As the world becomes increasingly interconnected, technology adoption remains one of the defining factors in the modern healthcare environment. Here are three technologies that will help shape the future of healthcare through 2017 and beyond. Wearables Wearable medical and fitness technology is becoming more common throughout the world, and as more devices enter the market, […]
Implement an efficient incident response plan As the new year is upon us, it’s time to start thinking of some resolutions for the year ahead. Why not try something different this year and set your organization some resolutions based on improving cybersecurity, such as the following: Talk to your employees more Human error is frequented […]
The holidays are coming, and most of us are looking forward to taking some time away from work, to relax and unwind with friends and family. With this, many of us will set our workplace computers to an ‘out of office’ status, and carry out any essential tasks remotely from our mobile phones, laptops and […]
Encryption is the process of converting readable information into indecipherable code, while in transit or storage. Encryption is important because it prevents unauthorized parties from accessing sensitive data or information, which for the healthcare industry in particular, is critical for keeping patient health records private. While no organization is immune to the threat of security […]
Cloud fax is transforming day-to-day workflows for businesses of all sizes across a wide range of industries. As well as helping save the planet (enough of a reason to switch from manual faxing alone, in our opinion), cloud fax services can benefit businesses in a number of ways. While not an exhaustive list, the following […]
The term shadow IT is used to describe any IT system being used within an organization, without the organization’s knowledge or consent. While shadow IT can help to improve workflows, it can also introduce security failings which may not be picked up until it’s too late. According to a recent report by Gartner, it is […]
Mobile messaging is changing communication in healthcare. For health professionals, mobile messaging is a fast and efficient way of managing workflows and coordinating care, while from a patient’s perspective, the platform provides a convenient and familiar line of communication with practices and caregivers. More traditional methods of communication, like paging, are typically limited one-way communication […]
The Department of Health and Human Services’ (HHS) guidance on security and privacy for HIPAA covered entities fails to comply with federal guidelines, according to a recent U.S. Government Accountability Office (GAO) report. The report, released last Monday, found that HHS guidelines do not fully address key security controls of the Cybersecurity Framework, issued by […]
Mobile messaging has become an integral tool for healthcare professionals in recent years, with an increasing number of care teams looking to HIPAA-secure mobile messaging solutions as an alternative to outdated paging systems. However, with so many vendors out there, finding a solution which is reliable, flexible and truly secure, is often easier said than […]
New guidance released by Office for Civil Rights (OCR) confirms that cloud service providers (CSPs) that store patient health information must now comply with HIPAA. If you’re thinking, “why only now?”, you’re not alone. Cloud storage is one of HIPAA’s many gray areas, due the fact CSPs have, until now, been able to circumnavigate their […]
Twenty years ago, on August 21, 1996, President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law. In those two decades, healthcare has changed a lot, and HIPAA has assisted with those changes along the way. Those original privacy provisions, as signed by Clinton, totaled 337 words. By 2002, when the […]
For healthcare professionals, having access to reliable and secure lines of communication is essential for delivering a timely and substantial level of care to patients. In today’s modern practice, mobile messaging has become an integral component in the clinical workflow, due to its many benefits, which include: Two-way communication Unlike paging, mobile messaging is a […]
According to a 2015 report into smartphone usage in the U.S., 97% of smartphone owners use text messaging as a means of communication on a regular basis, making it the most widely-used mobile feature of all. With these numbers in mind, it is clear to see why organizations are embracing text messaging as a way […]
The U.S. Department of Health and Human Services (HHS) recently issued a report to Congress, outlining the gaps that exist in the scope of health data protection. The 32 page document serves to recognize that “While HIPAA serves traditional health care well and continues to support national priorities for interoperable health information with its media-neutral […]
It will probably come as no surprise that the average cost of a data breach in the healthcare industry was the highest of all surveyed industries in a recent Ponemon Institute report. Setting a new record high at $402 per capita cost, healthcare data breaches have increased substantially above the overall mean of $221. […]
Physicians have long recognized the benefits of a mobile workflow, having the ability to carry out tasks with minimal disruption is an effective means of delivering care to their patients. In fact, around 87 percent of doctors are currently using smartphones and tablets to complement their workload. Secure text messaging is becoming an increasingly popular […]
A few months back, we published a guide detailing some of the ‘gray areas of HIPAA’ that all covered entities and business associates need to be aware of. The HIPAA rules apply to behavioural and mental health in much the same way, but there are a few differences for providers who specialise in these fields. […]
Last week, The HHS Office for Civil Rights (OCR) kicked-off its long anticipated program of Phase 2 HIPAA Audits of covered entities and their business associates. The process will investigate policies and procedures adopted and employed by these parties to meet standards and specifications of the HIPAA Privacy, Security, and Breach notification rules. Does this […]
The Office for Civil Rights’ Phase 2 HIPAA audits are looming, and organizations need to be prepared. However, many entities that handle PHI are unaware of where they may be noncompliant due to confusion within some areas of HIPAA. The HIPAA rules apply to many industries outside of healthcare. Despite this, many organizations conclude that […]
The HIMSS Annual Conference & Exhibition has long been a hotly-anticipated date in the health IT calendar, and this year’s event was no exception. As the dust settles after HIMSS16, we’ve compiled five of the biggest topics of conversation from our five days in the Mojave Desert. Cybersecurity Cybersecurity was a major talking point of […]
The HHS Office for Civil Rights (OCR) has published new guidance on its mHealth Developer Portal, to help app developers determine how HIPAA regulations might apply to the products they are building. The new guide, entitled Health App Use Scenarios & HIPAA, includes six hypothetical scenarios which set out to address the following two questions: […]
There have been a number of high profile data breaches during 2015, particularly in the healthcare sector, but also some significant breaches in other sectors that we felt were worth a mention in this year’s data breach round up. While reported breaches are down by 2.5% YoY, it is clear from the variety of organizations […]
The 2015 Protected Health Information Data Breach Report by Verizon brings to light issues associated with the safeguarding of protected health information (PHI), the main causes of disclosure, and advice for organizations that handle such data. While the data analysed in this report has a strong US bias (83%), the report should serve as a […]
Social media is an increasingly common presence in healthcare, among providers and consumers alike. For healthcare providers, social media can be an extremely effective marketing tool, acting as a direct line of communication between current and prospective patients. Social media sites, forums and blogs also act as a valuable platform for healthcare professionals to share […]
When selecting a HIPAA fax provider, you’d think that companies who state they offer HIPAA compliant faxing solutions would be prepared to sign a Business Associate Agreement (BAA), right? Well, you’d be wrong. Some cloud fax providers don’t sign a BAA. They advertise that they are HIPAA compliant, but according to the HIPAA Omnibus Rule […]
The first round of HIPAA audits conducted by OCR in 2012 seem like a distant memory. With the threat of audits looming since fall 2014, organizations have had longer than expected to prepare for the phase 2 audits, in part due to the delays caused by slow web portal development and OCR resources being stretched […]
A recent study has shown that BYOD (bring your own device) is decreasing amid concerns around data security. Of the organizations surveyed, 73% allowed BYOD, down from 88% in 2014. This is in contrast to the Gartner research conducted at the end of 2014, which projected that 90% of organizations would support some aspect […]
Earlier this month HHS’ Office for Civil Rights (OCR) launched an online portal intended to help mobile health app developers better understand the HIPAA privacy and security rules. The OCR explains, “many mHealth developers are not familiar with the HIPAA Rules and how the rules would apply to their products. Use this site to help […]
Concerns around wearable tech meeting HIPAA compliance have been much discussed following the launch of Apple Watch, and Apple fitness and medical research frameworks HealthKit and ResearchKit. Fitbit is obviously a company that took note of these concerns after they announced that their wearable tech is now HIPAA compliant. This will allow Fitbit to expand […]
A simple error made by an employee sending an email to a contracted provider resulted in the unintentional disclosure of the medical records of 3,000 clients of the Community Care Services Program based in Georgia. The Community Care Services Program is responsible for helping people at risk of nursing home placement to remain in their […]
If you’re in healthcare, odds are you send and receive faxes on a daily basis. Despite the best efforts of the healthcare exchanges, it’s just too early to solve the interoperability issues that prevent the secure sharing of patient data between EHRs. Here’s a helpful list of safeguards to follow when faxing PHI so that […]
It is accepted wisdom that for its universality, immediacy and security, faxing will remain a part of business life for the foreseeable future especially in industries like healthcare where real-time exchange of documents is critical every day. Those troublesome fax machines and fax servers are being phased out in favor of secure digital fax services. […]
The Department of Health and Human Services (HHS) recently released a comprehensive guide to the Privacy and Security of Electronic Health Information that covers a lot of ground in its 7 chapters and 60+ pages. Scrypt, Inc. created a cheat sheet that illustrates the key HIPAA rules around handling protected health information (PHI).
Healthcare organizations and other covered entities have an obligation to protect the privacy of the their patients’ ePHI (electronic protected health information). The HIPAA Security Rule requires covered entities and business associates to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting patients data. As part of this requirement, they must: Ensure […]
Announced in March 2015, ResearchKit is an open-source software framework developed by Apple to aid medical researchers and healthcare organizations in collecting medical information on patients and participants straight from their iPhone or Apple watch. ResearchKit apps created by developers could change the way in which medical research and health monitoring is conducted forever. 1 […]
Business Associates, or BAs, have not been covered by the HIPAA Security and Privacy Rule for as long as the healthcare organizations they provide services to, and this means that some BAs may be unsure of what to do when it comes to being able to handle a data breach incident. No matter the size […]
Up to four million current and former federal employees may have been compromised following a breach of computer systems of the Office of Personnel Management (OPM), making it the largest known cyberattack to occur on a federal network. The attack started in December of 2014 but was not discovered until April of this year. The […]
A webinar to discuss the findings of The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data highlighted that healthcare data is becoming targeted by criminals more frequently than ever as patient data becomes a high value commodity on the black market. The benchmark study collected information from 90 organizations, including both covered […]
As Jerome Meites, HHS Chief Regional Civil Rights Counsel, warns that penalties to date are “low compared to what’s coming up”, it’s time covered entities and business associates take data security seriously.
For those looking to ensure their healthcare data is properly protected, it is worth carefully exploring the measures your chosen service implement.
The threat of PHI data being used for criminal activities is expected to grow – 2014 saw numerous high profile breaches, many of them caused by hackers. However, as the move to ePHI continues, healthcare professionals and their business associates have legitimate access to thousands of patient records at their fingertips, and while the majority […]
The adoption of electronic patient healthcare information (ePHI), and the widely reported data breaches throughout 2014 has raised concerns around data security, as more and more organizations shift towards implementing measures that could see paper PHI eliminated completely. This is a particular concern for smaller organizations where implementing HIPAA compliant technologies may be a strain […]
Covered entities and business associates need to take extra precautions to protect patient personal health information (PHI), as penalties could be staggering. This has been highlighted recently in the Byrne vs. Avery Center case in Connecticut. Byrne sued the Avery Center for negligence after her personal medical information was disclosed to her ex-partner’s attorneys as […]
There has been no shortage of HIPAA related controversy this year, so with 2015 just around the corner, we thought we’d roundup news highlights from the past 12 months. Increase in complaints The number of HIPAA violation complaints received by the Department of Health and Human Services continued to increase during 2014. By May 2014, […]
The cost to the environment 1 million trees could be saved every year if 5% of organizations switched to a paperless cloud faxing solution. Conventional fax machines are responsible for consuming more than 200 billion pages of paper each year in the US alone – a single machine uses an average of 5,000 sheets of […]
The demand for home health care is expected to continue to rise over the coming decades as millions of baby boomers begin to retire. The US Census Bureau predicts that by 2030, there will be about 72.1 million older persons in the United States; more than twice the number reported in 2000. Data compiled from […]
How secure is your PHI data? HIPAA (Health Insurance Portability and Accountability Act) are set to begin phase 2 audits in 2015, and OCR (United States Office of Civil Rights) have projected that part of the auditing process will include checking whether all systems and software that transmit electronic PHI (Protected Health Information) use encryption […]
Vast amounts of sensitive information is shared within the healthcare industry every day. Email may sound like the most logical tool for sharing such information – it’s quick, fast and easy to use – but it is also inherently insecure. The most common pitfall of email is quite simply human error – sending sensitive information […]
The phase 2 audits will focus on targeting HIPAA Standards that were sources of high numbers of non-compliance in the phase 1 audits. This may include: Risk analysis and risk management Content and timelines of breach notifications Notice of privacy practices Individual access Privacy Standards reasonable safeguards requirement Training to policy and procedures Device/media controls […]
Following the phase 1 audit, which focused exclusively on covered entities, the phase 2 audit conducted by The Office for Civil Rights (OCR) will also focus on business associates. From a pool of approximately 550 – 800 covered entities, which have been randomly selected from the National Provider Database and America’s Health Insurance Plans databases, […]
A spokesperson for the U.S. Department of Health and Human Services’s Office for Civil Rights has urged entities to remain patient whilst an audit web portal is developed.
The one-year grace period is up! If you haven’t reviewed your Business Associate Agreements in the last year, it’s time to check your documentation.
Don’t make the same mistake as these covered entities! Learn from their mistakes and reduce the risk of a HIPAA breach within your organization.
Between 550-800 covered entities will be reviewed in the upcoming Phase 2 HIPAA audits. Find out what’s changed and who will be affected.
In 2012, the Department of Health and Human Services (HHS) alongside the Office of Civil Rights (OCR) undertook HIPAA audits of around 150 covered entities (CE) to assess adherence to the HITECH Act. Focusing on privacy, security, and breach notification, the comprehensive audits analyzed the processes, controls, and policies of selected CEs to verify compliance. […]
With hacking accounting for just 6% of healthcare data breaches, find out how PHI is being put at risk.
As the second largest HIPAA breach ever reported goes public this week, are you up-to-speed with the different types of data breaches?
Did you know there are 18 different identifiers under HIPAA that constitute PHI? Read on to find out more.
Worried about cost, security or implementation? Don’t be! Moving to cloud fax can save you money and make sure your documents remain fully secure. Find out how.
Have you undertaken a risk analysis? Don’t leave it too late! Read on to find out how you can work towards HIPAA compliancy.
A shock discovery exposes Concentra as another HIPAA breach is uncovered. Find out more here.
Advancements in technology has changed the way business works. Here’s how you can evolve your business with cloud fax.
Further penalties emphasize the importance of HIPAA compliance as Concentra and QCA Health Plan agree on penalty settlements.
Verizon’s Data Breach Investigation Report show Healthcare as top industry for physical data theft and loss. Find out more here.
With cloud fax there’s no need to risk sending sensitive documents by email. Securely send important documents via your mobile or tablet in six simple steps.
Market research confirms a significant increase in EHR adoption amongst solo physicians as cloud technology transforms the Healthcare industry.
Are your vendors taking care with PHI? Here are 3 tips when considering your Business Associates.
With the ‘Digital Government’ focusing on technology it’s more important than ever for professionals to embrace mobile and cloud services. Find out more.
There has been some debate around how long a BA should retain documents containing PHI, as seen in this LinkedIn forum discussion. Some attest that BAs should retain these documents for as short a time as possible while others state regulatory issues that make it necessary to retain these documents for 6 or 10 years.
Under HIPAA ‘covered entities’ must go beyond password protection to protect sensitive information. Find out why here.
Every day healthcare professionals rely on the secure transfer of sensitive documents and data. Find out more about our resolute commitment to HIPAA compliancy.
With BYOD on the rise for healthcare professionals make sure you’re aware of app security risks and to avoid to them.
With patient knowledge of digital privacy falling short, cloud-IT service providers must take responsibility for the security of EHR to protect PHI.
Where do you stand on the health IT ‘digital divide’? Is a lack of financial incentives and technical assistance holding your organization back?
With over 70 breaches added to the HSS Breach Notification Tool since last month, it’s time for healthcare professionals and organizations to make sure HIPAA compliant procedures are in place.
The cloud is becoming an indispensable component of everyday business. Here we discuss considerations for healthcare professionals when it comes to cloud fax and HIPAA.
From stolen laptops to programming errors, find out what caused the biggest HIPAA breaches of 2013 and who was responsible.
Start streamlining your business workflow with cloud faxing. Here are five ways in which cloud faxing can benefit your business.
With extensive physical, organizational and the technical measures in place you can rest assured that cloud faxing with Sfax is secure.
Physician-to-Physician Communication With the number of serious medical errors on the rise due to miscommunication among health care providers, it is shocking that there has been little meaningful change in this area in the past decade. There have been many efforts recently that aim to effectively lower medical costs for patients, but few that would […]
ith more health professionals using smartphones and tablets in their work, the security of these devices is of utmost importance in order to prevent data breaches.
As we discovered recently, more healthcare professionals than ever before are turning to smartphones for their day-to-day work.
According to a new HIMSS Analytics report, the exchange of health data in Health Information Organizations (HIOs) is being slowed by the use of paper and traditional fax. Sfax can provide an answer.
According to the study of 1,063 participants, 86% use smartphones, which is up 8% from 78% in 2012. 53% of those studied use tablets at work, compared with 34% in 2012. All participants use laptops or desktop computers, and 47% use all three devices at work.
From small startups to giant corporations, communication is the key to any successful business. Uniting departments and organizations across any distance, fax is a long-standing, reliable method of transferring messages and data. Some may say there is no space for fax in the digital age, but this is far from the truth. Online fax is alive and well, and there are numerous reasons why it is a valuable addition to any company.
With thefts and data compromises happening with alarming regularity around the world, making sure that your data is sent via a secure channel should be your top priority.
In the age of tablets and smartphones, PCs and laptops are being rapidly replaced in the home as well as in the workplace. More and more companies are making use of the portability and flexibility of tablets for day-to-day work, but is it something that workers really want?
Today, Austin-based SecureCare Technologies, Inc. has announced the release of the new mobile app version of its secure cloud fax service, Sfax. The free app, available on iOS and Android devices, allows its customers to manage their faxes ‘on the go’. Sfax for Mobile allows users to securely send, receive and manage faxes from their […]
As doctors, we are constantly looking for ways to work more efficiently without compromising patient care. One way we do this is to increasingly rely on our mobile devices, but we have to be careful we don’t accidentally violate HIPAA/HITECH privacy and security rules. Here’s a potential trap physicians may fall into. Receiving text messages […]
Whilst businesses across all industries are taking to cloud computing, healthcare providers have been slow to adopt the technology
Physicians have a lot to lose if they don’t take the time to get up to speed on how to comply with the latest HIPAA/HITECH privacy and security rules. Here’s a violation physicians may not even be aware of, but that could cost them. Not reporting a lost or stolen device that contains PHI. Losing […]
Our job as physicians has an infamous reputation for blurring lines between our work and personal lives. This blurred line carries over to patient security and can potentially be a big deal because of HIPAA/HITECH security regulations. Here’s an example of a rule you may not even know you are breaking. Allowing your child to […]
The recent final rule of the HITECH Act outlines that even if the physician is unaware of the violation, they may be fined a civil penalty of $100 – $50,000 per violation. It is time for even the most resistant doctors to pay attention to how they handle protected health information (PHI). Here’s a scenario […]
Doctors do not plan ahead to violate HIPAA, but in this digital age, they may be doing it because they did not plan ahead. Here is a common way physicians are breaking HIPAA/HITECH privacy and security rules, and may not even know it. Texting PHI to members of your care team. It’s a simple scenario: […]
Since the August 2009 Breach Notification Rule came into existence it has been clear to everyone just how frequently healthcare and patient data is compromised across the nation. Inappropriate use email continues to be a issue.
A new set of HIPAA patient privacy regulations will impact practices and physicians everywhere with stronger legal scrutiny and higher fines in place. The U.S. Department of Health and Human Services (HHS) has updated the final omnibus to enhance the security of patient privacy established by the Health Insurance Portability and Accountability Act of 1996 […]
We recently expanded our user base at DocbookMD, and found ourselves teaching the basics to hundreds of new doctors and medical society executives around the country. What became quickly apparent was the fact that while DocbookMD is very simple to use, the best features are not always obvious until you have used them once. What […]
This terminology is undergoing a bit of a revamp as the subtleties come into question. Simply put, HIPAA-compliant is an action, and HIPAA-secure is an adjective. Compliance includes active, on-going choices that a physician (or other covered entity) makes in order to keep protected health information (PHI) safe. It is the covered entity’s responsibility to […]
We love it when other people review and provide feedback about Sfax. John Lynn, HIT Analyst and author of the open forum and for EMR, EHR and HIPAA-related information, EMRandHIPAA.com, has taken a look at Sfax Driver and Sfax Online. John comments: “..we could talk about the reasons that faxes are so effective and successful, […]
In the highly regulated and litigious world in which we live, sending, receiving or managing sensitive documents and data through email or services that use email can be plain negligent. Unfortunately, many healthcare businesses are transporting Protected Health Information (PHI) and Social Security details by email or services that use email every day because they […]
Find out why, in the highly regulated and litigious world, sending, receiving or managing sensitive documents and data through email or services that use of email is plain negligent.