Cisco Blogs


Cisco Blog > Corporate Social Responsibility

How Web Conferencing Is Helping HIV/AIDS Patients in Kenya

December 4, 2013 at 9:09 am PST

profile_dr_ndwigaThis post was written by Dr. Stanley Ndwiga, Outreach/Project Doctor at Gertrude’s Children’s Hospital in Nairobi, Kenya. It was originally published on the Huffington Post.

Ten years ago, an AIDS epidemic was ravaging Kenya and other countries in sub-Saharan Africa. In one year alone, as many as 40,000 Kenyan infants were born HIV-positive, and only 30 percent of them could expect to see to their 5th birthday. Millions of Kenyan adults succumbed to AIDS, orphaning many millions more.

Today, thanks to better drugs, community outreach, and education, fewer Kenyans are acquiring HIV, and the number of those who have AIDS has fallen to 1.2 million, or 1 in 20 Kenyan adults. It is still a significant number, and we have a lot of work yet to do.

At Gertrude’s Children’s Hospital in Nairobi, clinicians have been given a big boost in that effort through web conferencing technology.

Photo courtesy Gertrude's Children's Hospital

Photo courtesy Gertrude’s Children’s Hospital

Read More »

Tags: , , , , ,

9 of 9 HIPAA Network Considerations

The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. The Department of Health and Human Services’ Office for Civil Rights has stated several times that both Covered Entities and Business Associates will be audited.  And the scope of Business Associates has greatly expanded.  I wrote another blog directed towards these new Business Associates.  This final blog of this series focuses on covered entities that work with business associates.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

The HIPAA Omnibus Final Rule changed the Business Associate definition, and also makes Business Associates obligated to comply with HIPAA.  You most likely will have more business associates than previously, and those business associates that have access to your network and/or your PHI data are obligated to be HIPAA compliant.    The Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy and Data Security (December 2012), reveals that 42% of the breaches involved a third party “snafu”.

blog9

Read More »

Tags: , , ,

8 of 9 HIPAA Network Considerations

Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category.  It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected.  Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.

On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer.  What is your tolerance for “not knowing?”  Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?

Source: Verizon 2013 Data Breach Investigations Report

Source: Verizon 2013 Data Breach Investigations Report

Read More »

Tags: , , ,

UCS E-Series: A Platform for Innovation | Inside the Branch

We’re in November now, so of course it’s getting chilly outside -- even here in California! This means the holidays are right around the corner and retailers are gearing up for their busiest time of year. A growing trend these days is that more than half of holiday shoppers with smartphones plan to use these devices while shopping (53.8%, National Retail Federation). What better motivation for retailers to increase sales in all of their stores this season than by enhancing customers’ shopping experience with something like Facebook?

On the other side of town unfortunately, the holiday season goes hand-in-hand with the sniffling and coughing brought on by the winter cold and flu season. As usual, doctors will expect an influx of patients in their offices in the coming months. IT staff at hospitals need to prepare for the increased medical data traversing through the network and beyond.

Cisco UCS E-series on the ISR-AX is a consolidated solution in a single platform. With this solution, retailers can virtualize and host POS, video surveillance, and other applications.  Doctors in medical offices of any size can focus on taking care of their patients rather than worry about the network slowing them down.

Read More »

Tags: , , , , , , , , , ,

7 of 9 HIPAA Network Considerations

The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. At the HIMSS Privacy and Security Forum in Boston on Sept. 23, Leon Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights said to those who are wondering how the new rule will be enforced: “You’ll see a picture of where we’ll spend our energies” based on previous enforcement actions.  Enforcement actions to date have focused on cases involving major security failures, where a breach incident led to investigations that revealed larger systemic issues, Rodriguez said.

On our list of 9 HIPAA Network Considerations, it is timely that our topic in this blog is on #7, Security best practices are essential.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

The general rule for the HIPAA Security Rule is to ensure the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted [45 CFR 164.306(a)].  Protect against threats to PHI.  That relates directly to network security best practices.  In the 2012 HIPAA audits, security had more than its share of findings and observations, accounting for 60% of the HIPAA audit findings and observations, even though the Security Rule accounted for only 28% of the audit questions.  At the NIST OCR Conference in May, OCR presented the summary below.

7 of 9

Read More »

Tags: , , ,