Author: dougparent

Is Your Healthcare Data Protected from Employee Hacks?

When we think of healthcare data security, we usually think of intrusions coming from outside our network. And that is a real and serious issue. But what if the intrusion comes from within your own organization? Is that a real concern?

IBM Cyber Security Intelligence Index

According to IBM’s 2016 Cyber Security Intelligence Index, it should be more than a nominal concern. It should be your number one concern, especially if you are in the healthcare industry. And don’t just think computer network. Phone systems for doctors are part of the data network that can be especially vulnerable.

IBM’s data showed that 60% of the attacks targeting secure data come from inside the organization or through the use insider information. Two thirds of those insider attacks are attempted with malicious intent. They weren’t accidents or errors; they were intentional attempts to hack into secure data.

Healthcare Tops the List

Of all the industries covered in the IBM report, the healthcare industry topped the list for cyberattack. Many of the attacks came through misuse of employee security credentials. Sometimes this was direct malicious intent of the employee, but often times it was the result of cyber criminals gaining access to security credentials via email phishing or malware. Stolen devices carried offsite was another source of internal security hacks.

Among IBM clients, there were an average of 3.4 of these types of events recorded each week in 2015. This was a significant increase over the number recorded in 2014. HIPAA regulations address this security issue. Unfortunately, most phone systems are designed for general business use and do not take HIPAA regulations into account.

How RingRx Can Help

RingRx was developed as a phone system for doctors. It is fully HIPAA compliant and secured with professional grade encryption. It is a Cloud PBX system, which means no expensive and disruptive onsite equipment installation. We provide simple, yet effective, data security to keep your data safe.

Using Digital Services Can Save Healthcare Companies Billions

When you think about common methods hospitals, clinics, and other healthcare companies communicate with patients and others (insurance providers, other health care professionals etc…) it’s easy to see that traditional methods relying on manually processing administration tasks is not cost effective. For the most part this takes place using outdated technology like an old fashioned mail service. The cost of doing things this way is enormous. A change to the conveyance of information via a digital format would save an estimated 8 billion dollars a year as outlined in this article

It’s true that our society in general and healthcare industry in particular have experienced significant leaps in technology that now offer us tremendous benefits. In particular our hospitals and health care facilities offer some of the most advanced patient care in the world.  And while this is all good and well, there are areas that unfortunately lag behind, especially in healthcare administration methods.

There is still an overall reliance on outdated communication services. Specifically landline telecommunication, and of course the costly practice of traditional hardcopy mailing practices. When you think of the numbers involved, both in terms of the cost of paying people to perform these services as well as the cost of material, even a slight trend toward digitization could result in large cost savings.

Naturally the lure of saving money is the main reason that facilities are moving in this direction. This is an unneeded cost and one that can be spent in other areas. This is money that doesn’t need to be spent, not really. It’s being used on something that can be easily be done by computer, with proper encryption of course; which is necessary to keep patient data private and in paperlesscompliance with HIPAA regulations.

As stated in the article, Gwendolyn Lohse, Deputy director at CAQH (Council for Affordable Quality Healthcare) stated, “I think we’re all familiar with HIPAA, which was created two decades ago. Even though that it was created two decades ago, we’re still really using manual processing for a lot of these transactions and a minimum reporting of the results to realize, as an industry, we need to do better and we need to work together to do better and to push adoption on things that do exist like best practices so we can have electronic, real-time transactions to support what needs to be a modern healthcare system.”

RingRx is at the forefront of the move towards a digital solution in how we communicate. In using our smart phone app in addition to the option to have the most advanced desk phones on the market for your office you have less to worry about, since both utilize encryption technology making HIPAA compliance a non issue. The advanced RingRx on-call application is user friendly and makes you available to the needs of your office in real time. And the money saved when switching to a cloud based VoIP service like RingRx is substantial.  For health care facilities looking to improve efficiency and save money, we are here to help out.

For more information on the topics touched upon in this blog please follow the link bellow.

http://revcycleintelligence.com/news/how-automation-technology-could-cut-8-billion-in-healthcare

Why reporting all data breaches is important regardless of size

All healthcare companies that deal with HIPAA compliance may have issues with a breach. It is important to report all such activities. This is something that will be lessened if you have proper encryption with a phone system that is HIPAA compliant.

Here is a great article that summarizes the risks medical practices face, even if you suffer a small breach.

Enforcement Action Results in $1.5M Settlement for HIPAA Charges

The Office of Civil Rights at the federal department of Health and Human Services conducted an investigation into a Massachusetts eye care group following a report of a security breach filed by the group.  The investigation discovered several potential areas of violations including failure to adequately secure ePHI.  The original security breach that resulted in the report was the theft of an employee laptop that contained ePHI.  The was for totals $1.5 million.

See the story here

Increase in HIPAA Data Breaches

With rarely a week passing without another data breach, the news that they are on the increase is no surprise.  This includes breaches of Protected Health Information, which presents special challenges to doctors and other health care providers.

The number of health data breaches has been increasing in recent years, and the most frequent type was theft, Marion Jenkins, PhD, said here at the annual meeting of the Healthcare Information and Management Systems Society.

Since 2009, there have been 1,185 data breaches as defined by the Health Insurance Portability and Accountability Act (HIPAA), said Jenkins, who is chief strategy officer at 3t Systems, a healthcare consulting firm in Denver. And the pace is accelerating, with an increase of more than 50% in the last 12 months. Breaches have so far affected 133 million patient records.

“You don’t have to be a really large organization to end up on the list,” Jenkins said. The largest breach involved 80 million records at the health insurer Anthem.

“secure all electronic protected health information against accidental or intentional causes of: unauthorized access, theft, loss or destruction, from either internal or external sources,”

Healthcare providers should also be aware that in addition to regulating the privacy of paper records, HIPAA also covers data from all types of electronic media — not just EHRs and data stored on laptops and computers, but also any data that winds up on memory sticks and cards, smartphones, and even fax machines and copiers, since most of them aren’t just fax machines and copiers any more but also function as scanners and printers, which means they hold electronic data, Jenkins said.

Cloud services present special challenges because networks and services are frequently provided by companies that have not taken the extra steps to achieve HIPAA compliance because most of their customers don’t need it.  But if you are in healthcare, odds are you do need it.  RingRx can help you avoid data breaches involving healthcare information in your communications systems.

The Golden Era of Phone Service Has Arrived

Installing and managing a phone system in a small business has always been a nuisance.  Business owners or managers rarely knew much about all options that were available.  And up until a few years ago there were very limited options of carriers and systems to deliver the voice services to the end users in the office, the PBX.  With the arrival of VOIP services, more options became available, but quality was, quite frankly, terrible during the first years.

But this has all changed in the past couple years with the improving broadband infrastructure and refinements to VOIP services.  As a result, we are now in what I believe the beginning of the golden era of phone service.  The result?

  • Prices have plummeted
  • Quality has improved
  • Services are more refined

Here is a great article that sums up much of the changes that have occurred and what it means to small businesses.    Let Someone Else Manage Your Phone System

Introducing New Hosted Phone System

RingRx is proud to announce the release of our new HIPAA compliant hosted PBX service.  This system is fully integrated with our on-call solution and our mobile app.  This service will be in beta phase for a couple months before we offer a wide release.

In the mean  time, we are looking for some users to kick the tires of our new phone system. This is a state-of-the-art fully functioning cloud-based system that has been tested in several offices for the past 6 months. (There is no catch and this is not a gimmick – we do not even have anything to sell you at this point)

You will get:
– Up to 5 Free Polycom Phones
– Custom designed phone system
– Menus, options, greetings, voice mail
– Totally dedicated customer support
– 12 months free local and long distance (reasonable use)

Features:
– Custom recorded IVR (greetings, menus, etc)
– Voice Mail
– Voice mail to email
– Mobile app lets you check messages anywhere
– Local number/transfer existing number
– Multiple location
– Multiple extensions
– Virtual extension
– Much more

Who we are looking for:
– Professional office, like accountant, lawyer, architect, designer, medical, dental, etc. or other light to moderate call volume offices are ideal
– Available in Ventura, Santa Barbara, or LA County
– High call volume companies like call centers or sales offices are not eligible.

Other details
– 50% off published rate if you choose to continue past 12 months. We are not trying to make money, just cover costs.
– No commitment or contract to continue past 12 months. May cancel anytime.
– Do not have to return phones
– Very limited offer
– Inquire for more details. We are a local company with local employees trying to develop a product that will do good for our community.

Cost, Innovation, and Agility driving adoption of cloud technology

According to a new study by Gartner, cost, innovation, and agility are driving the adoption of cloud technology.  There is a nice synopsis on Talkincloud.com

The most commonly cited reasons the survey found for deploying SaaS were for development and testing production/mission-critical workloads,” Gartner Research Vice President Joanne Correia said in a prepared statement. “This is an affirmation that more businesses are comfortable with cloud deployments beyond the front office running salesforce automation (SFA) and email.

  • 44 percent of respondents said overall cost reduction is their main reason for investing in cloud apps. Senior business executives (excluding CIOs) also rated cost reduction as a key benefit for investing in cloud apps, but not at the same rate as IT professionals
  • Researchers said the key drivers for SaaS included the fact that “hands-off” IT enables an organization to redirect a limited in-house staff to other responsibilities since the SaaS provider is responsible for ongoing IT support
  • Security, privacy and fear of government snooping remain leading concerns for respondents that do not use public cloud-based models
  • The traditional deployment model for on-premises software is expected to shrink from 34 percent today to 18 percent by 2017.

RingRx’s focus is entirely on bringing this benefit to your organization’s telecommunications.  We bring HIPAA compliant VOIP solution to you, keeping you talking and fully compliant without the effort or cost of trying to do it yourself with outdated systems.

Hospital Hit with $3.3 Million fine for PHI Breach

New York and Presbyterian Hospital has agreed to a $3.3 million fine for a breach of unsecured protected health information following an investigation by the Office of Civil Rights in the Department of Health and Human Services.  Details of the case are here.

Some of the details and the amount of the fine are troubling for healthcare providers:

a. NYP impermissibly disclosed the ePHI of 6,800 patients to Google and other Internet search engines when a computer server that had access to NYP ePHI information systems was errantly reconfigured

b. NYP failed to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI.

c. NYP failed to implement processes for assessing and monitoring all IT equipment, applications, and data systems that were linked to NYP patient data bases prior to the breach incident, and failed to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

RingRx, The Phone System for Doctors, keeps you compliant in one of the areas you may not be thinking about:  Your phone system.  Other cloud PBX systems are not compliant and you are exposed to violations if you use a such a cloud system that does not adequately protect voice data of your patients.

Office of Civil Rights New Budget Increase for HIPAA Audits

After increasing funding and oversight of healthcare providers management of PHI, the Office of Civil Rights, the Federal organization charged with responsibility, will expand its audit program substantially.

General Authorities: OCR administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules. OCR is responsible for policy development through the issuance of regulations and guidance. OCR also provides outreach and technical assistance to the regulated community to ensure covered entities and business associates understand their compliance obligations and to the public to increase individuals’ awareness of their HIPAA rights and protections. OCR enforces the HIPAA Rules by investigating complaints and conducting compliance reviews of alleged violations of the HIPAA Rules, providing technical assistance and obtaining corrective actions, as well as entering into resolution agreements or issuing civil monetary penalties, where appropriate. OCR resolved more than 15,000 complaints of alleged HIPAA violations in FY 2014.

HIPAA Audit Program: The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR conducted a pilot program to ensure that its audit functions could be performed in the most efficient and effective way, and in FY 2015 will continue designing, testing, and implementing its audit function to measure compliance with privacy, security, and breach notification requirements. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.

RingRx communications solutions help you ensure compliance of HIPAA by protecting PHI created during telecommunications.

 

 

 

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions