Tag Archives: EMR

How Technology Prevents HIPAA Violations

HIPAA violations are growing in number and cost, and have affected medical facilities of all sizes.

While training and vigilance on the part of administrators and staff is a vital component to HIPAA compliance, the right technology can turn an open book into a bank vault. From secure medical grade all-in-one computers to software to online tools, here are some of the best ways technology is making ePHI (electronic protected health information) more secure.

HIPAA violations and costly fines don’t have to be an inevitability.

How Bad is It?

HIPAA violations and fines are practically raining from the sky. 2018 saw significant data breaches, some that affected millions of patients.

In January of 2018, it was revealed that the data of 30,000 patients was stolen by hackers from Florida Medicaid when an employee fell for a phishing email.

Also in January, a medical group in New York had a record breach that had nothing to do with malicious intent. A misconfigured database with an unsecured port accidentally exposed the data of 42,000 people to anyone who stumbled across it. Social security numbers, patient notes, and even names of family members were all up for grabs.

In April, the Center of Orthopaedic Specialists in California got hit by ransomware that may have exposed 85,000 patient records to hackers. In September, three hospitals settled a $1 million dollar fine for potentially compromising patient privacy while they were filming a documentary for ABC.

And, of course, Anthem paid a record-breaking $16 million in fines and violation settlements for a breach that affected 79 million patients. They were given a hefty penalty for not only the breach itself, but for failing to implement adequate access controls, not conducting a risk analysis before it happened, and for not regularly reviewing system activity to keep an eye on red flags.

Almost all of these breaches could have been prevented or mitigated by better technology, more robust security software, and improved employee education.

Online Training Programs Can Educate Staff Members

Hacking is a multi-headed hydra that is more than just ransomware and worms. “Social engineering” describes all of the methods deployed by hackers to gain access to secure systems from regular people in an organization.

Social engineering tactics can vary wildly, from dressing like an electrician to get access to a sensitive area, to calling up an employee and pretending to be an IT tech who needs their information, or even just employing a malware program that requires a victim to click, open, download, or install something they shouldn’t have.

Consider enrolling staff members into an online HIPAA compliance course, or a general data security training program. If you’re afraid of employees falling asleep during a dry infosec video, try SecurED, a data security training course that was actually written in part by Hollywood comedy writers.

And if you want the real skinny from an expert, world-famous hacker Kevin Mitnick actually created his own security awareness training to help illuminate the best techniques for avoiding malicious software and social engineering.

Install Security Software on All Devices

Cloud storage attached to medical all-in-one computers, medical tablets, and personal devices must be encrypted. Any messages, data, or images that back up to a cloud service are just as susceptible to interception as messages sent from one user to another.

Dropbox, OneDrive, and Google Drive aren’t automatically encrypted, and expose a weak point in any system. The solution isn’t to stop using cloud services — backing up data has never been more important — but to instead use a secure cloud storage program like Sookasa to encrypt files before they enter a cloud storage folder.

It also may be wise to consider HIPAA compliance tracking software like HIPAATrek. This software, and other brands like it, create a one-stop-shop for all current HIPAA regulations, training, assessments, risk analysis surveys, checklists, and a whole host of compliance tools to keep any medical facility in the green and out of the fast-growing list of HIPAA horror stories.

Secure Accounts with Two-Factor Authentication

A single password and login for staff members aren’t sufficient for sensitive accounts. Passwords can be guessed, cracked, or collected fairly easily, especially if employees aren’t maintaining proper password etiquette.

Two-factor authentication is recommended by all security professionals at this point, and a failure to do so could have dire consequences for any organization under HIPAA authority.

Smart cards, custom RFID tags, and biometric scanners can provide the physical authentication, while a PIN or password can be used in conjunction to add an extra layer of security. Medical all-in-one computers or medical tablets with built-in RFID and biometric scanners are highly recommended for this purpose because they are far more reliable than a USB scanner plugged into an off-the-shelf office computer.

Plus, USB readers are portable and have a tendency to get lost or disappear. Misplacing an integrated medical panel PC is slightly more difficult.

Only Use Messaging Software with HIPAA Associate Agreements

Texting and easy picture-sharing have completely changed the way our society communicates, even in the workplace.

However, HIPAA’s security standards mean that doctors and nurses can’t be as free as the general populace. While texting a coworker a question might seem innocuous, it can lead to breached confidentiality and a hefty fine if it contains patient details. Ditto for sending pictures — getting a second opinion from another nurse about a suppurating wound isn’t a bad idea in theory, but may, in fact, be a violation of HIPAA standards.

For workplace communication, make sure work devices are installed with encrypted messaging software from a HIPAA associate. If your practice is using a BYOD policy, make sure those devices have the same level of encryption. Or, it may be a wise idea to abandon a BYOD policy altogether — they’ve been shown to invite massive security breaches.

A messaging app made by a business under a HIPAA associate agreement is certified to provide the necessary security to meet HIPAA standards.

There are quite a few HIPAA compliant texting apps, like TigerConnect and OhMD, that can make a major difference in cybersecurity. Many of these apps, or similar email encryption programs (like Barracuda or Virtru ) can also be installed on medical tablets and medical all-in-one computers, creating an easy, encrypted communication system for any facility.

Don’t Forget the Real World

Consider those hospitals fined for filming a documentary — not all patient confidentiality breaches come from computer hackers.

Even something as simple as the placement of a computer screen or patient monitor can have HIPAA implications. Medical all-in-one computers with built-in privacy screens can reduce the angle where a monitor is readable, while a computer on wheels can be rotated away from prying eyes.

Cameras and video recording are obviously off-limits, but sometimes staff can be tempted by the social media machine in their pocket. A perfectly harmless photo from the wrong angle can unknowingly capture sensitive information on a chart, or the face of a patient in the background.

Of course, a malicious low-tech data thief could also snap a quick picture of sensitive information while a doctor’s back is turned.

Technology can help, of course, but common sense is even more important. Keep an eye on your surroundings, especially when viewing ePHI, to maintain maximum data security.

Employ and Document Digital Security Methods Today

A three-pronged approach of education, technology, and vigilance should hopefully keep any doctor’s office, hospital, or clinic away from major HIPAA violations. Even should a lax staff member cause a breach, a thorough and documented history of implementing all of these techniques should also lower the culpability and any potential fines for the organization.

Contact Cybernet today to learn more about medical all-in-one computers and medical tablets with built-in two-factor authentication, Imprivata single-sign-on compatibility, and built-in privacy screens.

 

How Medical Computers can Help Combat the Opioid Crisis

Prescription opioids have been in the news quite a bit lately. Congress just recently passed sweeping legislation, commonly known as the SUPPORT bill, to help combat the opioid epidemic that has been on the rise the past several years. According to studies done by the National Institute on Drug Abuse, 115 people per day are dying from opioid abuse. Overdoses have been on a steady rise throughout the country the past several years.

The legislation provides funding for non-opioid painkiller research, funding for addiction treatment programs, as well as reforms for how prescriptions are given and tracked. While these measure are widely praised by medical experts, as well as both political parties as a great step in the right direction, there are still several present day challenges that need to be overcome.

Imprivata and DigiCert Lead the Charge in Electronic Prescription Technology

Because opioid painkillers are considered a controlled substance, physicians traditionally haven’t been allowed to prescribe these medications electronically unless they met certain federal guidelines. Unfortunately, paper prescriptions can be doctored and patients often engaged in “doctor shopping” to fill multiple prescriptions for the same medication. This exacerbated the opioid crisis.

In 2010 the DEA passed the Electronic Prescribing for Controlled Substances (EPCS) guidelines, which has been a game changer. Any practitioner that met EPCS guidelines could electronically prescribe opioid painkillers. What this does is help secure prescriptions, as they go directly from the doctor to the pharmacy. It also creates an audit trail of who is prescribing these medications, as well creating an audit trail for patient behavior making it more difficult for addicts to doctor shop trying to get multiple prescriptions for the same ailments.

One of the key guidelines for a healthcare practitioner to become EPCS compliant is to have two factor authentication set up in their EHR or prescription system. That’s where Imprivata and DigiCert have stepped in. Imprivata is a healthcare-focused security firm that specializes in single sign on technology for healthcare facilities. DigiCert is an SSL certificate authority. The two companies have teamed up to create an automated identity proofing process called Imprivata Confirmed ID, that makes compliance with the FDA’s EPCS program much easier to attain.

Unfortunately, Healthcare Facilities are Lagging Behind

Following the passage of EPCS, pharmacies were quick to adopt best practices in order to be compliant. According to a survey conducted by Tableau in October of 2018, 95% of commercial pharmacies nationwide are EPCS enabled. By comparison, only 30% of prescribers nationwide are EPCS enabled. This massive gap is slowing down efforts to combat the opioid epidemic.

Thankfully things are changing for the better. Currently 13 states have passed laws to mandate EPCS compliance. In addition, the SUPPORT bill mandates EPCS compliance for all Medicare Part D prescriptions by 2021. This should help close the gap between prescribers and pharmacies.

How Can Healthcare Facilities and Doctor’s Offices Gain Compliance?

Two factor authentication is the key to EPCS. Medical grade computers and medical grade tablets with integrated RFID readers, barcode scanners and smart card readers are already set up to be Imprivata certified, which is a major advantage over commercial grade computers that don’t offer these features. Because these units are already Imprivata compliant, falling in line with the Confirm ID process should be much easier. The two factor authentication ensures that only the prescribing physician can log into an approved EMR application and send an opioid prescription to a pharmacy. Without this, compliance with EPCS is impossible.

At Cybernet, all of our medical grade computers and tablets are engineered to have optional two-factor authentication features integrated directly into the device. We only use Imprivata certified components, ensuring a smooth transition to an EPCS enabled solution. For more questions, you can contact us here.

patient engagement technology and medical tablets

EHR and it’s Evolution into CHR: A Critical Look at Cutting-Edge Technology in Healthcare

Epic CEO, Judy Faulker, recently expressed her view how Electronic Health Records are evolving into Comprehensive Health Records—a term that evaluates more than just a specific window of sampling an individual’s health from doctor visits. CHR is a term that may be invented as the new EHR, incorporating more data and analysis of a patient that stems from their in-clinic or hospital visits and their time outside of a medical facility too. Foraging into a new technology frontier that implies a near-constant evaluation of a person’s well-being may sound like an answer that physicians have been looking for, but anyone who is ever a patient (all of us) could be under the scrutiny of patient tracking technology that could be always on, always tracking. Yes, the benefit is physicians can understand the entire gamut of a patient’s health by seeing comprehensive snapshots of activity from day to day, but do the costs outweigh the benefits? Are we already in the pathway of the “Big Data” steamroller? Let’s take a critical look.

Are We Already Headed Down this Path?

Many individuals are already familiar with utilizing in-home tracking devices and food intake monitoring, so the “at home” concept of tracking health isn’t new. Wearable fitness trackers coupled with diet and exercise apps are near ubiquitous in society today. There are also several medical grade devices like blood sampling devices or blood pressure monitors to see how trackable vitals are measured outside of the doctor’s office and clinics. But now that CHR is becoming a reality for EHR corporations, there are implications to consider about how this data would be collected into a central repository. If CHR will incorporate the data from consumer-grade devices into an EMR system, how will this data transfer occur? Would EHR software developers have to build integrations for the hundreds of various fitness apps and wearables that are available on the consumer market.  Would we need to entrust app developers and wearable manufacturers with the responsibility of building those integrations? We could see EHR software developers create their own consumer apps and wearables, but that raises even more questions. Would software developers even want to enter the arena of app development and medical device manufacturing? And if they did, how do get a patient to willingly utilize something they may not want to?

CHR and Big Data: How Accurate is the Information?

A patient may be under the scrutiny of a doctor for monitoring their food intake for diabetes, and it’s likely a common thing some individuals may “cheat” on their diet—maybe someone once logged a dinner of chicken and vegetables when instead they indulged a large burger and fries. That second iced mocha of the day might get “forgotten” when it comes time to update their food log. The same propensity to “cheat” when recording time spent at the gym lifting weights, or doing yoga can creep in if we are entrusting the patient to log their own activity. So manual input data needs to be examined and taken lightly if it’s to be wrapped into CHR. Plus, there’s the question of accuracy of wearable devices—many aren’t as devices used in hospitals, clinics and doctors offices. How accurate is a pedometer? How accurate is a sleep tracking device you can purchase off the shelf? Can that be incorporated into a medical health profile? And furthermore, even if the comprehensive data is used for analysis for health, can that be considered an invasion of privacy?

Is the CHR Data Secure Enough?

With potentially thousands of different devices tracking different variables such as food intake, steps taken, heart rate, and other measurable factors, there’s a concern of how all that data might be transferred to EMR systems. Since hospitals have begun implementing BYOD practices among their staff, securing has become a massive point of concern. Medical grade computers are specifically designed with a number of privacy safeguards built into them to protect patient data. Now imagine the security risks if data is being transferred from millions of unsecured consumer devices. We’ve discussed at length in the past that patient medical records are even more valuable on the black market than an individual’s financial data. Now you have to consider millions of new vulnerabilities for hackers to try and exploit. So how would a transfer happen? Wireless transfer? Patient web portals? If CHR is to incorporate an unknown breadth of data, will HIPAA laws need to be rewritten to account for vulnerabilities that can’t be controlled by a healthcare facility or a doctor’s office?

CHR Data and the Implications of Insurance

Insurance companies evaluate a patient’s medical history gauge what their premiums should be. It’s a given that if someone smokes, healthcare is more expensive for them. If we are to enter a new era of healthcare data, can insurance companies utilize more comprehensive methods of evaluating someone’s health? If a patient claims that they run three times a week, and yet their pedometer shows no activity outside of walking, will that reflect on their bill? How far does the willingness go to track aspects of someone’s life? CHR is prepped to track not only how we treat ourselves, but our social lives too. Will all these medical and social effects on our well-being be reflected in insurance companies and their premiums? While the intent of CHR would be to compile the most comprehensive view of an individuals health, the information could very easily be used to create more “high risk” pools by insurance companies, and could even price some users out of the market completely.

These are just a handful of questions to ask as the encroaching concept of CHR starts to hit EMR companies. They’re evolving, perhaps for the better of our lives and health, but there are strong implications of privacy, accuracy, security, and unfortunately impact on wallets too. For now, EMR systems have not yet seen that evolution, and quite frankly they shouldn’t until these questions are answered. We’d love to hear your thoughts as well. Please comment below and let us know what you think about CHR.


 

Electronic Medical Records (EMR) and Tablet PCs

Physicians are very busy in any healthcare setting. They go from room to room without a moment to spare. Patients can end up waiting for hours. How much of a relief would it be if they had a piece of technology that could save one hour per day amidst the chaos? Tablet PCs do that and so much more!

Electronic Medical Records (EMR) can be easily and quickly accessed with Tablet PCs. An electronic solution for physicians’ patient charts is now right at their fingertips, and the palm of their hands. Best of all, the benefits far outweigh the costs of using Tablet PCs for EMR.

Read on to find out the functions and benefits of using medical-grade Tablets PCs for EMR:

Tablet PCs are Small and Portable

Tablet PCs are light and easy to carry around. When physicians are on the run, they can simply grab the tablet and get going. Some will fit perfectly into the pocket of a lab coat. Tablet PCs come equipped with built-in wireless networking. A Tablet PC that is connected to a wireless network can send or receive date from the EMR software in real time.  In a physician office setting, the wireless network is heavily used so it is very important to pick a Tablet PC with good wireless capabilities.

Tablet PCs Have a Stylus Digitizer Pen

Tablet PCs are an all-in-one solution. They even provide a way to write your signature! Signatures that are as detailed as handwritten text are captured digitally with a special pen. Physicians can quickly and easily sign for prescriptions and other important documents on the go. In addition, handwriting can be converted into text to make documentation and note taking easy and very convenient.

Tablet PCs Provide Barcode Scanning

In hospitals, the safest way to administer medication to a patient is with barcode scanning. Ensuring the right medication is being given to the right patient and at the right time should be the goal of any hospital. One medical error could result in significant cost so even one error will easily pay for the barcode scanning solution. If a medical error is severe, a hospital stay could be necessary and cost thousands of dollars. And there’s no price tag if an error leads to the loss of someone’s life.

Tablet PCs that have barcode scanning allow physicians to quickly access medical records to find out history, allergic reactions and drug interactions. They can then scan barcodes on medications and the wristbands of patients, providing convenient and error-free care.

Tablet PCs are Hygienic

A Tablet PC that is coated with a medical-grade antimicrobial substance will minimize the spread of pathogens and make it possible to use liquid disinfectants. The Center for Disease Control and Prevention (CDC) recommends that medical facilities disinfect medical equipment, including PCs, with liquid cleaners. A medical-grade Tablet PC follows CDC guidelines, ensuring a more hygienic environment.

Tablet PCs Help Streamline Workflow

With a Tablet PC, medical professionals don’t have to switch from a Tablet to a PC to finish projects. Its docking station provides a power supply and extra ports to attach a mouse and keyboard. There may even be a mount that turns the tablet into a display for presentations or easy viewing of EMR. These functions make transitioning to the next step in care very easy and help streamline the workflow of the healthcare setting.

Tablet PCs Lead to Better Patient Care

Tablet PCs provide physicians with an endless amount of information right at their fingertips. This translates into better patient care because the physician can access a more complete patient record immediately. They can access the latest up-to-date research, medication databases to aid in prescribing medications, and send prescriptions or lab requests electronically using an error-free and more secure method of transmission.  Additionally, documenting can be done at the point of encounter, saving the time of going back and forth to another room in which EMR is stored.

Above all, patient safety and health is always the priority and can be achieved more efficiently with the use of a Tablet PC.

A recent study shows tablet PCs with EMR enhance clinical routine and promote bedside time. Results indicated increased productivity, enhanced data access, improved patient–physician interaction and workflow, and optimized patient outcome. With all the benefits of Tablet PCs, it’s apparent they are the premier choice for EMR.

Information on medical-grade Tablet PCs for EMR:

https://www.cybernetman.com/en/medical-tablet