• Member Statistics

    • 776,929 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed Distinguished University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital recruited BOD member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2019]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2018
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$250-$999]January 1st, 2019
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. ******************************************************************** THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

EMR Security Risk [No protocol for physical emergencies]

Join Our Mailing List

BEWARE “OLD-FASHIONED” CYBER SECURITY PHYSICAL RISKS

By Shahid N. Shah MS]

Shahid N. Shah MS

In the event of an emergency [likes now storm Jonas last week], a well defined contingency plan helps the team to allow for data restoration in addition to providing physical security. A contingency plan is usually used when there is an emergency, for example when there is an outage. During the crisis it is important that the doctors still have access to EMRs/ePHI so that the quality of care is not compromised.

Major Mitigation:

Based on the size of the physician’s practice, the contingency plans in place may vary. For small doctor’s offices, the whole staff may need to be involved in restoration. In the case of large physician practices, authorized personnel may need to be accompanied into the buildings by guards.

A contingency plan should be in place that ensures the right people have access to where the PHI is physically housed. This would mean that there needs to be procedures and processes that are well established so that in the case of an emergency, authorized people that have access can retrieve the PHI or even make a back up copy of the PHI data.

For example, this can mean bringing up the application in another data center if the primary data center housing the application becomes inaccessible. This should be done so that the physician’s have uninterrupted access to their patient’s PHI even in the event of an emergency.

***

winter solstice

http://www.BusinessofMedicalPractice.com

***

Assessment

Periodic third party audits of contingency plans and mock emergency drills can help ensure that this risk has been taken care of and mitigated.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

***

About the lack of ePHI encryption in transmission and at rest?

Join Our Mailing List 

 e-Patient Health Information is Vulnerable!

Shahid N. Shah MS[By Shahid N. Shah MS]

ePHI is vulnerable to be compromised in all the states it is in. Whether it is at rest (in databases and files), or in motion (being transmitted through networks), or in use (being updated, or read), or is disposed (discarded paper files or electronic storage media).

An extra layer of security

Using encryption puts an extra layer of security to ePHI because even if someone gains access or reads ePHI, if it is encrypted then the chances of ePHI getting compromised diminishes. It makes the data unreadable and unusable by unauthorized persons. When ePHI is transmitted through networks, it is possible that it will be accessed by unauthorized persons, thus compromising ePHI. These type of unauthorized access hacking may not be immediately known, but can cause many damages.

Major Mitigation

ePHI should be encrypted and there must also be reasonable and appropriate mechanisms in place to prevent access to ePHI so that it is not accessed by persons or software programs that have not been granted access rights.

There are many different encryption methods and technologies to encrypt data in motion (SSL, VPN) or at rest.

So, choose the methods and technologies that best meet the physician’s office requirements.

***

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Success criteria

A risk analysis/assessment reports will provide a clear indication of whether these type of risks exists or has been mitigated with appropriate controls.

Assessment

Auditing logs that track access to ePHI can be verified periodically to check if there has been unauthorized access by persons or software programs that have not been granted access rights.

More:

About: Meet Shahid N. Shah MS [Our Newest IT Thought-Leader]

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

[HEALTH INSURANCE, MANAGED CARE, ECONOMICS, FINANCE AND HEALTH INFORMATION TECHNOLOGY COMPANION DICTIONARY SET]

      Product DetailsProduct DetailsProduct Details

[Mike Stahl PhD MBA] *** [Foreword Dr.Mata MD CIS] *** [Dr. Getzen PhD]

***

On the lack of encryption of ePHI in transmission and at rest

Join Our Mailing List 

Shahid N. Shah MS[By Shahid N. Shah MS]

ePHI is vulnerable to be compromised in all the states it is in. Whether it is at rest (in databases and files), or in motion (being transmitted through networks), or in use (being updated, or read), or is disposed (discarded paper files or electronic storage media).

Using encryption puts an extra layer of security to ePHI because even if someone gains access or reads ePHI, if it is encrypted then the chances of ePHI getting compromised diminishes. It makes the data unreadable and unusable by unauthorized persons. When ePHI is transmitted through networks, it is possible that it will be accessed by unauthorized persons, thus compromising ePHI. These type of unauthorized access hacking may not be immediately known, but can cause many damages.

Major Mitigation

ePHI should be encrypted and there must also be reasonable and appropriate mechanisms in place to prevent access to ePHI so that it is not accessed by persons or software programs that have not been granted access rights.

There are many different encryption methods and technologies to encrypt data in motion (SSL, VPN) or at rest. Choose the methods and technologies that best meet the physician’s office requirements.

Success criteria

The risk analysis/assessment reports will provide a clear indication of whether these type of risks exists or has been mitigated with appropriate controls.

***

secret

***

Assessment

Auditing logs that track access to ePHI can be verified periodically to check if there has been unauthorized access by persons or software programs that have not been granted access rights.

More

ABOUT 

Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At http://shahid.shah.org he writes about architecture issues; at http://www.healthcareguy.com he provides valuable insights on applying technology in health care; at http://www.federalarchitect.com he advises senior federal technologists; and at http://www.hitsphere.com he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

***

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Is there a Lack of Guidelines on the ReUse of Hardware or Electronic Media for Healthcare?

Join Our Mailing List 

What to do to mitigate risk

Shahid N. Shah MS

[By Shahid N. Shah MS]

It is a common scenario that the hardware and electronic media are re-used instead of being simply disposed. They can be reused either internally within the healthcare organization or they can be resold or donated to other organizations/individuals.

Whatever may be the nature of reuse, it is important that all ePHI are completely erased using official government approved wiping methods, before it is given out for re-use. If this is not done, there are fairly high chances of the data being exposed and there by compromising ePHI.

Major Mitigation

Specific policies and procedures needs to be defined which clearly provides guidelines on the measures to be adopted when hardware or electronic media are reused. Often the risks associated with internal reuse of these media are overlooked, and as such there are no guidelines. Even if it is internal reuse, the same level of risks associated with unauthorized access exists here. 

Secondary Mitigation

Policies and procedures which advocates the use of logs and book keeping for these reuse would help to track these media in a better way. 

Success criteria

Audit of the logs and book keeping records will provide the information on whether the policies are being followed. And, the risk assessment report will give a clearer picture whether this risk has been mitigated or not.

***

working with computer

*** 

ABOUT

Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At http://shahid.shah.org he writes about architecture issues; at http://www.healthcareguy.com he provides valuable insights on applying technology in health care; at http://www.federalarchitect.com he advises senior federal technologists; and at http://www.hitsphere.com he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

***

[PHYSICIAN FOCUSED FINANCIAL PLANNING AND RISK MANAGEMENT COMPANION TEXTBOOK SET]

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Dentists for De-Identification

Join Our Mailing List 

A Start-Up Idea

[By Darrell K. Pruitt DDS]

1-darrellpruittAn early, shoestring proposal for a non-profit dedicated to common sense security solutions.

Why? if patients’ identities are unavailable, they cannot be hacked.

Recently, I’ve considered starting a non-profit dedicated to keeping patients’ identities off of dentists’ computers where they are far too easily fumbled thousands at a time. I think I might call it “Dentists for De-identification.” What do you think?

My son Ryan and I have discussed putting together an educational YouTube cartoon – comparing the cost, convenience and security of encrypted Protected Health Information (PHI), to storing PHI, including medical information, only on paper in bulky metal filing cabinets – leaving only nameless, unencrypted dental records on the computer. De-identification is the “other” HIPAA Safe Harbor, meaning if patients’ de-identified dental information is stolen or hacked, nobody has to be notified. And, since the patients’ nameless dental records remain unencrypted, de-ID should not slow down work flow like encryption does.

***

eHRs

***

One could call employing in-house reference numbers to re-connect patients’ digital dental information to paper-based PHI a hybrid solution to an otherwise intractable security problem. The solution is nothing new, and has a long history of success. For decades, police departments have been substituting in-house reference numbers for citizens’ names to protect the owners. I see no reason it cannot work for dental radiographs as well.

Depending on staff’s familiarity with the alphabet, pulling a patient’s thin paper record from a loud filing cabinet might even take less time than correctly typing in an encryption key (on the first try). What’s more, since there is a limit to the number of patients even the fastest dentists can treat in one day, 4000 or so active patients per dentist is a reasonable estimate of the number of records in a  busy dental practice – which is probably one third of the records in the average physician’s practice. Since the dental information remains digital and only a couple of sheets of paper are needed to reveal the patients’ reference number along with a brief medical history, very little filing space should be needed.

The problems with encryption don’t end with correctly entering the key. Once permitted access to encrypted ePHI, it will take much more time to de-crypt one radiograph than it takes to open a manila folder. Depending on the number of radiographs and other digital images – including complex cone-beam radiographs – a patients’ encrypted diagnostic history could require several minutes to view.

I would want to witness the De-ID non-profit professionally investigate whether de-identification indeed offers a cheaper and more secure solution to data breaches from dental offices. I think we all know by now that full disk encryption will never be the answer.

***

Medical Charts

***

Assessment 

Still too soon? Give it time. The FBI assures us that more massive data breaches are just around the corner.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

 

OCR Imposes Penalties for Employee’s Unauthorized Viewing of PHI

By Garfunkel Wild, PC

Join Our Mailing List 

Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.

Initial Complaints

Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.

Assessment

This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

%d bloggers like this: