To insure that your Business Associates are doing what they can to prevent a breach it is important that they’re using encrypted devices. This includes anything that can be removed from the office or accidentally left behind. After all, we’re all human, and mistakes do happen. This is an interesting piece about the importance of keeping your devices secure from a breach.
This is an interesting article about why it’s important to make sure that your Business Associates are using adequate security precautions. It’s necessary for the BA to ensure that appropriate steps are taken to keep patient information private. This is something that the phone system provided by RingRx will do automatically, saving you the trouble.
All healthcare companies that deal with HIPAA compliance may have issues with a breach. It is important to report all such activities. This is something that will be lessened if you have proper encryption with a phone system that is HIPAA compliant.
Here is a great article that summarizes the risks medical practices face, even if you suffer a small breach.
The Office of Civil Rights at the federal department of Health and Human Services conducted an investigation into a Massachusetts eye care group following a report of a security breach filed by the group. The investigation discovered several potential areas of violations including failure to adequately secure ePHI. The original security breach that resulted in the report was the theft of an employee laptop that contained ePHI. The was for totals $1.5 million.
See the story here
With rarely a week passing without another data breach, the news that they are on the increase is no surprise. This includes breaches of Protected Health Information, which presents special challenges to doctors and other health care providers.
The number of health data breaches has been increasing in recent years, and the most frequent type was theft, Marion Jenkins, PhD, said here at the annual meeting of the Healthcare Information and Management Systems Society.
Since 2009, there have been 1,185 data breaches as defined by the Health Insurance Portability and Accountability Act (HIPAA), said Jenkins, who is chief strategy officer at 3t Systems, a healthcare consulting firm in Denver. And the pace is accelerating, with an increase of more than 50% in the last 12 months. Breaches have so far affected 133 million patient records.
“You don’t have to be a really large organization to end up on the list,” Jenkins said. The largest breach involved 80 million records at the health insurer Anthem.
“secure all electronic protected health information against accidental or intentional causes of: unauthorized access, theft, loss or destruction, from either internal or external sources,”
Healthcare providers should also be aware that in addition to regulating the privacy of paper records, HIPAA also covers data from all types of electronic media — not just EHRs and data stored on laptops and computers, but also any data that winds up on memory sticks and cards, smartphones, and even fax machines and copiers, since most of them aren’t just fax machines and copiers any more but also function as scanners and printers, which means they hold electronic data, Jenkins said.
Cloud services present special challenges because networks and services are frequently provided by companies that have not taken the extra steps to achieve HIPAA compliance because most of their customers don’t need it. But if you are in healthcare, odds are you do need it. RingRx can help you avoid data breaches involving healthcare information in your communications systems.
Installing and managing a phone system in a small business has always been a nuisance. Business owners or managers rarely knew much about all options that were available. And up until a few years ago there were very limited options of carriers and systems to deliver the voice services to the end users in the office, the PBX. With the arrival of VOIP services, more options became available, but quality was, quite frankly, terrible during the first years.
But this has all changed in the past couple years with the improving broadband infrastructure and refinements to VOIP services. As a result, we are now in what I believe the beginning of the golden era of phone service. The result?
- Prices have plummeted
- Quality has improved
- Services are more refined
Here is a great article that sums up much of the changes that have occurred and what it means to small businesses. Let Someone Else Manage Your Phone System
RingRx is proud to announce the release of our new HIPAA compliant hosted PBX service. This system is fully integrated with our on-call solution and our mobile app. This service will be in beta phase for a couple months before we offer a wide release.
In the mean time, we are looking for some users to kick the tires of our new phone system. This is a state-of-the-art fully functioning cloud-based system that has been tested in several offices for the past 6 months. (There is no catch and this is not a gimmick – we do not even have anything to sell you at this point)
You will get:
– Up to 5 Free Polycom Phones
– Custom designed phone system
– Menus, options, greetings, voice mail
– Totally dedicated customer support
– 12 months free local and long distance (reasonable use)
– Custom recorded IVR (greetings, menus, etc)
– Voice Mail
– Voice mail to email
– Mobile app lets you check messages anywhere
– Local number/transfer existing number
– Multiple location
– Multiple extensions
– Virtual extension
– Much more
Who we are looking for:
– Professional office, like accountant, lawyer, architect, designer, medical, dental, etc. or other light to moderate call volume offices are ideal
– Available in Ventura, Santa Barbara, or LA County
– High call volume companies like call centers or sales offices are not eligible.
– 50% off published rate if you choose to continue past 12 months. We are not trying to make money, just cover costs.
– No commitment or contract to continue past 12 months. May cancel anytime.
– Do not have to return phones
– Very limited offer
– Inquire for more details. We are a local company with local employees trying to develop a product that will do good for our community.
According to a new study by Gartner, cost, innovation, and agility are driving the adoption of cloud technology. There is a nice synopsis on Talkincloud.com
The most commonly cited reasons the survey found for deploying SaaS were for development and testing production/mission-critical workloads,” Gartner Research Vice President Joanne Correia said in a prepared statement. “This is an affirmation that more businesses are comfortable with cloud deployments beyond the front office running salesforce automation (SFA) and email.
- 44 percent of respondents said overall cost reduction is their main reason for investing in cloud apps. Senior business executives (excluding CIOs) also rated cost reduction as a key benefit for investing in cloud apps, but not at the same rate as IT professionals
- Researchers said the key drivers for SaaS included the fact that “hands-off” IT enables an organization to redirect a limited in-house staff to other responsibilities since the SaaS provider is responsible for ongoing IT support
- Security, privacy and fear of government snooping remain leading concerns for respondents that do not use public cloud-based models
- The traditional deployment model for on-premises software is expected to shrink from 34 percent today to 18 percent by 2017.
RingRx’s focus is entirely on bringing this benefit to your organization’s telecommunications. We bring HIPAA compliant VOIP solution to you, keeping you talking and fully compliant without the effort or cost of trying to do it yourself with outdated systems.
New York and Presbyterian Hospital has agreed to a $3.3 million fine for a breach of unsecured protected health information following an investigation by the Office of Civil Rights in the Department of Health and Human Services. Details of the case are here.
Some of the details and the amount of the fine are troubling for healthcare providers:
a. NYP impermissibly disclosed the ePHI of 6,800 patients to Google and other Internet search engines when a computer server that had access to NYP ePHI information systems was errantly reconfigured
b. NYP failed to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI.
c. NYP failed to implement processes for assessing and monitoring all IT equipment, applications, and data systems that were linked to NYP patient data bases prior to the breach incident, and failed to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.
RingRx, The Phone System for Doctors, keeps you compliant in one of the areas you may not be thinking about: Your phone system. Other cloud PBX systems are not compliant and you are exposed to violations if you use a such a cloud system that does not adequately protect voice data of your patients.
After increasing funding and oversight of healthcare providers management of PHI, the Office of Civil Rights, the Federal organization charged with responsibility, will expand its audit program substantially.
General Authorities: OCR administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules. OCR is responsible for policy development through the issuance of regulations and guidance. OCR also provides outreach and technical assistance to the regulated community to ensure covered entities and business associates understand their compliance obligations and to the public to increase individuals’ awareness of their HIPAA rights and protections. OCR enforces the HIPAA Rules by investigating complaints and conducting compliance reviews of alleged violations of the HIPAA Rules, providing technical assistance and obtaining corrective actions, as well as entering into resolution agreements or issuing civil monetary penalties, where appropriate. OCR resolved more than 15,000 complaints of alleged HIPAA violations in FY 2014.
HIPAA Audit Program: The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR conducted a pilot program to ensure that its audit functions could be performed in the most efficient and effective way, and in FY 2015 will continue designing, testing, and implementing its audit function to measure compliance with privacy, security, and breach notification requirements. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.
RingRx communications solutions help you ensure compliance of HIPAA by protecting PHI created during telecommunications.