• Member Statistics

    • 763,577 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed Distinguished University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital recruited BOD member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2019]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2018
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$250-$999]January 1st, 2019
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. ******************************************************************** THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

Dr. Marcinko Interviewed on the Physician Credit Crunch

Financial Experts Share Tips on Obtaining Loans to Start or Expand a Medical Practice

By Michael Gibbons

Editor: ADVANCE Newsmagazines

Maybe you’re a young dermatologist or plastic surgeon who dreams of starting your own practice. Or maybe you’re an established professional but want to expand your palette of anti-aging services. Either way, you’ve probably made an unpleasant discovery: Banks are leery about lending today. Global recessions with seemingly no end in sight tend to give loan officers sticky fingers.HO-JFMS-CD-ROM

Dermatologists and Plastic Surgeons

We have it on good authority that dermatologists and plastic surgeons as a group are less affected by this problem than physicians in some other branches of medicine. Still, there’s no better time than now to absorb some sound advice on how to approach banks for loans—whether you’re a fresh-faced newcomer to the fresh-face business or a wrinkled veteran at eliminating wrinkles.

Start Small

There’s no soft-soaping it: Starting a healthy aging practice is much harder than expanding an existing practice, even in the flushest of times.

“For young dermatologists starting out, I recommend you start small,” advises Jerome Potozkin, MD, who offers facial rejuvenation, liposuction, body contouring and dermatological care through his practice in Walnut Creek, CA. “You can always expand. Keep your overhead low. Know what your credit score is and do everything you can to improve it. Pay your bills on time.”

Lasers aren’t cheap. Besides the initial acquisition costs, a service contract can cost $7,000 to $12,000 a year, according to Dr. Potozkin. “Don’t feel you have to buy every new laser under the sun,” he says. “In fact, renting rather than purchasing is an option many companies offer. When your volume is low you can rent and schedule laser days—although the pitfall there is you don’t have lasers available whenever patients come in.”

Also, young dermatologists “will probably have an easier time getting a loan if they go to a relatively underserved area, as opposed to an area that has a large number of dermatologists per capita,” says Dr. Potozkin, who began practicing 10 years ago. “There are two schools of thought on this: Go where you want to live to start a practice or go to where there’s a need and be instantly successful. I chose the former. It took me longer to get started but I’m very happy where I am.”

Patience, Prudence and Passiondem2

Be patient, prudent, passionate—and start with a spare office and as little debt as possible, advises Dr. David E. Marcinko MBA, a financial advisor and Certified Medical Planner™. Marcinko, a health economist,  is CEO of the Institute of Medical Business Advisors Inc., a national physician and medical practice consulting firm based in Norcross, GA www.MedicalBusinessAdvisors.com

“Patients are looking for passion from you, not lavish trappings,” Dr. Marcinko says. “When a banker or a loan officer sees $175,000 or more of debt they are loath to give a loan—and it’s hard to blame them. Purchase a home after you become a private practitioner. You need to be as close to debt-free as you can be.

Exit Strategy

“Another thing bankers want to know is, ‘If we give you a loan and you start a practice and it fails, how will we be paid back?’ They want an exit strategy.”

The good news is dermatology “remains a very lucrative specialty, and in most parts of the country they are in a shortage position, particularly with the aging population,” says Sandra McGraw, JD, MBA, principal and CEO of the Health Care Group, a financial and legal consulting firm based in Plymouth Meeting, PA., that advises the American Academy of Dermatology, among other groups.

“I would start with a realistic business plan for why you think this practice can succeed, in the specific location,” McGraw says. “How many patients do you expect to see? How will they know you are there and available? Remember that banks lend to all kinds of people, so keep your numbers realistic. Overestimating expenses is as bad as underestimating them. Then determine how you want the money—usually a fixed loan for a period of time and then a line of credit as you get your practice going and sometimes need the cash flow.”biz-book

Expanding a Practice

Established dermatologists should have an easier time getting loans to expand their practices. They have, one hopes, a track record of success and assets to put up as collateral.

Mid-career physicians “have cash flow, physician assets and equity to some degree in a house and personal assets,” Dr. Marcinko observes. “Banks can attach loans to personal assets and savings accounts. Ninety-nine percent of times you must sign a personal asset guarantee. Mid-lifers have assets young ones don’t, so mid-lifers aren’t quite the risk. They have businesses that have value and cash flow. Banks like cash flow.”

However, even veterans must do some homework before approaching a bank. “You still want to establish why you want the money and how the expansion will increase your income,” McGraw says.

Another tip: If the bank has loans out with reputable vendors, you might ask the loan officer to recommend them to you as potential contractors. “Sometimes keeping it local and supporting others with loans at the bank can be helpful,” she says.

Assessment

Dr. Marcinko adds, “Bankers today want you to come in with a well-reasoned, well-thought-out and well-written business plan. Give bankers a 30-second elevator speech on why you are different. It’s really important to ask yourself, ‘What can I offer the community as a doctor in my specialty that nobody else can?’ If you bill yourself as the first dermatologist to do laser surgery, that’s a perceived advantage. You purchased the equipment and learned to use it. But anyone can do that. If you can come up with something that nobody else has or can do, that’s how you’re successful in anything.”

Link: Dr. Marcinko Interview

Link: https://healthcarefinancials.files.wordpress.com/2009/08/dr-marcinko-interview.pdf

Conclusion

And so, your thoughts and comments on this Medical Executive-Post are appreciated. Tell us what you think. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Proposing a Possible [San Bernardino CA] Medical Work Place Violence Prevention Initiative?

Join Our Mailing List

The Haddon Matrix for Health Place Injury Prevention and Workplace Violence

By

[Eugene Schmukler; PhD MBA MEd – Certified Trauma Specialist]

***

An invaluable tool for healthcare violence prevention program establishment is the Haddon Matrix. In 1968, William Haddon, Jr., a public health physician with the New York State Health Department, developed a matrix of categories to assist researchers trying to address injury prevention systematically. The idea was to look at injuries in terms of causal factors and contributing factors, rather than just using a descriptive approach. It is only recently that this model has been put to use in the area of workplace violence.

The Matrix Framework

The matrix is a framework designed to apply the traditional public health domains of host, agent, and disease to primary, secondary, and tertiary injury factors. When applied to workplace violence, the “host” is the victim of workplace violence, such as a nurse. The “agent” is a combination of the perpetrator and his or her weapon(s) and the force with which an assault occurs. The “environment” is divided into two sub domains: the physical and the social environments. The location of an assault such as the ER, the street, an examining room, or hospital ward is as important as the social setting in patient interaction, presence of co-workers, and supervisor support.

Modifications

Subsequent versions of the matrix divide the environment into Physical environment and Social, Socio-economic, or Sociocultural environment. Each factor is then considered a pre-event phase, an event phase, and a post-event phase.

***

sad

***

Medical / Healthcare Setting

The Haddon Matrix lends itself to a medical setting in that it uses a classical epidemiological framework to categorize “pre-event,” “event,” and “post-event” activities according to the infectious disease vernacular, host (victim), vector (assailant or weapon), and environment. The strength of the Haddon Matrix is that it includes the ability to assess “pre-events” or precursors in order to develop primary preventive measures.

 

Phases

Host

Agent

Physical Environment

Social Environment

Pre-event (prior to assault)

Knowledge

Self-efficacy

Training

History of prior violence communicated

Assess objects that could become weapons, actual weapons, egress (means of escape)

Visit in pairs or with escort

Event (assault)

De-escalation

Escape techniques

Alarms/2-way phones

Reduce lethality of patient via increasing your distance

Egress, alarm, cell phone

Code and security procedures

Post-event (post-assault)

Medical care/counseling

Post-event debriefing

Referral

Law enforcement

Evaluate role of physical environment

All staff debrief and learn

Modify plan if appropriate

 

Policy?

From the perspective of administration, the Haddon Matrix does not implicate policy. This means that the matrix does not necessarily guide policy. When implemented, the Haddon Matrix can be a “politically” neutral, trans-or multi-disciplinary, objective tool that identifies opportunities for intervention. Furthermore, it outlines sensible “targets of change” for the physical and social environment.

 

Phase

Affected individual and population

Agent used

Environment

Pre-event

Psychological first aid

Communicate efforts to limit action

Have plans in place detailing agency roles in prevention and detection

Event

Population uses skills

Mobilize trauma workers

Communicate that response systems are in place

Post-event

Assessment, triage, and psychological treatment

Communicate, establish outreach centers

Adjust risk communication

End results

Limit distress responses, negative behavior changes and psychological illness

Minimize loss of life and impact of attack

Minimize disruption in daily routines

 

More: Was the San Bernardino CA Massacre Work Place Violence?

***

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™    8Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Assessment

And so, was San Bernardino workplace violence – or not; please opine?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

***

Product DetailsProduct Details

   8

***

Why I’m Joining the Physician Nexus Medical Advisory Board

Join Our Mailing List

On My Non-Linear … and Sometimes Concurrent Career Path

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief]

As Medical Executive-Post readers know, I am a big believer in career and change management; evolution if you will. As an entrepreneurial doctor, writer, publisher, speaker, financial advisor, economist, management consultant and business owner, with a non-linear career spanning more than 30 years, I’m acutely aware that to thrive, I must evolve.

Evolution not Revolution

Most of our readers know my career story, but you probably don’t know that even now, my career continues to evolve. For example, I recently accepted a position on the Physician Nexus Medical Advisory Board http://physiciannexus.com/page/nexus-board-of-advisors

THINK: Evolution; not revolution.

Am I Un-Happy?

Why did I embark on this project? Am I giving up my day job at this ME-P? Am I moving on from my business? These are questions I’ve been asked, and I’ve given them all some thought. The nature of these questions signifies a fundamental assumption that, to be considered stable and sane, we must remained attached to “one occupation”, and that if anything changes in that equation, we are surely about to make a move because we are unhappy www.BusinessofMedicalPractice.com

Not so!

Last Gen Parents – Next Gen Son

Don’t believe m? Just ask me about the time I told my last-generation dad and mom I was going to business school, after medical school www.CertifiedMedicalPlanner.org then promptly started an online educational and testing firm for doctors, financial advisors, CPAs and stock brokers. Or; when I sold my ambulatory surgery center – and later still – my private practice, etc! Can you say ballistic?

I added this new patch work to my career quilt because I accepted an opportunity – a chance to do things that I truly love; have engaging clients, speak and write about it. But, don’t worry about me! I’ve got the support of my next-generation wife.

iMBA Inc

And, as we at the www.MedicalBusinessAdvisors.com continue to consult with medical practices to improve their operational results … or with doctors for their financial planning needs, I’m always keeping my eyes open for the next opportunity that catches my fancy.

A Kindred Spirit

Like my colleague Philippa Kennearly MD MPH, over at the Entrepreneurial MD http://www.entrepreneurialmd.com I’m here to argue that the contemporary career of an entrepreneurial physician can and perhaps should be a non-linear projection; it can contain clinical practice AND an Internet business AND writing books AND taking on clients AND seminar speaking and consulting projects AND being part of a family and community.

Just recall, Bill Gates of Microsoft said that most contemporary knowledge workers will follow a career path that changes every seven [7] years. But, I don’t know if he meant doctors, as well?

Assessment

Doesn’t that sound more exhilarating to you than feeling stuck in one gear? Isn’t it time to shift that gear from either … or  to and … and, as Philippa is prone to say?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details

Understanding Healthcare Leadership Today

More Mentor – Less Administrator

By Dr. David Edward Marcinko MBA

[Editor-in-Chief]

The organizational changes necessary for good health care entity operational performance rarely occur without some initiative on the part of management.

IOW: If you want good financial performance, you need to assert the leadership necessary to design and implement needed changes in operations management.

Healthcare Leadership Today

But, healthcare leadership today is not something that is done to people; it is something you do with them.

Today’s successful hospital executive must act more like a leader and mentor, and less like an administrator or manager.  They must create trust and collaboration to empower their professional staff, volunteers, and employees.

The Mentoring Paradigm

For some executives, this requires a fundamental shift in mindset.  This new mentoring paradigm demands a holistic approach for the total healthcare organization so that the enterprise-wide environment assists everyone to realize their full potential.  This maximization of performance is more than just a trendy business concept for leadership.

And, it is more than merely putting on a business suit and expecting results.  It is a commitment to being a transparent informed leader.  One of the elements in this shift in mindset involves information communication.  All relationships involve communication as an element of education, and healthcare leadership is no exception.  In fact, what is really enabling is the dissemination of information to all stakeholders and peers.

Assessment

In essence, the leader takes on a more communicative role and thus empowers employees to their full potential.  To successfully achieve this, the hospital, nurse or physician executive must have a clear understanding of self and consider human values relative to the role of the health organization measurements and mission.  This attention assists the executive to lead with self-confidence and to encourage differing opinions, rather than the opposite.

Remember

Leadership is the driver of all components including Healthcare Information Technology and Analysis, Strategic Planning, Human Resource Development and Management, Motivation Theory and Process Management.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

A Review of HIPAA EHR Security Regulations

Join Our Mailing List

Focus on the Hospital Industry

Carol S. MillerBy Carol S. Miller BSN MBA

With the implementation of EMRs, Internet access, intranet availability throughout the hospital and physician complexes, as well as from home or any virtual site, the potential for security violations and associated vulnerabilities may have already caused serious harm to many hospitals and to the IT community in general.  Implementation of HIPAA security standards across the United States at hospitals, clinics, medical complexes, universities, federal facilities such as the VA, DoD or IHS and others have been inconsistent.  In addition, the HIPAA privacy regulations have given the responsibility for the patient health record to the patient — the impact of which has not been fully addressed nor is it supported by healthcare IT rules and regulations.

In Control?

Throughout the entire healthcare industry, there are concerns over who has access, who is in control, and whether the release of information impacts the privacy and security of the patient medical information or presents a risk to patient well-being, the quality of patient care, compliance issues, and potential fines to the hospital community.

The simple fact is that security is a problem that could have a catastrophic effect on any hospital.  Most Chief Information Officers have increased their “security-related” and “computer specialist” staff to address security issues, but most believe that their security is still vulnerable and needs to be improved.  Understanding a complex group of technologies and processes that have been built and modified many times over the years, especially at a large university or medical center complex, will be not only time-consuming, but also costly.  Security, like complex IT systems, was never designed in any organized manner.  It simply expanded as more and more access was made available, patient rights were defined, technology capabilities expanded, and more Internet-related communications and document-sharing occurred.

Hospital Security Concerns

Further, HIPAA security requirements were thrown into the mix in an era when hospital budgets were shrinking, and hospitals were trying to meet their costs through consolidation or reduction of programs and staff.

The prime concerns for information security are:

  • confidentiality – information is accessible only by authorized people and processes;
  • integrity – information is not altered or destroyed; and
  • availability – information is there when you need it.

Hospitals will continue to review, update and further document their security issues, monitor changes, and develop processes to mitigate the problems.  Gap analyses will continue to determine where vulnerabilities are or potentially could occur.  This process will be time consuming, but will enable the hospitals to determine how each system is integrated into their portfolio of systems and applications, and how it will be integrated with new technology.  Most importantly, it will facilitate identification of the detailed process of requesting, securing, and approving access to confidential patient records, systems, or applications.  It will enable hospitals to move forward with other technology enhancements in a secure manner.

Patchwork Security Quill

As stated previously, security has grown piecemeal as needs have been integrated with system, application, and software program growth.  It is literally a patchwork of various security functions and restrictions that may just be applicable to a certain application or software product or may be applicable to several applications but not all.  Various security software or SaaS packages have been deployed at different facilities across the United States that provide firewalls, access controls, tracking systems, and various other HIPAA security compliant capabilities; however, even with all these controls no one person within a hospital environment is fully aware of all the security requirements, security structures, the integration of the security network or whether any of the security network works efficiently and effectively.  Building a basic understanding of the entire network is the basis for developing and improving the entire HIPAA-related security process.  Besides the security involved within the hospital systems and through the Internet, there is still the issue of physical security, security theft or inappropriate access to patient information.

Typical Security Queries

The following list provides examples of typical questions related to security of information stored either on the laptop or on an accessible Intranet site from the laptop that should be addressed. All of these questions relate to additional time and expense in having an assigned individual monitor all aspects of this tracking process:

  • Is there an accurate record or log of each piece of equipment referenced at the hospital?
  • Do I know how many of the laptops are portable and used at home?
  • Are personal digital assistants (PDAs) and laptops encrypted and is the employee required to change passwords frequently?
  • Do I know how many of these portable systems are used for personal services?
  • Do I know how many of these laptops are used by family members?
  • Do I know how secure the portable systems are?
  • Do I know if they are just password protected or whether other security measures are in place?
  • Is every piece of equipment accounted for when employees leave, including PDA, laptop, CD, DVD, or other storage devices?
  • Do I know who can access confidential patient information from a remote office or home?
  • Is there a defined process for discarding old computers and old media?
  • Do employees know the hospital’s reporting process if their laptop is stolen or hacked?
  • Is virus and spyware software continually updated?
  • Are employees provided with information on how to secure their laptops or blackberries?
  • Do employees know what to do when attachments from unknown sources are sent and/or downloaded?
  • Does the employee use home-burned CDs/DVDs on their laptop?
  • Is system backup maintained by every employee?
  • Do employees know to “log off” when leaving their desktop or is there an automatic “log off” capability built within the system?

Security Administrators and Managers

Hospitals are employing security administrators and security staff to identify potential risks, vulnerabilities, risk scenarios, and develop policy and procedures to address all of these issues.  HIPAA compliance reviews and approval processes from HIPAA officers or legal counsel will be an added process for the hospital as part of any security consideration.  All of these security review processes, requirements, and staffing represent new and most likely unbudgeted costs with higher-than-anticipated associated costs to the hospital.  Costs need to be based on the affiliated risk, and the associated manpower or technical systems/software required to fix the risk; these indirect costs (i.e., not direct labor costs related to patient care) are being met from the hospital profits.

Risk Assessment Queries

Every covered entity should complete a risk assessment and review it periodically.  Focus areas that need to be addressed in the risk plan include the following:

  • workforce clearance (does the job require access to patient information and is it documented in the job description);
  • training (ongoing awareness and reminders); and
  • termination (what are the processes and procedures for assuring that a terminated employee does not have future access to any confidential patient information).

Today it is important for all hospitals to focus on contingency plans and disaster recovery to prevent any arbitrary loss of patient information.  Hospitals need to plan for and demonstrate that disasters such as Katrina or 9/11 or Japan or Alabama will not affect the security of the systems or access to patient information.

Many hospitals provide routine reviews, and system maintenance and updates to combat potential security problems or concerns with regard to confidential patient information.  However, inadvertent or even intentional changes to systems can cause serious data problems as the data integrates throughout the hospital IT environment.  Security breaches at this level can come from inside or outside the hospital.  They can be malicious or accidental and they can be related to system function disruption or data degradation.  They can relate to potential failures to properly share data and coordinate information.  They can also be the cause of major patient clinical errors, physician dissatisfaction, inaccurate record information, duplication of records, and as always, additional cost to the hospital that must identify the potential breach, develop a solution, and correct the issue at hand.

Main Concern

Direct access to information is probably the biggest security issue.  It affects personnel access to the systems they need in their daily jobs and tends to be poorly controlled.  Because hospitals need to provide access to information, they are sometimes lax about who has that access.  As an example, ask any hospital to not only identify each access user on the system, but also identify who uses each specific application.  Few hospitals have that capability. They would require additional resources to develop not only a major computerized index, but also the time and attention to monitor and to change users’ rights to access.  Many hospitals routinely request that the business or IT manager provide access for new employees that is similar to what another comparable staff person has — not really addressing the particular “right to know” or determining whether the new employee really needs a particular level of access.  Experience within the hospital environment also shows that many of the staff still have the same access to systems that they have had for years, even though they may have changed positions several times.

Finally, many staff have access to confidential patient information, yet few of the hospitals have ever linked this “right of access” to a background check.  Access to the hospital system is given to employees to perform a job.  In turn, the hospital is widely opening its doors to access a wide range of financial or confidential information, or even competitive information.  Many of these hospitals have employed designated staff to change and delete access rights, or allow read-only access, or read/write access; however, vulnerability still can exist.  Security is a trade-off between control and flexibility and there will always be weak points.  For those hospitals that have in place a comprehensive security review process, policy and procedures, and a contingency plan, the risks and liability can be limited.

Assessment

Regardless of the cost, HIPAA security and privacy regulations have changed the hospital environment.  The hospital and its IT and security staff need to be proactive.  There is simply too much at stake and potentially too many issues where mistakes could cause the hospital a serious system problem or result in a large fine.  HIPAA and the responsibility to provide reasonable patient care risk reduction mandate secure healthcare IT operations.  To do less simply allows patient care and healthcare delivery outcomes to be exposed to unacceptable levels of unnecessary risk.

About the Author

Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported.

She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow, Past President and current Board member and an ACT/IAC Fellow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

%d bloggers like this: