For the last two years I've been writing articles for Multibriefs and the healthcare associations that distribute their content. It is part of the reason my blog isn't getting the attention it has in past years, but having my thoughts exposed to broader audiences is the tradeoff.
My latest article, Securing Health Information on Mobile Devices, contains important and timely information given the surge in data breaches and HIPAA violations. Below is an excerpt that describes the newly released Cybersecurity Practice Guide, but I hope you will read the entire article, too!
It guides information technology staff and leadership, using open source and commercially available tools and technologies that are consistent with cybersecurity standards, so those providing care can more securely share patient information.
The guide was built around an environment that simulates integration among mobile devices and an EHR system supported by the IT infrastructure of a medical organization. It walks users through the process of implementing relevant standards and best practices to help doctors, nurses and other caregivers use mobile devices in conjunction with an EHR.
The centerpiece is a hypothetical primary care physician who uses her mobile device to perform reoccurring activities such as sending a referral (e.g., clinical information) to another physician, or sending an electronic prescription to a pharmacy. It highlights the characteristics and capabilities that an organization's security experts can use to identify similar standards-based products that can be integrated quickly and cost-effectively with a healthcare provider's existing tools and infrastructure
The alternative? A $750,000 HIPAA settlement emphasizes the importance of risk analysis and device and media control policies. Cancer Care Group, a radiation oncology private physician practice, was in widespread non-compliance with the HIPAA Security Rule. It had not conducted an enterprise-wide risk analysis and did not have a written policy specific to the removal of hardware and electronic media containing ePHI into and out of its facilities, even though this was common practice within the organization.
Cancer Care will now adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. http://www.hhs.gov/news/press/2015pres/09/20150902a.html
Posted by: Christina Beach Thielst | October 18, 2015 at 03:39 PM
Great article, I have come across this great application which helps the Healthcare Sales Professionals all the tools to enhance the engagement with the customer. The platform provides a blend of planning, messaging and reporting tools to fuel higher sales conversions. http://bsharpcorp.com/healthcare/
Posted by: jerry | November 01, 2015 at 11:18 PM