Healthcare Information Security Threats continue to remain as one of the top challenges in a Healthcare CIO’s priority list. 41 million individuals have had their protected health information compromised in reportable HIPAA privacy and security breaches, based on data released on November 2014, from the HHS Office for Civil Rights. ViSolve has researched and analyzed major HIPAA and Security Breaches of 2014 and recommended measures to secure Hospitals and Practices from potential breaches in future. Read More @ this linkHIPAA Security & Privacy Breaches 2014.
I think this is a huge topic for conversation. I must admit I have been in a kind of limbo because of this issue. I just cannot see a way to move forward into MU2 without coming out from behind my firewalls and intranet, and operating an internet server of some sort,which significantly increases your risk for this stuff. Besides which, doing that seemed to involve learning Linux server, wordpress, and the new openemr version in the middle of flu season. It may be better to face the eventual Medicare fines, than the type of fines your article refers to. In fact I likely have already procrastinated on this too long to be able to make 2015 attestation, unless they decide to back off to 3 months instead of 12. I get the sense that I do not hold a minority view that the world around me is just not ready for MU2, and pushing towards it as quickly as the regulations suggest provides little patient care value for great security risk. I understand the vendor thing, but in great part that would just take all the intellectual fun out of it.
Our first duty as physicians is to our patients & the confidentiality of their medical record. We were taught this from the first day in medical school long before HIPAA was conceived as a thought in Congress.
We like to think that ONC-HIT is staffed with thoughtful people who understands the greater ramifications of their mandates. I used the word “mandate” because the imposition of fines for non-compliance carries with it the force of law.
ONC-HIT does not seem to understand that the best form of communication between physician & patient is direct face-to-face contact because if a topic is particularly difficult to broach, body language is essential to understanding the patient’s needs.
It also does not understand that small practices do not the means to ward off cyber attacks. We spend the day caring for our patients while cyber criminals spend their time honing their hacking skills. In fact I understand there are hacking software for purchase so that the miscreants can devote more of their time concocting even more ingenious ways to breach security. I can imagine the cyber criminals salivating at the thought of the vast opportunities for identity theft opening before their eyes.
CVerk & I are quite capable of implementing the security measures suggested by the OpenEMR developers. That is not the problem. The problem is enabling Patient Portal which is a gigantic vulnerability. If the moat is deep, the gate doubly fortified, the turret is manned with archers & boiling oil; but there is a hole in the wall; the castle is breachable & therefore is not safe.
In short order we will learn what ill-considered policies & resulting devastation wrought by ONC-HIT. I for one will not attest to Stage 2 Core Measure 7. I think physicians have the most comprehensive & in depth understanding of best medical practices instead of government officials, however well intentioned.
I couldn’t agree with you more fsgl but is there any optimism regarding a change to the mandates. I think not. Rather, they will reappear as punishments via Medicare, Medicaid reimbursement. Well intentioned is not a satisfactory excuse.
I have the luxury of retiring tomorrow, so I can essentially tell ONC-HIT to go fly a kite.
My younger colleagues don’t have this option. That is the reason I helped in the push toward MU2 certification. The young folks are between a rock & a hard place.
Unfortunately Washington tends to think that because they pay the piper, they should call the tune; despite the fact that they are tone deaf & wouldn’t recognize a terrible tune if it bit them on the nose.
Until the American people suffer the consequences & express their outrage, ONC-HIT will continue blithely on the same path.
A non-medical “journal” the AARP newsletter had a dispariging article on the negative effect on care when the doctor uses an EMR. Get a bunch of old people mad and maybe there will be public pressure for change.
I finally beat you at one thing: retired December 31 :>)