3 Biggest Cybersecurity Mistakes Medical Practices Make

Stephen Tullos

Healthcare is no longer just about curing ailing patients. Medicine requires securing your patient’s Protected Health Information (PHI).

Even though HIPAA has been around since 1996, last year the industry averaged a breach a day, affecting 27,314,647 patient records. (Protenus) Even with millions of dollars paid in fines (in February, a Miami, Florida non-profit paid $5.5 million to settle a HIPAA case and a Dallas-area hospital paid a $3.2 million HIPAA penalty according to MSPmentor report), most medical practices don’t know what to do when it comes to securing their PHI and we regularly see these 3 cybersecurity mistakes at medical practices.  

Read More
Topics: Heathcare IT

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

Stephen Tullos

As my team and I talk to different medical practices, we are amazed how many of them are oblivious to HIPAA regulations and just how vulnerable they are to a cyber-attack. Like HIPAA, hackers don’t take ignorance as an excuse.

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

  1. Lack Concern of Cyber-Attack Threat – Most small businesses, including medical practices, think they’re too small to be a target to hackers. Unfortunately, medical data is a prize most hackers want to get their hands on and they will specifically target small medical practices expecting to find little to no cybersecurity in place. Also, hackers can use bots that crawl the internet looking for “open windows” into networks; if they stumble on a medical practice, they could be in for a big payday.
Read More
Topics: Heathcare IT

Debunking 13 HIPAA Technology Myths

David Bourgeois

Although HIPAA is the law, many people have numerous misconceptions and myths they hold onto about HIPAA. Let me dispel the top 13 HIPAA Technology Myths that we commonly hear so you’re not caught off guard.

Read More
Topics: Heathcare IT

12 HIPAA Mistakes Your Medical Practice is Making (and How to Fix Them)

David Bourgeois

Praying that the federal government doesn’t knock on your door for an audit isn’t a good plan, nor is hoping you never have a breach. If that is the extent of your processes and procedures, it is only a matter of time before both things happen and the fines will rack up quickly.

In 2015, the Office of Civil Rights that enforces HIPAA investigated 17,694 complaints and only 359 had no initial violations – that’s only 2%!

Read More
Topics: Heathcare IT

Can I Text ePHI?

David Bourgeois

We get this question from our healthcare clients frequently – can I text ePHI (Electronic Private Health Information)?

Simply put, no.

This may surprise you, because many non-medical companies frequently exchange texts with clients. (You probably know dozens of doctors that frequently text patients too.) HIPAA does not allow for texting any private information, even directly to the patient.

Also, the Joint Commission has varied in their opinion of the legality of texting medical orders too. In 2011, they banned secure-texted medical orders. In May 2016, that opinion was reversed, only to be reinstated in December that same year. [Read more at Advisory.com]

Read More
Topics: Heathcare IT

Difference Between EMR & EHR and How to Protect Both

David Bourgeois

While most people use the two acronyms EMR and EHR interchangeably, there is a difference between them. Also, how you must protect each varies as well.

What is EMR? Electronic Medical Records are the digital version of the paper charts in a doctor’s office, which contain the medical and treatment history of a patient at that single practice. The advantage of having this information digitally is for storage, efficiency, and the macro view it gives a medical provider of the individual patient’s life including blood pressure readings, vaccinations, and what preventative screenings are needed. EMR also allows the practice to see trends and the overall quality of care for all patients within the practice such as the percentage of patients that need a tetanus shot.

Read More
Topics: Heathcare IT

11 Steps You Legally Must Do to Protect ePHI & PHI

David Bourgeois

First off, let’s make sure we’re on the same page with what is PHI. PHI stands for Protected Health Information and ePHI is the electronic form of that information. HIPAA defines Protected Health Information as:

  • Data created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.
  • Relating to the past, present, or future physical or mental health or condition of any individual, or the past, present, or future payment for the provision of health care to an individual.

Who must protect PHI & ePHI? Any business that creates, stores, edits, or transfers Protected Health Information (PHI) must comply with HIPAA regulations. HIPAA breaks businesses into two categories:

Read More
Topics: Heathcare IT

Has Your IT Firm asked you to Sign a BAA?

David Bourgeois

In 2013 as part of the Omnibus Rule, the United States government began to require all Business Associates to follow HIPAA guidelines. A Business Associate (BA) is any company that works with healthcare providers and has access to patient data, even if that access is indirect.

A Business Associate Agreement (BAA) is the required document between the medical provider, known as a Covered Entity (CE) and the Business Associate (BA). 

Read More
Topics: Heathcare IT

Use the Meaningful Use Tax Incentive for Your Electronic Medical Record technology? What you must do legally.

David Bourgeois

As part of the American Recovery and Reinvestment Act (AARA) enacted on February 17, 2009, Congress created a tax incentive program called Meaningful Use to incentivize healthcare providers including doctors, hospitals, critical-access hospitals, and Medicare Advantage Organizations to convert their PHI (Protected Health Information) to electronic versions known as ePHI (Electronic Protected Health Information). This program encouraged small single-doctor practices and large hospitals to utilize approved Electronic Health Records (EHR) systems. [Note: We use the term EHR instead of EMR (Electronic Medical Records) because EHR refers to the overall health of a patient compared to purely the medical conditions and treatment for a patient found in EMR.]

Read More
Topics: Heathcare IT

What is HIPAA? Why Should You Care and What You Need to Know.

David Bourgeois

HIPAA stands for the Health Insurance Portability and Accountability Act, which first appeared in 1996. Initially, HIPAA’s vagueness made if confusing and most small and medium-sized medical entities saw it as voluntary because there was little enforcement through the Department of Health & Human Services (HHS). [Also, don’t call it HIPPA or confuse it with a HIPPO.]

Read More
Topics: Heathcare IT

About My IT's Blog

We believe an educated client is the best client, therefore, we share our knowledge with executives and business owners looking for a fair, knowledgeable IT firm that fits well with their company and objectives.

My IT helps companies to protect their data, become more efficient and productive, and to boost high-growth using technology. In our blog, we discuss these topics and our extensive expertise working with medical practices, construction industry companies, and auto dealerships.

New Call-to-action

Share This Page

    

Subscribe to Email Updates

Real Time Web Analytics