Welcome!

Blog Feed Post

HIPAA Compliance Checklist – Pitfalls to Avoid

For a healthcare organization to be HIPAA compliant it needs to ensure that the right controls are in place to protect the privacy of patient information. This means that controls are provided to ensure that sensitive patient information is not left visible to non-relevant parties and that the exchange of information between practitioners follows HIPAA standards of encryption and access control.

While these standards seem straight forward, it is important to note that HIPAA was established before cyber security threats became the issue they are today. Cyber security threats continue to plague hospitals and expose them to HIPAA fines. Perhaps the best way for institutions to protect themselves from attacks and gain the upper hand against would be attackers is to maintain constant vigilance.

The cost of failing to maintain vigilance is substantial. HIPAA violations can result in substantial fines to a practice ranging from $100 to $1.5 million. Indeed, in 2016 Hollywood Presbyterian Medical Center (HPMC) had to pay $17,000 after a ransomware attack, which encrypted its EHR and demanded the sum of money in exchange for the encryption key.

This ebook will look to highlight 5 points that healthcare organizations can embrace to improve their chances of remaining HIPAA compliant and vigilant about network security. Healthcare organizations work to improve their ability to thwart attackers and defend themselves against intrusions by attackers. By starting with some straight forward actions , healthcare organizations will dramatically improve their protection against threats and hacks.

HIPAA Compliance Checklist – Pitfalls to Avoid #1 : Texting of patient information

Texting patient information such as test results or images is an easy way that providers can relay information to their colleagues quickly. While it may seem harmless, it potentially places patient data in the hands of cyber criminals who could easily access this information. Additionally, using standard texting capabilities on a smartphone constitutes a major HIPAA violation.

In 2014, a medical resident treating a North Carolina nursing home patient asked a nurse to text the lab results. As a result, the facility ended up paying a high price for using this inherently insecure messaging medium. The Centers for Medicare & Medicaid Services (CMS) gave the nursing facility an “e-level deficiency,” meaning there was “no actual harm but potential for more than minimal harm

While the case of the facility in North Carolina did not enable sensitive information to end up in the hands of criminals, it does demonstrate the ease with which a HIPAA violation can be incurred.

HIPAA Compliance Checklist – Pitfalls to Avoid #2 : Inability to wipe lost or stolen devices

Accellion reported that 68% of healthcare security breaches were due to the loss or theft of personal mobile devices or files. Indeed, mobile devices are the most vulnerable to theft because of their size.

The impact of this theft should not be minimized as theft of PHI (protected health information) through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA fines.

By not having a procedure in place to remotely wipe a smartphone of relevant patient information, hospitals are placing themselves at serious risk. As noted, loss or theft are more common than institutions would like. As such, they cannot ignore the need to have procedures in place to manage the situation effectively.

Necessary safeguards should be put into place such as password protected authorization and encryption to access patient-specific information. Ideally, the smartphone devices that practitioners are exchanging patient information on will provide administrators with the proper technology to wipe the smartphones if lost or stolen.

To read the rest of the pitfalls read our e-book

HIPAA Compliance Checklist

The post HIPAA Compliance Checklist – Pitfalls to Avoid appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...