Technology & Information Systems

spinningPlatesiStock_000011904878_LargeIt’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.
Continue Reading The 10 Key Activities for Effective Data Breach Response – Are You Prepared?

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, employees and its CEO, Joseph R. Swedish. The haul is reported to have included names, birthdates, social security numbers, medical identification numbers, street and email addresses and employee income data. Fortunately, there’s no indication at this point that credit-card numbers, claims information, test results or diagnostic codes were compromised as part of the crime. That said, to minimize the potential harm, Anthem has called in the FBI and is notifying affected individuals and offering free credit and identity-theft monitoring.
Continue Reading Another notch in the hacking holster: Cyber outlaws hit Anthem hard

Seemingly picking up where we left off in our recent white paper and Advisory Board article, the Obama administration released a 166-page draft plan January 30th intended to drive providers and patients toward a common set of electronic clinical information and a commitment to more fully connected EHR systems by the end of 2017.
Continue Reading Interoperability 2017 – Will the latest government plan be the golden spike that connects the EHR rails?

After a protracted legal battle resolved in the favor of Teladoc, Inc. (Teladoc) on Dec. 31, 2014, (see Teladoc, Inc. v. Texas Medical Board, No. 03-13-00211-CV, Tex. App. 3rd, Austin) and clarifying that Teladoc physicians could prescribe dangerous drugs based on a telephonic evaluation, the Texas Medical Board (TMB) wasted no time in issuing an emergency rule Jan. 16, 2015, that significantly limits the use of telephones in the practice of medicine.
Continue Reading Big Redial – Texas telephone medicine terminated?

By now you have probably heard about the ongoing FIN4 cyber attacks on publicly traded entities in the healthcare and pharmaceutical industries. If not, here’s a brief recap.

On Sunday, Nov. 30, security consulting firm FireEye published a report on the current hacking efforts of a group dubbed FIN4. FIN4 has targeted more than 100 organizations, 68 percent of them publicly traded healthcare and pharmaceutical companies, stealing non-public information for illicit trading advantage. Additional targets include law firm partners and M&A consultants privy to proprietary information on imminent merger and acquisition transactions or other non-public, market-moving developments.
Continue Reading Data security lessons learned from FIN4 cyber attacks

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks.

Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues.

A new White Paper, Driving the Golden Spike:

The Food and Drug Administration (FDA) released a new Draft Guidance June 20, 2014, that would make significant changes to the way mobile medical devices are regulated, despite only being claimed by the FDA in September 2013. In that original Guidance, the FDA defined a new industry that it intended to regulate: the creators and providers of mobile medical apps. Such apps originally included many different kinds of apps, from blood glucose monitors to apps that displayed MRI or ECG visual data.
Continue Reading Update: The changing landscape of mobile medical app regulation, less than one year later

The Federation of State Medical Boards recently endorsed a model policy that addresses the proper use of telemedicine services.  Only a few weeks later, a not-for-profit foundation released  a report highlighting the benefits of telemedicine and making recommendations for telehealth services.  It’s no surprise that telehealth and telemedicine have been in the news with increasing frequency given that the demand for telemedicine services are rising sharply.  According to a Law360 article, Deloitte Touche Tohmatsu Ltd. estimates that 75 million digital doctor visits will occur this year in North America.
Continue Reading Organizations Aim to Standardize Telehealth Practices

“End-users, sysadmins, and developers lead the pack when it comes to mucking things up, though pretty much all of us are guilty.” These are simple, yet telling, words from the 2014 Data Breach Investigations Report released this week by Verizon.

The report statistics indicate:

  •  46 percent of all data security incidents in healthcare come from theft or simply losing a laptop or other device containing confidential information—triple that of almost all other industry sectors


Continue Reading Low-tech errors account for most healthcare data security incidents

First, kudos to AHIMA for helping raise information governance awareness by sponsoring a Twitter chat on February 20, “Global Information Governance Day.” As an information governance professional, I am encouraged that industry associations like AHIMA are picking up the reins to drive both the visibility and importance of information governance in the enterprise.

As Lynne