In a story covered on about HIPAA Breach in Healthcare IT News this week, the HHS Office for Civil Rights settled with two organizations for just under a combined $2 million this week after it was discovered that both had PHI-containing unencrypted laptops stolen. As OCR deputy director of health information policy Susan McAndrew pointed out, the large fines are meant to drive home the
point that unencrypted laptops and mobile devices pose significant risks to patients and must be corrected.The first and bigger of the two fines was levied against Concentra Health Services when it was discovered that an unencrypted laptop was stolen from one of its facilities. OCR made a particular note of the fact that Concentra, through a series of risk analyses over a period of years, had been put on notice that it was allowing patient information to be shared on unencrypted desktop computers, tablets, and mobile phones. Instead of correcting these deficiencies through a documented remediation plan, however, Concentra allowed the bad practices to continue despite the known Security Rule violations. In the end, OCR fined Concentra over $1.7 million for the breach and forced the healthcare organization to adopt a corrective action plan and work with HHS to fix the known issues.“Our message to [healthcare] organizations is simple,” McAndrew said. “Encryption is your best defense against these incidents.”
We’ve argued on this blog about how important mobile device encryption is for a healthcare facility, and the Concentra incident only bolsters our stance. That said, implementation issues are always a concern for a healthcare IT executive, which could explain why healthcare organizations are slow to adopt technologies such as Encryption and Secure Texting that could potentially take millions of dollars of risk off of the table.
Nevertheless, when the implementation is as easy as installing an encrypted mobile application on the phone and writing a policy requiring providers to only send PHI through that channel, an administrator’s job is just about done. In an age of dramatically increasing federal fines, it’s too easy to have a provider lose a mobile device and trigger a full-blown OCR investigation. Encrypt your endpoints and avoid being front page news.
With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
AllianceChicago, a national network of more than 70 community health centers (CHCs) across 19 states, today announced the publication of a quality improvement-focused article titled “CHEC-UP: A digital intervention to reduce disparities in well-child and immunization completion in community health” in Telehealth™ & Medicine Today. The project focus was made possible with the donation of QliqSOFT’s Quincy artificial intelligence (AI)-powered chatbots.
The journey of the specialty pharmacy patient is a complex and expensive process, as most any hub services participant knows. It starts when the patient is diagnosed with a life-changing chronic or complicated condition and the pharmacy receives the order for a specialty drug.
When thinking about a healthcare emergency preparedness plan, how much does compliance matter in your disaster communications? If your organization is in the throes of a power outage from heavy storms or a cyber attack that’s left your network down, thoughts of compliance may not be top of mind.