Cisco Blogs


Cisco Blog > Healthcare

8 of 9 HIPAA Network Considerations

Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category.  It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected.  Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.

On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer.  What is your tolerance for “not knowing?”  Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?

Source: Verizon 2013 Data Breach Investigations Report

Source: Verizon 2013 Data Breach Investigations Report

Read More »

Tags: , , ,

UCS E-Series: A Platform for Innovation | Inside the Branch

We’re in November now, so of course it’s getting chilly outside -- even here in California! This means the holidays are right around the corner and retailers are gearing up for their busiest time of year. A growing trend these days is that more than half of holiday shoppers with smartphones plan to use these devices while shopping (53.8%, National Retail Federation). What better motivation for retailers to increase sales in all of their stores this season than by enhancing customers’ shopping experience with something like Facebook?

On the other side of town unfortunately, the holiday season goes hand-in-hand with the sniffling and coughing brought on by the winter cold and flu season. As usual, doctors will expect an influx of patients in their offices in the coming months. IT staff at hospitals need to prepare for the increased medical data traversing through the network and beyond.

Cisco UCS E-series on the ISR-AX is a consolidated solution in a single platform. With this solution, retailers can virtualize and host POS, video surveillance, and other applications.  Doctors in medical offices of any size can focus on taking care of their patients rather than worry about the network slowing them down.

Read More »

Tags: , , , , , , , , , ,

7 of 9 HIPAA Network Considerations

The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. At the HIMSS Privacy and Security Forum in Boston on Sept. 23, Leon Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights said to those who are wondering how the new rule will be enforced: “You’ll see a picture of where we’ll spend our energies” based on previous enforcement actions.  Enforcement actions to date have focused on cases involving major security failures, where a breach incident led to investigations that revealed larger systemic issues, Rodriguez said.

On our list of 9 HIPAA Network Considerations, it is timely that our topic in this blog is on #7, Security best practices are essential.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

The general rule for the HIPAA Security Rule is to ensure the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted [45 CFR 164.306(a)].  Protect against threats to PHI.  That relates directly to network security best practices.  In the 2012 HIPAA audits, security had more than its share of findings and observations, accounting for 60% of the HIPAA audit findings and observations, even though the Security Rule accounted for only 28% of the audit questions.  At the NIST OCR Conference in May, OCR presented the summary below.

7 of 9

Read More »

Tags: , , ,

Can the IoE Revolutionize Alternative Medicine?

November 1, 2013 at 11:35 am PST

The other week I found myself chatting with a fellow healthcare (and Cisco) enthusiast on Twitter about alternative medicine and I experienced an Aha! moment – alternative medicine may soon have an entirely new face if it’s driven by consumer adoption of advanced (and in many cases, currently available) technologies.

@petra1400

Let me explain. I recently wrote a post about the true price of affordable healthcare, which focused on the innovative technologies that will help make healthcare more efficient overall by incorporating dynamic monitoring techniques as a means of prophylactic care. When I wrote that post, I didn’t realize I was actually describing a new age of alternative medicine!

When most of us think of alternative medicine (myself included), we initially associate it with traditional homeopathic remedies and elements from Eastern medicine like acupuncture and herbal therapies. Read More »

Tags: , , , ,

Summary What Moving to the Cloud Means for Healthcare Organizations

November 1, 2013 at 10:50 am PST

A lot of our data center customers are in the healthcare industry --  This topic is close to my heart, as I used to work in this field several years ago. Healthcare organization are facing specific challenges  in moving to the cloud, that Cisco and partners address carefully.

IT innovation and integration in healthcare is on the rise, causing a fundamental shift for healthcare organizations. As economic factors and government regulations begin to push more and more independent physician practices to the cloud, healthcare organizations now work with cloud service providers and share the responsibility to meet regulatory demands set forth in the recent package of HIPAA changes.  So what does this move to the cloud mean for healthcare organizations?

According to Kathy English, Global Senior Director for Cisco,

“As more healthcare professionals move to the cloud, IT organizations need to evaluate how to federate public cloud services with their private cloud efforts. This type of transformation will require organizations to look beyond just building a private cloud. They need to build and buy a secure, scalable, and reliable network that supports privacy, high availability, and mobility, all while meeting cost targets.”

It is clear that the new HIPAA regulations require a more shared responsibility between IT and service providers, but with a certified Cisco Powered cloud provider, healthcare organizations can be empowered to expand both their private and public cloud solutions.

Read the full What Moving to the Cloud Means for Healthcare Organizations blog post to learn more and join the conversation on Twitter using the hashtag, #CiscoCloud . We’d love to hear from you!

 

Tags: , , ,