Tag Archives: HIPAA

Eric Marcus, CEO of Marcus Networking.

What Happens if you Lose a Laptop with Patient Information?

The government is starting to implement the HIPAA-HITECH Encryption Requirements 2012. If you choose not to encrypt data, the HIPAA Security Rule states you must implement an equivalent solution to meet the regulatory requirement. The law leaves encryption open to interpretation since covered entities vary when it comes to network and network usage, depending on the type and size of business.

Typically, if a doctor or nurse loses a laptop with patient data on it, they are required to report it.  But, now Marcus Networking, Inc. has a solution that meets FBI and government regulations.  It’s an encryption software program, that is installed on all devices (computers, handheld devices, etc.) with patient information and if it’s ever lost or stolen, the information can’t be recovered.  When the device boots up, it won’t open and hackers can’t get in.  The program is highly sophisticated and hackers haven’t been able to crack the password to get in.  The software program can take as little as 20 minutes to install and runs approximately $100 to $2,000, depending on the scope of work.

To learn more, contact Marcus Networking at 602-427-5027.

Health Insurance

The CORE Institute Selects SmartPager

To more quickly and efficiently share images, voice, and text between physicians and patients, The CORE Institute® announced it has selected SmartPager™, a HIPAA compliant secure messaging service that overcomes traditional limitations of one-way pagers and privacy issues associated with text messaging.  The service is easy to use with many different types of smart phones.

“We have seen a positive impact with the new platform” says Cassie Caliendo, Vice President of Contact Center with The CORE Institute.  “The time taken to reach a provider has been reduced to seconds.  The system automatically sends the message to the on-call provider and tracks the delivery, escalating if required.  The dashboard gives the entire team a clear view of our communications as they unfold in real-time.”

Dr. Jason Scalise, Orthopedic Shoulder Surgeon with The CORE Institute, speaks to some of the advantages of using their new platform.  “We’re able to share images, voice, and text, reducing the time required to effectively communicate.   If I am busy or in surgery, the message is automatically escalated to my backup.  We can spend more time focused on what really matters, which is providing best-in-class orthopedic care to our patients. ”

SmartPager was selected after an extensive 12-month market search; an evaluation a beta testing period proved the technology service could deliver on The CORE Institute’s demanding communication requirements in sending real-time, critical, HIPPA compliant communications to nearly 100 providers in 16 locations from Arizona and Michigan.

Delta Dental names Director of Legal Affairs

Delta Dental of Arizona is pleased to announce the hiring of Anne Bishop as the dental insurance company’s Director of Legal Affairs and Compliance.

“We are thrilled to welcome Anne to the Delta Dental team,” said Allan Allford, CEO for Delta Dental of Arizona. “Her expertise in health care law will be an asset as we prepare for the launch of private dental exchanges and other aspects of the Affordable Care Act.”

A magna cum laude graduate of Arizona State University’s Sandra Day O’Connor College of Law, she has extensive commercial and healthcare litigation experience. Prior to joining Delta Dental, Bishop served as an associate attorney for Snell & Wilmer L.L.P. in Phoenix, where she focused on health care services, health care transactions, compliance and regulatory matters.

Bishop’s expertise includes seven years of experience analyzing and researching legal issues in healthcare, advising clients on HIPAA and other healthcare compliance issues, and coordinating intra-company fraud investigations. In addition, Bishop spent nearly 14 years with the National Security Agency, where she received more than a dozen awards for outstanding performance and exceptional contributions to the intelligence community. Bishop also holds a bachelor of arts in international relations from the University of Pennsylvania.

AzHHA’s 2010 Annual Membership Conference - AZ Business Magazine Sept/Oct 2010

AzHHA’s 2010 Annual Membership Conference Is Aimed At Helping Members Prepare For Change

With the health care field on the brink of a major upheaval, the Arizona Hospital and Healthcare Association’s (AzHHA) 2010 Annual Membership Conference offers members information on what to expect in the future.

The theme, Bringing the Future into Focus, incorporates a mix of topics and speakers intended to appeal to a diverse hospital audience. Attendees will hear from leading economists, patient safety experts, health care visionaries and others.

LeAnn Swanson, vice president of education services for AzHHA, says the conference is the ideal venue to bring the new health care reality into full focus.
“Some of the best minds in the industry will be providing hard-hitting education and thought-provoking commentary,” she says. “This conference is intended for the entire hospital family, including the C-suite leadership team, hospital trustees, legal counsel, operations, quality, patient safety, human resources, and marketing officers.”

This year’s conference, Oct. 14-15 at The Buttes Resort in Tempe, kicks off with a keynote session featuring Lowell Catlett, Ph.D., regent’s professor, dean and chief administrative officer at New Mexico State University’s College of Agricultural, Consumer and Environmental Sciences. He will speak on the present and future of the economy.

Catlett notes that economic downturns are common — with 14 recessions during the past 80 years — and provide a means for society to re-balance what it deems to be important.

“Every recession leads to a spurt in new business starts, reformulation of business practices and new technological adaptations,” he says. “This current pause is no exception as we focus on what we value most. Get ready for phenomenal growth in health care, energy and lifestyle markets. For those willing to embrace the opportunities, the next decade will be successful beyond any in history.”

Immediately after Catlett’s presentation on Oct. 14, the general session will feature Ron Galloway, director of the documentary “Why Wal-Mart Works and Why That Makes Some People Crazy,” and the newly released “Rebooting Healthcare.” His topic, Wal-Mart and the Future of Healthcare, covers in-store health care clinics that offer everything from eyeglasses to flu shots to urgent care.

Galloway says the discount retailer aims to leverage its 4,000 stores into the largest force in American health care.

At the Oct. 15 breakfast meeting, sponsored by the American College of Healthcare Executives (ACHE), Chris Van Gorder, president and CEO of Scripps Health in San Diego and ACHE 2010-2011 chairman, will offer a look at Scripps’ medical response team. Van Gorder will describe the team’s efforts in the Hurricane Katrina-ravaged Gulf of Mexico, San Diego after its massive wildfires and quake-stricken Haiti.

Concurrent breakout sessions will look at the key drivers of physician behavior and the natural tension that exists in doctor-hospital relationships; trends and technologies that are “re-forming” health care in unexpected and beneficial ways; and the notion of being in a health care bubble with a high potential for a correction over the next five years.

The closing session will feature John Nance, author of “Why Hospitals Should Fly,” which was named the 2009 book of the year by the ACHE. Based on his book, Nance offers some solutions to the patient safety and quality-care crises that resonate deeply with all health care audiences.

The conference also will feature AzHHA’s annual awards luncheon, and a president’s reception that will give attendees an opportunity to say goodbye to the organization’s longtime president and CEO, John Rivers, as he nears retirement. The reception also will serve to introduce AzHHA’s new leader, Laurie Liles.

Along with the conference, during the upcoming year AzHHA also will offer a series of webinars and other events of interest to members of the hospital and health care industry, as well as representatives of the business community, Swanson says. The emphasis will be on compliance-related topics, including rules and regulations of the Centers for Medicare and Medicaid Services, the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Emergency Medical Treatment and Labor Act, also known as EMTALA.

To learn more about upcoming education opportunities from AzHHA and to register for conference events, visit www.azhha.org/educational_services and click on education events.

    Arizona Hospital and Healthcare Association’s
    2010 Annual Membership Conference

    Oct. 14-15
    The Buttes Resort
    2000 Westcourt Way, Tempe

Arizona Business Magazine Sept/Oct 2010


The New Year Brings New Federal Security And Privacy Rules To The Health Care Industry

The economic stimulus bill passed this year included a number of important modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Health Information Technology for Economic and Clinical Health Act (HITECH), which was enacted as part of the American Recovery and Reinvestment Act of 2009, modified HIPAA’s Privacy Rule and Security Rule. One significant modification is a completely new requirement that individuals, and in some cases the media and the U.S. Department of Health and Human Services (HHS), must be notified when an individual’s unsecured protected health information is breached.

Protected Health Information, or PHI, is individually identifiable health information in any form that is created or received by a “covered entity” such as a health plan, a health care clearinghouse or a health care provider who engages in certain electronic transactions. PHI relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or payment for that care.

The new breach notification requirements apply only to “unsecured” PHI. HITECH provides that PHI is secure and not subject to the breach notification rules if the data is encrypted according to specific standards of the National Institute of Standards and Technology (NIST) or destroyed and unable to be read or reconstructed.

Before HITECH, HIPAA did not require a covered entity to notify an individual about a breach of PHI, although some covered entities did so voluntarily. HITECH removes any discretion a covered entity once had with respect to notification about a breach of unsecured PHI. The HITECH breach notification requirements became effective Sept. 23, but enforcement is delayed until Feb. 22, 2010, to enable compliance.

When a breach occurs
HITECH requires that when a breach of unsecured PHI is discovered, the covered entity must notify every individual whose unsecured PHI has been, or is reasonably believed to have been affected. A breach is the acquisition, access, use or disclosure of PHI in a manner that violates HIPAA and that compromises the security or privacy of the PHI.

A breach will occur if four requirements are met:

  • The information is used or disclosed in a manner not authorized under HIPAA.
  • The information is unsecure.
  • The use or disclosure poses a significant risk of financial, reputational or other harm to the individual.
  • The use or disclosure does not meet the requirements of a specific exception.

Risk assessment
If an unauthorized use or disclosure of unsecured PHI occurs, a covered entity (or business associate) must engage in a risk assessment to determine if notification of the breach is required.

The risk assessment will include reviewing the facts surrounding the incident and the nature of the data involved. The covered entity (or business associate) will analyze whether the data was accessible and usable and the likelihood that the breach will actually harm the individual. As part of the assessment, the ability to mitigate harm also might be considered. The HIPAA compliance effort of a covered entity will now include the adoption of policies and procedures for conducting and documenting a risk assessment upon uses or disclosures that compromise the security or privacy of PHI.

There are three specific exceptions to the HITECH breach notification requirements:

  • Unintentional access by a covered entity or business associate’s work force that is in good faith, within the employee’s general employment functions and does not result in further use or disclosure.
  • Inadvertent disclosure from one covered entity or business associate employee to another similarly situated employee.
  • Situations in which the recipient is not able to retain the information.

Individual notice
When a reportable breach of unsecured PHI occurs, the individual whose PHI is affected must be notified within 60 days after the information is, or is reasonably believed to have been, breached. A breach is considered discovered on the first day it is known to a member of a covered entity’s work force (other than the one committing the breach) or should have been known if the covered entity exercised reasonable due diligence. A covered entity’s HIPAA compliance effort will now have to include policies and procedures for detecting and identifying breaches.

Written notice must be given to the individual at the last known address describing what occurred, including the date of the breach and date of discovery. The types of PHI involved must be identified, and steps the individual should take to protect himself from harm must be included. The notice must provide contact information and describe what the covered entity is doing to investigate the breach, mitigate harm and prevent future breaches.

Large breach-media notice/HHS notice
If a breach of PHI involves 500 or more residents of a state, the covered entity must notify prominent media outlets in that state. If the breach involves 500 or more people (regardless of the state), HHS must be notified. HHS will maintain a Web site listing details of large breaches.

Small breach-HHS notice
For breaches affecting fewer than 500 individuals, a covered entity must maintain a log documenting the breach. The breach must be sent to HHS within 60 days of the end of each calendar year.

HITECH requires covered entities and business associates to take careful look at unauthorized uses and disclosures of PHI. Implementing policies and procedures now, before a breach occurs, is essential for addressing future problems.