HIPAA

Cyberattacks targeting health care organizations are on the rise. According to OCR Director Melanie Fontes Rainer, securing electronic protected health information (ePHI) is more important than ever. Organizations that fail to address known vulnerabilities put patient data—and their reputation—at risk.

TriZetto Provider Solutions is a healthcare IT subsidiary of Cognizant Technology Solutions that provides revenue cycle management and claims processing services to physicians, hospitals, and health systems. Trizetto has experienced a significant data breach of patient information.

Maintaining good email security is an important factor in keeping your network secure and your patient information safe. Statistics show that 75-90% of cyberattacks start with a phishing email, making it the top delivery method for malware and/or ransomware. Email Security needs to be addressed whether or not emails are used to send patient information. Any time anyone, an employee or a patient, sends or receives emails on your network, that is an access point to your network. In order to protect your network, we need to determine what security protocols are in place to ensure nothing malicious is able to piggy-back on the email connections.

HHS’ Office for Civil Rights Settles HIPAA Right of Access Investigation with Concentra, Inc.

Did you know that your certified EHR has audit logs? Other software that your office uses may also have audit logs. You can enable audit logs to track activity on your network and on your computers.

I’d like to share a personal experience that has made me so grateful to have HIPAA. I understand and sympathize with that burden HIPAA places on providers and practices. At TLD Systems we do our best to minimize that burden, educate you about your responsibilities and help you to meet the HIPAA requirements. My experiences reminded me that HIPAA is about protecting patents, and at some point we are all patients.

Screen all employees at the time of hiring and every month for the List of Exclude Individuals/Entities. A current employee can end up on the exclusions list at any time so it is important to regularly check to see if they are on the exclusions list.

Even though HIPAA regulations do not require that you have a network diagram, TLD Systems does recommend all our clients use a network diagram. By using a network diagram you will not only be able to identify issues or breaches, but also should you have a breach it is evidence that you are taking the steps to protect your practice and ePHI to the best of your ability. With this evidence you can reduce or even eliminate possible sanctions because of a breach.

When an employee departs from your practice, it's essential to take several steps to revoke their access to patient data. You may already be familiar with many of these measures, including:

ALERT!!! Sonicwall, the manufacturer of a security product many practices rely on has just had a data breach. Sonicwall responded by recommending that ALL CUSTOMERS who use a MySonicWall account reset their passwords immediately. If you have a MySonicWall account, please do this now. The data exposed can provide a hacker with full access to your network and your patient data.