ePHI Electronic Personal Health Record Information Breach is one of the most re-occurring news stories today.
The most recent story on the news was about hacking organizations from different countries combining their efforts in large ransom attacks holding ePHI (electronic personal health record information) hostage while waiting for ransom money. Federal regulations have been consistently revised over the past few years. But in all that has been revised, it is the one that seems the simplest and easiest that is really the most challenging. Federal regulations / OBRA recently slipped in the words “electronic media” or “electronic email” to be included when talking about resident rights specific to privacy, security and confidentiality. We have been talking about compliance programs for the last few years and have taken limited action but they have also now spelled it out in the OBRA regulations. Compliance program also means that we have to take responsibility for not only ourselves, but also all of our vendors. So more and more we are all in this together which was the original purpose of the system creating ACO’s. They wanted us to all be connected, which motivates us all to make sure that the baton gets passed correctly for not only care, but also in the protection of personal health information.
ePHI Electronic Personal Health Record Information Breach story.
HHS OCR, U.S. Health and Human Services Office of Civil Rights, collected 15 million dollars in the first half of 2016 on fines for breaches of ePHI (electronic personal health record information) in healthcare. Any kind of exposure of PHI is a breach. A physical exposure of ePHI in a facility or the hacking of ePHI it’s all the same results. Hacking of ePHI has increased over 300% in the last 3 years. The concerns of 2017 are MEDJACK and Ransomware. MEDJACK is a basically undetectable program that hijacks your device. Once MEDJACK has infiltrated your device, it jumps from device to device hijacking each one. Healthcare has been working for years to connect systems for better care consequently, being a hacker’s dream. ACA’s, Hospitals, SNF, Doctor’s office, etc., ransomware is hijacking information and basically collecting money for its return. The question today is not will you be affected. You will be affected, but will you be ready? That’s the only question. Healthcare cannot afford to not have elaborate systems in place. If you think because each facility is a separate LLC therefore, any breach can be contained, think again. They have tied in management companies and any type of oversight group can be held responsible. They have covered that loophole.
ePHI Electronic Personal Health Record Information Breach Examples.
Phones, tablets and laptops that have access or contain ePHI (electronic personal health record information) are sitting ducks for potential fines. A laptop in the back of a healthcare worker’s car or contracted hospice that is stolen is a breach. The same thing for any device. In the past, we have been aware of fines from DPH. HHS OCR itself is managing this piece and doing the fining. And they aren’t just $100,000 fines but rather 5-10 times that amount, sometimes into the millions. In today’s world, every aspect of ePHI (electronic personal health record information) must have elaborate security provisions for not only us, but all of our vendors.
ePHI Electronic Personal Health Record Information Breach Experts.
I’ve been working with OASIS Technology for many years. OASIS have created their new black hole technology literally sucking all of the bad guys into a black hole. Oasis Technology have been working and contracting with large corporations and government entities for many years on security and privacy provisions. CMS have ruled emergency preparedness requirement for healthcare providers against cyber attacks. See the link below. It’s very easy to do today or a nightmare to fix tomorrow. You know our saying in health care, if you don’t take the time to exercise today, then you will need to take the time to be sick tomorrow. The same is true for cyber attacks. If you don’t protect yourself today, you will need to be able to spend enormous amounts of time and money tomorrow. We need systems in place yesterday. Go to http://www.ipstitan.com/ or call (805) 445-4833. Let them know you heard about them from us.