IT security remains a key issue as companies continue to evolve their electronic healthcare systems in order to comply with the HITECH Act of 2009. In fact, if a data breach occurs and more than 500 patients are affected as a result, the provider must notify the Department of Health and Human Services and become subject to fines up to $1.5 million. Below are 10 tips to prevent a healthcare data breach.
10 Tips to Prevent a Healthcare Data Breach
1. Conduct a Risk Assessment
Stage One of the CMS meaningful use incentive program requires all providers to conduct a risk assessment of their IT systems. This is in accordance with the HIPAA Privacy and Security Rules that govern the transmission of all electronic patient information. The risk assessment forces providers to review security policies, identify threats and uncover vulnerabilities within the system. This is something healthcare companies should already be doing, but surprisingly many do not. With compliance and security a huge concern in today's business world, this should be a priority.
2. Provide Continued HIPAA Education to Employees
Educate and re-educate employees on current HIPAA rules and regulations. Furthermore, review and share state regulations involving the privacy of patient information. If employees are in the know and reminded of the implications of data breaches, the risk of violation can be drastically reduced. Plus, with the amount of spyware and viruses being created, there is always something new to learn.
3. Monitor Devices and Records
Remind employees to be watchful of electronic devices and/or paper records left unattended. More often than not data breaches occur due to theft of these items from a home, office or vehicle. While it is IT’s job to safeguard patient information, employees should be reminded to do their part in keeping data safe as well. Make sure to always lock your device whether it's a laptop, desktop, or phone and password protect it. You should also enable Multi-Factor Authentication whenever possible.
4. Encrypt Data & Hardware
Encryption technology is key in avoiding data breaches. While HIPAA doesn’t require data to be encrypted, it also does not consider loss of encrypted data a breach. It is certainly advised and therefore, you should encrypt patient information both at rest and in motion to avoid potential penalties. Furthermore, protect hardware such as servers, network endpoints, mobile and medical devices as these items are also vulnerable.
5. Subnet Wireless Networks
Ensure that networks made available for public use do not expose private patient information. One way of achieving this is to create sub-networks dedicated to guest activity and separate more secure networks for medical devices and applications that transmit and carry sensitive patient information.
6. Manage Identity and Access Stringently
With so many members of the healthcare system frequently accessing patient information - for a multitude of different reasons - it is important to carefully manage the identity of users. For instance, make sure users at each level are only granted access to information pertinent to their position and that log on/off procedures are easy on shared machines. Automation of this system helps create a “paper trail” and ensures efficiency and safety for all involved.
7. Develop a Strict BYOD Policy
BYOD or Bring Your Own Device policies should be airtight and follow the same security guidelines outlined above. By enabling measures such as enterprise mobility suite and security, you can ensure each device is safe.
8. Examine Service-Level Agreements Carefully
If you are considering moving patient information and data to the cloud make sure you understand the Service-Level Agreement (SLA) with your potential Cloud Service Provider (CSP). Specifically, ensure that you, not the CSP own the data and that it can be accessed reliably, securely and more importantly timely (in the event of a crash). Also, verify that the SLA complies with HIPAA and state privacy laws.
9. Hold Business Associates Accountable for IT Security Policies
It is imperative to update business associate agreements to reflect evolving federal and state privacy regulations. Healthcare organization often have hundreds or even thousands of vendors with access to patient data. In the event of a breach, the healthcare provider is ultimately responsible. Therefore, hold BAs accountable for providing security and risk assessments and develop processes for reporting breaches.
10. Establish a Good Legal Counsel
In the event of a data breach, your organization will be investigated and most likely fined by the Office for Civil Rights. Lawsuits from patients will also ensue so be sure to be prepared from a legal standpoint. Compliance is key, so don’t be advised to withhold known information about the breach.
To learn how Managed Solution can help you prevent a data breach and improve your overall IT security, contact us today.
Getting Started with the OneNote Web Clipper
As written on support.office.com
Whenever you do online research with OneNote, you can use the OneNote Web Clipper to easily capture, edit, annotate, and share information. It’s free to use and it works with most modern Web browsers.
Install the OneNote Web Clipper
To set up the OneNote Web Clipper, do the following:
Follow the on-screen instructions that are displayed for the particular Web browser that you’re using.
If prompted, acknowledge any security messages to give OneNote Web Clipper permission to work with your browser.
To configure the OneNote Web Clipper, do the following:
In your browser, open any website, and then click the OneNote Web Clipper icon.
NOTE: The location of the OneNote Web Clipper depends on the browser you are using. For example, in Internet Explorer, it will appear on the Favorites bar.
In the purple popup window that appears, do one of the following:
Click Sign in with a Microsoft account if you want to use the OneNote Web Clipper with a personal account like Outlook.com, Live.com, or Hotmail.com. For best results, use the same account that you’re already using with OneNote.
Click Sign in with a work or school account if you want to use the OneNote Web Clipper with an account given to you by your work organization or school.
If prompted, confirm the requested application permissions for the OneNote Web Clipper. You can later change these application permissions at any time in your Account Settings.
Use the OneNote Web Clipper
The OneNote Web Clipper automatically detects the type of website content you want to capture — an article, a recipe, or a product page.
Open the page that contains what you want to clip to OneNote, and then click the OneNote Web Clipper icon.
In the small OneNote Web Clipper window, do any of the following (where available):
Click Full Page or Region if you want to capture the current Web page (or a selected region of it) to your notebook as a screenshot image. These options preserve the content you’re clipping in exactly the way it appears.
Click Article, Recipe, or Product if you want to save the current Web page to your notebook as editable text and images. When you select any of these options, you can use the buttons at the top of the preview window to highlight selected text, change between a serif and sans-serif font style, and increase or decrease the default text size.
Click the Location drop-down menu, and then select the notebook section where the clipped Web page should be saved. The list includes all notebooks that you have stored on your OneDrive account, including any shared notebooks. You can click to expand any notebook in the list to see its available sections.
Click Add a note if you want to give the captured information more context for later. This step is optional, but the additional note can be useful as a note or reminder to yourself (for example, “Follow up with Samantha about these product specs!"), or as a way to provide information to others who are reading it in a shared notebook (for example, "Hey everyone, check out this article I found!").
Click Clip to send the captured information to OneNote.
Ideas for using the OneNote Web Clipper
Not sure what to clip? Here are some ideas to get you started!
Travel — Clip all your travel research and trip planning from the Web, and add everything directly to OneNote.
Recipes — Gathering recipes for an upcoming party? Clip the best images and ingredient lists from your favorite recipe sites.
News — Capture import content from your favorite news sites to reference them later or to share them with friends.
Inspiration — Collect inspiring images and ideas from around the Web, and keep them in OneNote for easy lookup.
Research — Import relevant articles from the Web and save them to your research notebook for later reading.
Shopping — Make sure you always get the best deal when shopping online by clipping price lists and product pages.
Everyone is busy these days, sure, but research shows that most people are wasting chunks of time throughout their day, whether it's fiddling with the latest tech toy or responding to every email that lands in their inbox.
For those in the technology field, time management is an even tougher task, says Laurie Gerber, co-president of Handel Group Life Coaching. "IT people have this added thing that people constantly need them. It's always an emergency," Gerber says.
More importantly, Gerber says these folks are spending precious time on tasks that don't match up with their priorities and responsibilities.
If that sounds like you, it might be time to get tough -- with yourself. To enhance efficiency, you must set personal ground rules and stick by them, Gerber says. Here are six simple workday hacks from other IT pros that can crank up your productivity.
Focus on the biggest tasks
Joe Klecha, CTO at the Detroit-based tech firm Digerati and a fan of author Stephen Covey, says he follows Covey's advice to dedicate time first to "big rocks," followed by "pebbles," "sand" and "water" -- with rocks representing the highest priorities and water the lowest.
"If you reverse and start with water, you can't fit in the rocks, the big priorities," Klecha says. "So for me it's knowing that the most important things that need to get done are always in focus and always have my attention."
To move that strategy from theory to practice, Klecha says he has frequent meetings with other executives to ensure he's targeting the organization's most critical projects. And he evaluates unexpected requests for his attention as they pop up.
"A lot are those things that come in on a day-to-day basis and don't ever become a priority but have the potential to distract," Klecha says. "But they're not so immediate in their demands that they can't wait an hour or two or you can't shuffle them off to someone else."
Manage your response time
In the six years that Sri Baskaran has been IT director at Sun Orchard Juicery, the company has doubled its revenue. To keep pace, Baskaran has expanded the IT group, while working closely with his business-side colleagues to consistently meet their needs. Although he wants to be responsive to those he supports, he knows he can't be at everyone's beck and call.
"What I found is, if you answer email as soon as it pops into your inbox, you set the expectation that you're the person who can be easily reached," Baskaran says. Plus, he says, that kind of availability would drain away the time he needs to focus on more critical tasks.
So instead of constantly checking and replying to messages, Baskaran schedules time every day to handle emails and voice mails, a policy he says helps him avoid interruptions.
"If I have to get back to someone, I'll put it on my calendar, schedule time with them to have a conversation," he says, adding that people know -- and he reinforces it in his outgoing messages -- to call his cell number if they need to reach him for urgent issues
Pick the most efficient way to communicate
Although there are multiple ways to communicate with a global team, Greg Davidson, director of the information management services practice at the business advisory firm AlixPartners, says for him the most effective platform is videoconferencing. He points to research showing that most communication is conveyed through body language -- a nonfactor over the phone or through emails.
And video, unlike emails, allows for instantaneous collaboration. "There's nothing like being able to talk in real time with other human beings. It's much clearer, crisper. We get it right the first time if we can look at each other and communicate," Davidson says.
Bryce Austin, CIO at Digineer, a technology and management consulting company, also knows the importance of being a good communicator -- so much so that he's willing to invest in it. "I bought the best Bluetooth [device] I could find so I can have productive conversations and people can hear me," he says.
Get everyone in sync
One of the biggest challenges facing CIOs today, says Lawrence Bilker, senior vice president and CIO at Continuity Logic, is the speed of technological change. "The time from concept to implementation is significantly faster. You have to be aware of solutions, you have to be able to respond to strategies quickly, and sometimes the amount of time allocated to research has gone down," he says.
So, like other IT executives, Bilker says he focuses his team on the highest-priority items and makes sure everyone is on the same page. The leadership team gathers every day for a 20-minute scrum and keeps a shared calendar to track meetings so colleagues know who's available and who's not. And his team uses collaborative platforms such as Dropbox and Box to more quickly come together and hash out plans.
Analyze your time
Savvy CIOs get insight into their own schedules to guarantee that they're as effective as they can be with their time. Baskaran uses time-tracking software called Toggl which allocates time to various projects and lets him analyze how he's spending his time. He says he can then fine-tune his workday hours and "make sure my time is going into the right buckets."
Cletis Earle, vice president and CIO at St. Luke's Cornwall Hospital, takes a similar approach, looking at statistics and monitoring statements, such as network-incidence reports, for ongoing issues that he can get ahead of and free up time he would have spent responding to the same scenarios. "Being prepared for anticipated problems will keep you from being distracted," Earle says.
Handel Group's Gerber advises tracking your time over a few weeks to get a full picture of where you're expending your energy. "Most people aren't doing with their time what they say or think is most important to them," she explains. If your everyday schedule is out of out of whack with your ideal one, then it's time for an adjustment.
"We ask our clients if [their schedule is] in accordance with their vision," she says. "To do that, you have to ask: What's the best use of your time and energy? And you have to figure out why you're doing what you're doing. If you're getting on the help desk because you don't trust your people, that's a problem. If you're on the help desk for an hour a month to stay in touch with needs, that's great."
Don't forget to delegate
Earle oversees a 24/7 IT operation -- a typical scenario for many IT managers. That around-the-clock responsibility has taught him to be as productive as possible during normal work hours so he has ample time in his schedule for his family, including his four children. He says a big part of time management is delegating responsibilities, and that means training his team to handle pretty much any task in the department, including those of the CIO.
"At the end of the day, there's not enough time to do it all yourself," he says.
How To Share a Word Document Through SharePoint Online & Onedrive
Managed Solution’s In The TechKnow is a Web Tech Series featuring how-to video tutorials on technology.
This series is presented by Jennell Mott, Business Operations Manager, and provides a resource for quick technical tips and fixes. You don’t need to be a technical guru to brush up on tech tips!
Don’t see the technology that you would like to learn? Submit a suggestion to inthetechknow@managedsolution.com and we will be sure to cover it in our upcoming webcast series.
Sign up for the newsletter so you can be informed of the last technology webcasts.
[vc_row][vc_column][vc_column_text]
How To Sync OneDrive For Business on your Desktop
Managed Solution’s In The TechKnow is a Web Tech Series featuring how-to video tutorials on technology.
This series is presented by Jennell Mott, Business Operations Manager, and provides a resource for quick technical tips and fixes. You don’t need to be a technical guru to brush up on tech tips!
Don’t see the technology that you would like to learn? Submit a suggestion to inthetechknow@managedsolution.com and we will be sure to cover it in our upcoming webcast series.