Healthcare

The old adage, "Money can make you do crazy things," can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered by the U.S. government several years ago to implement electronic health record (EHR) systems at hospitals and other healthcare organizations. In order to qualify for these incentive payments, healthcare organizations were required to carry out regular security risk assessments to show they were meeting the HIPAA Security Rule requirements. While a large number of healthcare organizations properly followed the rules and carried out the security risk assessment required, a select number received the incentives without doing so.

If your hospital or clinic uses a Windows 7-based version of a Siemens PET/CT or SPECT system, it could be vulnerable to attack by a relatively low-skill hacker, according to a July 26 security advisory from the company.

Last week, the WannaCry ransomware attack hit over 150 countries and infected tens of thousands of systems worldwide. Among those victimized were England’s National Health Service, automobile manufacturers, and government systems. The worm’s ominous red ransom screen, informing the user that all files have been encrypted, was found on only on users’ desktops, but also on ATM screens, parking meters, digital billboards, and industrial control systems.

We’re gearing up for what’s in store in the healthcare arena in 2017 by attending HFMA’s Mid-South Institute. Attendees from Missouri, Arkansas, Mississippi, and Tennessee have gathered to learn of updates in healthcare and how to embrace for the year ahead. Here are a couple of themes that were reinforced during the conference:

This commentary originally appeared September 20 on the HORNE Cyber Blog.

A breach of a healthcare provider can have a serious impact, both in terms of financial loss and patient confidence. HIPAA violations can involve fines of up to $50,000 per patient record, and in many cases, attackers are able to access all of a provider’s patient records.

There’s no denying it—healthcare data has gone digital. The days of paper health records are fast disappearing, and if the Centers for Medicare & Medicaid Services have their way, we won’t be going back. CMS has built meaningful use of electronic health records into its plans for a number of years, and the healthcare industry is responding.

Recently, I received a call from a close friend who wanted advice because his small company had been the victim of a ransomware attack. A hacker had locked the company out of all significant business applications, compromised all the backups, and wanted $250 in the form of Bitcoins to unlock the system. The IT manager tried to restore the systems without paying and without success.

One of our favorite sessions at the AHLA Annual Meeting is the Year-in-Review by Jack Schroeder and Elizabeth Carder-Thompson. It is a great way to get caught up on a year’s worth of activity in health law in 120 minutes. Out of the volumes of information Jack and Elizabeth read to summarize for conference attendees, we found 10 pieces of information that were particularly interesting for our practice in these days of constant and rapid change. We felt these would be worth sharing:

If I had to guess, I’d say you are reading this on your iPhone, iPad, Galaxy or some other mobile device. I’m not clairvoyant; research shows more than half of all emails are opened on mobile devices. It’s likely that if you use tablets or smart phones, you use them in almost every facet of your life from communicating with your friends, family members and work associates to helping with homework, paying bills and working from home. Fortunately, the security built into the systems is generally adequate for most of your personal needs. 

Recently, thousands of medical transcripts detailing the medical histories of children and adults, as well as notes made by doctors and psychiatrists, were publicly listed on an Internet search engine. Without proper encryption, confidential and extremely personal information was exposed to anyone who wanted to access it.

It’s a sign of the times – Dr. Phil McGraw attended this year’s Consumer Electronics Show to pitch his new app “Doctor on Demand.” His app allows a patient with a smart phone or tablet to access a board-certified doctor or psychologist for about the cost of an office visit co-pay. DOD has 1,400 physicians and 300 psychologists in its network.