" hipaa Archives - Page 7 of 22 - LuxSci

Posts Tagged ‘hipaa’

30th National HIPAA Summit Recap

Tuesday, March 30th, 2021

Last week, the LuxSci team attended the Virtual 30th National HIPAA Summit. The conference featured government and industry leaders who led sessions on updates to HIPAA rules, ongoing threats to cybersecurity, the impacts of remote work, and many other topics.

We can’t touch on every session that took place over the four days of the conference, but some of the most interesting updates came from the Office of Civil Rights (OCR) at Department of Health and Human Services. OCR is responsible for enforcing HIPAA, so as you would expect their sessions were of high interest to anyone responsible for compliance.

OCR UPDATES

At the start of the pandemic, OCR adopted enforcement discretion to allow health care organizations to quickly transition to virtual health care and remote work without fear of penalties. In January, OCR announced that enforcement discretion would also apply to Covid-19 vaccine scheduling. OCR will not impose penalties on those acting in “good faith” to create online or web-based scheduling applications for Covid-19 vaccine appointments. Nevertheless, this does not mean that covered entities are off the hook when it comes to HIPAA. It is recommended that they implement “reasonable safeguards” to protect PHI.

The Office of Civil Rights has also continued to penalize organizations for right of access violations. When most people think of HIPAA, they think of protecting private information through strict security policies. However, HIPAA stands for the Health Insurance Portability and Accountability Act. Portability means that patients have a right to access and transmit their information to other insurance or health care providers as they see fit. In recent years, OCR has increasingly penalized organizations for failing to respond to patient information requests in a timely manner. It is important for health care organizations to have secure offsite back-ups of patient information to prevent enforcement actions. It is challenging to find the right balance of security and patient access, but it is so important!

CYBERSECURITY THREATS     

Unsurprisingly, Covid-19 exposed organizations to new security risks as employees rapidly transitioned to remote work. Although the pandemic changed practically every aspect of our lives, phishing and ransomware remained two of the biggest security threats to health care providers. At the outset of the pandemic, many ransomware hackers voluntarily stopped targeting hospitals systems in a show of solidarity. However, the respite was temporary. As the value of health care data on the black market has continued to rise, ransomware attacks have surged.

Phishing also remains a primary attack vector for intruders. OCR reported that in the first two months of 2021, hacking/IT accounted for 71% of large health care breaches. According to OCR, most large breaches have occurred via email (39%) or network servers (32%). Phishing attacks increased so much over the last year that one conference speaker noted his organization considered turning off external emails. Though it is true that the only way to completely avoid hackers is to disable your systems, it is an unrealistic option for most businesses. To combat phishing, organizations need to train staff and have technology controls in place to prevent human error. If you have the right email filtering in place, you can prevent phishing emails from even reaching your employees’ inboxes.

REMOTE WORK- LEARNING FROM THE PANDEMIC

Shifting to remote work in early 2020 left organizations scrambling to create security policies and protect patient information. Not only did providers need to worry about preventing telehealth conversations from being overheard by their families, but they also needed to be conscious of a wide array of security issues including:

  • Securing their physical workspace and devices
  • Preventing data loss
  • Protecting notes from patient conversations
  • Using secure network connections
  • Letting children or partners use work devices

The number of security risks that remote work introduced were almost immeasurable. Organizations needed to act quickly to create new policies to protect patient data, while maintaining excellent standards of patient care. Time and time again, health care organizations that lacked basic cyber hygiene like unique logins, complex passwords, and device usage policies were the most at risk of a cyberattack or breach.

One year later, organizations are continuing to adapt their policies as much of the workforce remains remote. Many presenters expect at least some of their workforce to remain remote once the pandemic ends. Some organizations were surprised to discover the benefits of having a remote workforce. Rural hospitals are better able to attract talent when remote work is an option. Patients also benefitted from increased access to health care when telehealth was an option.

The HIPAA Summit was a wonderful reminder that if you don’t have procedures and policies in place to protect your patient data and communications, it’s only a matter of time before a breach occurs. Did you attend the HIPAA Summit? We would love to learn more about your challenges with Covid-19 and secure patient communications.

HIPAA-Compliant Web Sites: Requirements and Best Practices

Tuesday, March 23rd, 2021

It is not easy to create a HIPAA-compliant web site and webmasters often ask us for clarification on best practices when it comes to HIPAA compliance.

We have previously discussed what makes a web page secure and also what makes a web site HIPAA-compliant, but it seems that an explainer on what you should and should not do with web sites in shared and dedicated environments would be useful to many.

hipaa compliant web site

Read the rest of this post »

How do you drive meaningful patient engagement?

Tuesday, February 2nd, 2021

Not only is patient engagement critical to the well-being of your patients, but it’s also a key driver in the long term success of your organization. If you have been neglecting this important component of healthcare and business, it’s time to reexamine your approach.

But before you jump in too deeply, you also need to consider the risks involved in certain patient engagement strategies, as well as how you can mitigate them. Through careful planning and the right tools, you can drive patient engagement without endangering patient data or putting your organization at risk. Ultimately, this allows you to safely boost patient outcomes while pushing your business forward.

Meaningful Patient Engagement

Read the rest of this post »

Understanding HIPAA Violations

Tuesday, January 5th, 2021

If you’re involved in the healthcare sector or an organization that deals with healthcare data, you may have heard the term HIPAA violation being thrown around a lot. You might have a rough idea of what it means, but haven’t taken the time to look into the details. The regulations may seem dry and boring, but they’re incredibly important for anyone that deals with health-related data.

Understanding HIPAA Violations

Read the rest of this post »

The ONC Cures Act Final Rule

Monday, December 28th, 2020

The Office of the National Coordinator for Health Information Technology (ONC) Cures Act Final Rule hardly rolls off the tongue, but it’s bringing important changes to the world of healthcare. Its provisions aim to improve interoperability and facilitate smoother data exchange.

ONC Cares Act Final Rule

Although these changes would be beneficial to certain aspects of the healthcare experience, there are also some potential drawbacks associated with the ONC Cures Act Final Rule. The most controversial aspect is that it allows patient health information to be shared with third-party app developers, outside of the bounds of HIPAA regulations. This access outside of HIPAA’s regulatory environment could lead to a rise in health-related data breaches.

Read the rest of this post »