COVID-19 Update: Read our messages to employees and clients

COVID-19 UPDATE
June 16, 2015
Loss of Data: Ensure It Doesn't Happen to You

When hackers breached the computer system of the Anthem Inc. — the largest health insurer by market share in 82 of 388 metropolitan areas examined by the American Medical Association — they gained access to the personal information of tens of millions of customers and employees. Databases containing names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, employment information and even, potentially, income figures for up to 80 million people, were accessed by hackers, according to the Los Angeles Times.

After a long investigation, the Department of Health and Human Services (HHS) found that Anthem (then WellPoint, when the data-security breach occurred in 2010) did not adequately implement policies, procedures and software-security checks to protect unsecured electronic protected health information. The result was a major violation of the Health Information Portability and Accountability Act (HIPAA), and Anthem was slapped with a $1.7 million fine by HHS.

The largest fine settlement agreement to date for HIPAA violations went to New York-Presbyterian Hospital/Columbia University Medical Center — $4.8 million for a breach that led to exposure of patients’ medical records and test results. If it can happen to the big boys, it can happen to you. A recent analysis shows that 90% of health care organizations have exposed their patients’ data or had it stolen. In the wake of events like these, it’s a good time to pause for a refresher on some of the steps you need to take — beyond the standard firewalls and anti-virus software that should be installed — to secure the privacy of your patients’ medical, financial and personal data.

Paper records

Keep all paper medical records under lock and key and make sure only authorized personnel have access to them. Digitize and destroy records on an ongoing basis, to minimize the risk that records will become “lost in the shuffle,” resulting in exposure of patient information.

Electronic records

Don’t assume your electronic health records (EHR) vendor and health information technology (health IT) staff are simply upgrading security on a regular basis. When software is being installed or upgraded, ensure the following security features are in place: encryption, auditing functions, backup and recovery routines, unique user IDs and strong passwords, role- or user-controlled/restricted access controls, automatic timeout and provisions for emergency access. Train staff in appropriate use, including practical tips such as not writing down passwords, changing passwords regularly, logging out when done using the system, and making sure computer screens cannot be seen by unauthorized persons.

Portable devices

Work with your EHR vendor and health IT staff to ensure remote access to your systems can be secured — for example, if a physician wants to add notes to the patient record after hours from home, or if nurses need to email patients securely about upcoming appointments. Install and enable encryption on any portable device that will be used for purposes of accessing your protected health data. As such, it’s probably a good idea to restrict access to only those devices (mobile phones, laptops, tablet computers) issued by the organization for these purposes. These devices should also have remote wiping/disabling installed and activated, and should not be allowed access to file-sharing applications. It’s too easy to lose or leak data with the wrong touch or click.

Policy and procedure

Know how the backup and recovery system works, including where the documentation will be stored, how to retrieve it and how to test it. Back up data daily and test the recovery system regularly, perhaps at the same time as another important requirement, such as fire-safety checks. Have a policy in place to ensure staff are able to authenticate the identity of health IT staff who might work or make contact remotely.

Hackers are not going to stop trying to access healthcare data anytime soon. Criminal attacks on U.S. healthcare data are up 125% compared with 5 years ago, and hacks have replaced lost laptops as the leading threat to the security of healthcare information. In fact, 65% of healthcare organizations have experienced electronic information-based security incidents over the past 2 years, and yet they admit they’re not taking the steps to enhance and ensure protection of data, according to the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, sponsored by ID Experts. It is critical to remain vigilant in the quest to safeguard your patients’ information — and, by extension, their privacy.

Care Navigators
As healthcare business models evolve, so should care teams.

Patients who are paired with Care Navigators report feeling less anxiety, and an increased ability to self-manage their conditions between visits. And providers report increased job satisfaction from improved efficiency, and knowing their patients have access to care teams, and strategic support.

LEARN MORE AT CARETHROUGH.COM
Chronic Care Management
With an increased aging population managing two or more chronic illnesses, extending your care teams’ ability to communicate with patients is critical. We take a strategic approach to helping patients chart a path towards their health goals, while self-managing their chronic conditions between clinical visits.

LEARN MORE AT CARETHROUGH.COM
AI Chatbots
We deliver a robust AI Chatbot solution to help manage and sustain effective communication with patients. Care teams implement the conversational text messages and customize patient communication to deliver high quality care.

LEARN MORE AT CARETHROUGH.COM
Nurse Care Team Assistants
Adding a qualified Nurse CTA to the care team increases quality of work-life and reduces stress on nurses. The nursing profession is also experiencing an alarming shortage due to increased clerical burdens and burnout.

LEARN MORE AT CARETHROUGH.COM
Revenue Cycle Management
Transition Revenue Cycle Management into the modern age with a suite of software tools that will transform your billing and coding processes. Transact at lightning speed, with increased transparency and decreased siloes. The QueueLogix software application seamlessly integrates with existing EMRs to ensure the clinical activities and back-office operations are well aligned, monitored and successful.

LEARN MORE AT QUEUELOGIX.COM
Referral Management
Referrals scheduled by navigators in the clinical setting builds long term, patient care integrity across the care continuum. With the authority, along with the provider to search for specialists in network, navigators assess their schedules, and ensure appointment compliance.

LEARN MORE AT QUEUELOGIX.COM
Scribe Services
There’s a reason why we’re the nation’s most frequently used scribe company: we offer professionally trained medical scribes to meet the specific needs of our clients. We offer a variety of scribe programs, as well as technology and personnel solutions that address revenue cycle management, the transition to value-based care, and more through our HealthChannels family of companies.

LEARN MORE AT SCRIBEAMERICA.COM