who gives a doctor private health information takes the risk that her prescribed treatment will be regulated by state law. In other words, because a person gives sensitive information to a third party (here, a doctor and pharmacist!), that person loses an expectation of privacy in that information — the so-called ‘third-party doctrine.’”
Darrell Pruitt DDS
LikeLike