The HIPAA Omnibus Final Rule, released January 2013, goes into effect this month – Sept 23, 2013. Over the last several weeks, I’ve been posting a blog series around nine HIPAA network considerations.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
This blog focuses on #6 – Risk Management is Continuous.
You can look at the Risk Management implementation specification as the actions taken in response to the Risk Assessment. The HIPAA Security Rule defines Risk management (Required): “Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with [§ 164.306(a)]”
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information
One common mistake companies make in compliance programs is taking the approach that once the work is done, the network doesn’t have to be looked at again for compliance. If they put the security programs, processes, and technologies in place, they don’t have to spend time on compliance until next year (or the year after that, or even longer).
This makes compliance a onetime effort that is then ignored. Worse, securing PHI often follows the same path, making it easy to hack and steal, causing a lot of problems for everyone involved. Risk management―reducing risk―needs to be a continuous activity. Through your risk assessment, you’ll know where your PHI is, what your highest risk factors are, and where to implement more continuous risk management tools in the network.
Continuous risk management does not mean tracking every single event on every single device throughout the network. It may mean turning on automatic alerts on critical devices, setting traffic thresholds in network areas where PHI resides, logging anomalous events in those critical areas, and using network management tools to make sense of all this information the network devices are collecting.
Risk management is about a lot more than achieving HIPAA compliance, reducing risk to PHI and helping to prevent theft of PHI is of critical value.
Recommendation: Understand where you should implement continuous risk management, and what logging, alert, detection, and management tools you already have that can help with risk management.
To learn more about Cisco® compliance solutions and HIPAA services, please visit http://www.cisco.com/go/compliance
Tags: healthcare, HIPAA, PCI Compliance, security
No longer does your organization need to incur the sometimes unreimbursed cost of hiring one-on-one patient sitters, dedicating staff that can be better utilized elsewhere, or imposing on distressed family members to sit by their family member’s bedside around the clock.
With Cisco Virtual Patient Observation, centralized staff can observe multiple high-risk patients over your hospital’s existing network, and quickly alert caregivers if a patient is at risk.
This is one of those rare solutions that can pay for itself in months not years.
If this sounds “too good to be true”, then we invite you to join a live educational webcast that I’m hosting on September 12th at 11PST / 2EST to learn first-hand how HCA’s Clear Lake Regional Medical Center worked with Cisco to integrate Virtual Patient Observation into their operation.
You’ll learn about Clear Lake Regional Medical Center’s approach to implementing Cisco Virtual Patient Observation, the hurdles they encountered, and the lessons they learned along the way to a highly successful implementation and a satisfying ROI.
We’ll hold a live Q&A at the end so you can ask your questions directly of the experts.
Register now to hold your spot. If you can’t make the live webcast on September 12, you’ll want to register anyway so that we can send you the replay link.
In the meantime, if you’d like to learn more about Cisco Virtual Patient Observation, here’s how to get started:
- At-a-Glance: Benefits of Virtual Patient Observation
- Blueprint: Take advantage of existing networking investments for rapid investment payback
- Ten use cases: Real-life scenarios for using video surveillance in hospitals
- Request a call from Cisco: Discuss how video surveillance can help you lower costs and improve patient safety
Tags: Cisco, healthcare, security, video
If you are planning to attend the American Telemedicine Association Fall Forum at the Sheraton Centre in downtown Toronto, be sure to make time to visit the Cisco booth. I will be on hand, along with key members of the Cisco Canadian healthcare team, and we look forward to discussing your upcoming telehealth projects.
You can even register for a complimentary VIP pass to the exhibit hall by using this code: EXHVIPFF2013.
Read More »
Tags: connected healthcare, healthcare, healthpresence, jabber, telehealth, TelePresence
Most everyone has heard the phrase, “There’s no such thing as a free lunch,” a phrase referencing the fact that everything has a cost and if you’re not paying for it, someone else is. In the US today, the largest age group in our population is comprised of Baby Boomers (people born between 1946 & 1964) and that group is putting a significant strain on our healthcare system just because of the number of people and median age in this category.
That strain, in combination with the current economic climate and Medicare’s general lack of resources has produced a recipe for disaster. If the government wishes to provide healthcare to a growing number of people with increasingly limited resources, the government will have to cut back on healthcare costs elsewhere, which will likely compromise the quality of healthcare offered and/or the number of people subsidized healthcare is offered to. This post isn’t meant to be a sob story – there are a ton of technologies, both current and in-development, capable of picking up some of the slack. The real question is, are we willing to pay the price?
Read More »
Tags: 3D sensors, biometric, hc, healthcare, IoE, medicare, MotoX, privacy, Xbox
It’s truly amazing to think about the possibilities that advances in technology have unlocked. No longer do the barriers of time and distance have to limit the ability for anyone to access education, healthcare and government services. We can now connect with the push of a button. And often, it allows us to help the people who need it most.
I recently read an article by Bryant Jordan of Military.com that discusses how the Department of Veterans Affairs (VA) is changing the lives of veterans across the U.S. and helping meet their unique healthcare needs via telehealth. Veterans are able to meet with primary care physicians and specialists from the comfort of their home, minimizing the pain and hassle of traveling to medical facilities, which are often many miles away. There’s no doubt technology has provided convenience and improved access to healthcare, but the VA has seen other positive results as well. By increasing veterans’ ability to access medical professionals and services, improving follow-up and ongoing services, inpatient bed days have been reduced by 58% and admissions have declined by 38%. Read More »
Tags: collaboration, govtech, healthcare, innovation, telehealth, telemedicine, TelePresence