Technology’s reach has extended to almost all sectors and healthcare is no exception. Healthcare digital revolution  has given rise to cloud computing to enable electronic medical record capture to foster collaborative and coordinated care to deliver quality patient care and better clinical outcomes.

Since, according to ONC, at least 76% of the acute care hospitals are now using EHR systems, patient privacy and data security have become big concerns for the US government. In 1996, the Congress enacted HIPAA, or The Health Insurance Portability and Accountability Act, to protect individual’s personal health information. Any electronic record that is created, received, or used, is subject to HIPAA regulations.

data security, digital revolution, and HIPAA

 

To ensure that HIPAA is taken seriously, in 2009, Congress passed the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. This Act imposes stricter penalties for HIPAA violations and expands the entities bound by HIPAA regulations. Business associates of medical offices must now take into HIPAA into account. Violators of HIPAA can now pay up to $250,000 in fines and face up to 10 years in jail.

HITECH also demands that all HIPAA covered businesses prevent unauthorized access to Protected Health Information (PHI). Protected health information(PHI) is any information in the medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.Under HIPAA, there are 18 “identifiers” some of which are – names; geographic subdivisions; all elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, and date of death; telephone numbers; electronic mail addresses; health plan beneficiary numbers; etc.

HIPAA’s Data Security rule applies to protect PHI in electronic formats, transmitted by electronic media, or maintained on electronic media. HIPAA compliance data security rules are meant to:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information that the organization creates, receives, maintains, or transmits.
  • Protect against any reasonably anticipated threats or hazards to the security or integrity while data is in motion (Transmission) or at rest(databases, servers, storage)

HIPAA and HITECH have compelled organizations to pay attention to data management and security. Even as organizations need to vigilantly guard patient data and information, they should be aware of the real threats to data security.

What are the real threats?

 

Data encode
Data encryption

Any PHI data that is stored, whether on desktop/ on a server / in the cloud, should be encrypted. Encryption obscures your data, making it unintelligible to anyone who doesn’t have the key to decrypt it. With encryption, that data is still protected even after hackers get their hands on it, provided they weren’t able to also steal the encryption key.

 

automatic radiodynamicsElectronic Communication

As the data shared digitally between doctors and their patients can be extremely useful for enterprising hackers, and any electronic communication is vulnerable to attack, it is important to have a strong encryption for such communication as well.                                                

                                           

social engineering and inside threats

Social engineering and inside threats

28% of security incidents come from within the organization, and 66% of malicious hacks are acts of social engineering, a method of intrusion that relies on social manipulation. Social engineering can be as simple as somebody walking in to get your thumb impression for valid reasons and gaining access to data thereby. Insider abuse of privileges continues to be one of the primary threat to protected data.

business associateses
Business associates

Lax requirements in vetting a outside vendors, and their adherence to security and privacy requirements clearly spells out lot of challenges for the data protection.

 

malware emergence
Malware emergence

With personal health information in high demand in black market, a whole slew of malware had been cropping up to target healthcare market primarily.These sophisticated and targeted attacks bring real challenge to data management.

 

cloud adoption
Cloud Adoption

Computing paradigm has shifted in past few years and healthcare saw huge impact of it. Applications which were once hosted and used in closed environment have been exposed to outside world support emergence of mobile computing and internet of things. This brings in considerables challenges as far as data transmission, storage, and device security. Old methods to protect information do not work and overall policies reamp is must.

 

HIPAA and IT
HIPAA and IT

Gone were the days where you could hire someone with just the IT experience to manage your infrastructure. Today’s environment is completely evolving — digital revolution, slew of new devices, anywhere access, bring your own device (BYOD  — and require continuous review of IT  to validate compliance. An expert, trained with strong exposure to healthcare and IT becomes a necessity.

 

October 30, 2015
data security digital revolution and HIPAA

Frenemies in Healthcare: Data Security, Digital Revolution, and HIPAA

Technology’s reach has extended to almost all sectors and healthcare is no exception. Healthcare digital revolution  has given rise to cloud computing to enable electronic medical record capture to foster collaborative and coordinated care to deliver quality patient care and better clinical outcomes. Since, according to ONC, at least 76% […]
October 21, 2015

Worry Less, Live More: Wearables Delivering Primary, Preventive, and Personalized Care

In the last five years, there has been a shift away from periodic health check-ups to continuous health monitoring, personalized medicine, and preventive care. As a result of this shift, a wearable technology revolution has come into existence. Delivering primary, preventive, and personalized care, the new generation wearables are like […]
October 13, 2015

Introduction to HCPCS Codes [Infographic]

As promised, here is our next in the series of medical billing & coding. Today, we will talk about Healthcare Common Procedure Coding System(HCPCS), commonly pronounced as “hicks-picks”. This code set primarily represents services provided for patients under Medicare & Medicaid. Out of the three levels of codes in this […]
October 1, 2015
how to select the right ICD-10 code

Steps to ICD-10 Coding [Infographic]

October 1st was the day: Twittersphere was abuzz with ICD-10 tweets from plain funny to the one which can send chills down your spine. Worry not!!  This is exactly why we decided to create this post to help ease the pain of ICD-10 coding.  Years of waiting, preparing, training, and […]
September 29, 2015
CPT codes

An Introduction to CPT Codes [Infographic]

Hopefully, you enjoyed our last Medical Billing & Coding infographic. Continuing our journey , we will be covering  Current Procedural Terminology (CPT) codes today.  Like ICD, CPT codes are integral part of the medical coding and billing cycle. CPT codes in combination with ICD codes paint a full picture for […]
September 18, 2015
9 steps to medical billing process

How Does Medical Billing Work? [Infographic]

One of the user of our Medical Lookups service asked us this question — “How does medical billing works?“. We couldn’t think of a better way to answer this than to create a visual infographic to describe the process.   Medical billing & coding are both indispensable components of healthcare. Without […]

Subscribe to Vigyanix Blog

Join 1000+ fellow healthcare professionals! Get Vigyanix' latest healthcare articles straight to your inbox.