94% of Healthcare Not Ready To Comply With Security Regulations

Recent surveys have shown that 94% of Healthcare organizations are not ready to comply with the government’s r3egualtions that will be enforced in February.  This comes from the HITECH Act, which extends the HIPAA security and privacy safeguards and will enforce more penalties, fees and audits.

Most hospitals know that there are deficiencies in their privacy and security areas for HIPAA.  The problem is they don’t have the budgets to get up to compliance with the HITECH Act right now. 

With 79% of the Healthcare community not having an independent assessment or audit program in place to determine how adequate things are in their system.  57% of the Healthcare community said they have known deficiencies concerning privacy or security or both.  Only 29% have said they haven’t had any deficiencies.

Most Healthcare organizations have had one or more breaches of security in which protected health information was stolen in the past two years.  90% had a breach of at least one protected health record.

No management support is the reason for 55% of the slow compliance goals. 

60% of organizations say they have only partially implemented a risk-based program for protecting the privacy of PHI (protected health information).

50% don’t have adequate staff training for privacy and security.

45% say they haven’t effectively developed a privacy policy that clearly summarizes appropriate use and sharing of PHI.

50% said they may need assistance from a third party to conduct a detailed risk assessment.

45% need outside support for staff training

42% will need assistance in implementing procedures for fielding complaints.

39% will rely on the help in developing the privacy program.

These numbers are alarming given that they need to be compliant in only a few months! 

Let RedLegg help get you get compliant with our Managed Services to help you save money and time!!!

How can hospitals increase revenue by $10 million a year?

GET them out of the door faster…

Article provided by Nortel..

Nortel Upgrades Patient Discharge Solution with Referral and Placement Capabilities

 

Streamlines Process of Discharging Patients to other Healthcare Facilities

April 7, 2009
CHICAGO – Nortel* [TSX: NT | OTC: NRTLQ] announced a significant upgrade to its Patrient Discharge Solutioin healthcare providers. The new feature -Patient Referral and Placement – allows hospitals to streamline the process of discharging a patient to another care facility such as a rehabilitation hospital, nursing home or hospice, and to obtain medical equipment for the patient. This addition to Nortel’s Patient Discharge Solution can help hospitals realize better patient flow management, reduced bed turn over time and increase the number of patients they can treat.

“Our Heathcare Solutions use powerful unified communications technologies to accelerate and automate the clinical processes,” said Sanjeev Gupta, general manager, Healthcare Solutions, Nortel. “The results are solutions that are specifically designed to work within the clinical environment to enhance business results through faster patient discharge, better patient care, improved clinician/equipment productivity and increased patient/staff satisfaction.”

In one customer example,  Orlando Health a Nortel solution yielded savings of up to four hours per patient in discharge and bed turn over time. The solution employs computer-integrated telephony and IVR technology to automate the entire discharge process – from physician consent, to prescriptions, to housekeeping and the wheelchair ride to the front door. Nortel projects that by using the Patient Discharge Solution, one 1,700 bed hospital can achieve a better than $10 million revenue increase in the first full year of implementation.

“We have worked closely with Nortel to develop a solution that truly delivers tangible benefits to our business,” said Rick Schooler, vice president and chief information officer, Orlando Health. “The Patient Discharge Solution enables prompt approvals from physicians regarding a patient’s discharge status, which relieves nurses from playing phone tag. It also helps us to promptly initiate multiple departmental activities that enable a more timely discharge, thus helping to reduce costs at the end of the patient stay and improve bed utilization. Patients return home sooner, and we’re more efficient.”

Nortel teamed with Authentidate Inscrybe Healthcare  to integrate Inscrybe’s Healthcare Information Exchange functionality into the existing Nortel Patient Discharge Solution. Discharging patients into post acute-care facilities is traditionally a labor and time intensive process for hospitals. Often it requires multiple phone calls and correspondence before a patient can be transferred from one care environment to another. With Patient Referral and Placement, hospitals can increase efficiency and reduce these costs by more than 80%, according to Inscrybe Authentidate research.

“The marriage of Nortel’s technology with our solution is a win-win for the healthcare community,” said Cecilia Panozzo, director, Business Development, Authentidate Holding Corporation, parent company of Inscrybe Healthcare. “Now, hospitals can discharge a patient into a new care facility as easily as if they were sending them home, reducing costs and freeing up beds for new patients more quickly than ever before.”

Nortel has nearly 7000 healthcare customers in North America. To learn more, visit the company’s booth #4408 at HIMSS09 in Chicago April 5-8. In addition to the upgraded Patient Discharge Solution, Nortel will also feature other healthcare-specific products, as well as unified communications and networking solutions that hospitals and healthcare providers are using around the world to connect their people, systems and applications together.

HITRUST releases proposed security framework

By Anne Zieger

In recent times, you have most likely read about requirements for health IT security, including a new requirement from the FTC that since healthcare providers are creditors, they need to have identity theft policies in place by next year.

Now, in an effort to make implementing these protections simpler, on top of other security efforts, a group of large healthcare companies is attempting to create a set of security practices that can be standardized. The standards, which were just released in draft form from the non-profit Health Information Trust Alliance LLC (HITRUST), are the work of the nine large healthcare organizations that created the organization. 

The HITRUST Common Security Framework (.pdf)  includes a broad framework and three separate components. These include an information security implementation manual addressing common standards like HIPAA, NIST SPS 800, ISO/IEC 27799 and COBIT 4.1; a tool cross-referencing HITRUST standards with well known standards and regs from other groups; and a readiness toolkit.

If this looks good to you, prepare to make a big investment, as single-entity licenses are $8,500 and enterprise-wise licenses are $31,000.

To learn more about the new draft standards:
- read this Wall Street Journal piece (reg. req.)

HealthCare Hackers

Black-hat hackers have been a threat to business for as long as there’s been something worth stealing. Where healthcare is concerned, the most valuable prize has usually been medical or credit data, sometimes both, particularly if the patient was rich or famous.

These days, it seems healthcare providers are looking at a new wrinkle in the hacker-hackee relationship. In short, it seems there’s a new breed of crook focused tightly on stealing medical identity. As this week’s story on Express Scripts suggests, these criminals are well aware that people’s medical identities are valuable assets for several reasons, including:

* Someone can pile up big bills in your name if they steal that name.

* You can’t get the right care if your medical data is incorrect or references the wrong person.

* Your medical record often contains important financial information.

Brazen attempts at extortion like the one engaged in by the Express Scripts attackers isn’t likely to become a standard approach. After all, it’s much riskier to play cloak and dagger like that than it is to quietly, quickly steal identities and resell them to an equally unscrupulous third party. However, given the stakes involved, you can expect to see other forms of high-visibility crime take place around medical identity data.

As this type of crime becomes more common, the healthcare IT department, not to mention finance and medical records, may face some new precautions. For example, physical security may have to get tougher if people are willing to make million-dollar threats over medical ID data. After all, what is a printout of 500 patients’ data worth nowadays? A lot, clearly.

On the IT side, it may also mean that architectures are going to have to change, particularly if they’re built to assume that financial and medical data must be held under strict security–but that identity information isn’t as vulnerable. As readers know, this can be time-consuming, so brace yourself.

The bottom line is that these nasty customers who steal medical identity data may foster a further shift in how the industry thinks about its data, what needs to be secured and even how (perhaps to using biometrics for all patient transactions).