Encryption, Encryption, Encryption

After all of the recent issues with Ransomware and other cyber-attacks in the healthcare field, paying attention to the details can be overlooked at your peril. In my home state of Alabama, a laptop was stolen from a vendor to CVS Health. This laptop, for some unexplained reason, had Protected Health Information (PHI) on it. Of course, it was not encrypted, as per CVS network policy, so somebody had a field day with people who used a certain Pharmacy in Shelby County (Birmingham South Suburban). Their so-called private information was not, and now the company has to inform those on it, and presumably make amends for this.The laptop contained information about customers who have had prescriptions filled at the CVS store at 8370 Highway 31 in Calera, the company announced Monday. The laptop was stolen from the vendor and reported to the Indianapolis police department (Kelly Poe, 2016, para. 2).Interesting tidbit here is that it was reported to a police department over 500 miles away from the “scene” of the crime. A later version of the story said it happened at the unnamed vendor’s locale, which is not the CVS in question.

  • This has HIPAA written all over it.
  • Ignorance is not bliss.
  • Compliance is not limited by company size.

Kelly Poe. (2016, April 18). Alabama CVS’ patient information at risk after laptop stolen. AL.com. Shelby County AL. Retrieved from http://www.al.com/business/index.ssf/2016/04/patient_information_at_risk_af.html

EHR vendors, you’re not only next, but now.

This blog and other places have discussed the recent publicity about Ransomware and how hospitals cope with it, some better than others. What they really want is the Electronic Health Records that are employed in such environments. EHR are very personal and specific. Add the web-based nature of exchange and that is manna to a hacker because they can “hit once, effect many”. Mark Menke, security expert and CTO of Network DLP at Digital Guardian remarked: The financial incentives associated with EHR adoption encourage healthcare providers to roll out bare-bones systems without the infrastructure to back them u(Lisa Hoover McGreevey, 2016).
 
  1. HIPAA has very specific rules regards data security and the chain of command. Ignore this at your peril.
  2. Virtually all data in an EHR is valuable, some parts more than others. It is the cyber security specialist along with the practice IT staff or consultants to know the difference. Ignorance is not bliss here.
  3. Encryption, Digital Rights Management (DRM), Single Sign On (SSO), and other technologies are your gateway to mitigating the attacks that will come.
  4. Backups, Backups, Backups. The size of the organization will determine how often this is done; Real-time on-site/off-network and hourly off-site is a good place to start.
(Mark Menke, 2016).

Continue reading

Telemedicine

Using most available measures, there are three Pharmacy chains that matter, 2 of them closer to pure plays in the sector. Walgreen’s is the largest, CVS is not far behind, and of course, Wal-Mart. CVS is the one making the most noise and expansion of technology with Telemedicine availability inside their Minute Clinic locations. The latest is the famous Cleveland Clinic coming on board in Ohio. When a patient enters a Minute Clinic, a Nurse Practitioner evaluates the situation and if they need further consultation, the links become active in a few minutes at an additional cost of $50 over the office visit (Katie Dvorak, 2016b, para. 2–3) Locally in Charlotte, 27 locations in the Metro, which include Target stores. All but two stores in the area have an affiliation with Carolinas Healthcare System, the dominant system in our area. The partnership locally has been active for five years, but no sign of telehealth that can be found or promoted.

According to a report from the Center for American Progress, telehealth is “high quality and cost saving” which grinds to a halt such progress is arcane state laws and licensing requirements. Only New York and the Capitol Region of Maryland, Virginia, and Washington DC allow reciprocity (Katie Dvorak, 2016a, para. 2–3). The mind is boggled when living on the border of two or more states that each doctor has to stay on their side. Not enlightened in the least. Then there is the matter of paying for all of this. As mentioned in the previous paragraph, the extra fee may be a showstopper for most, even with insurance. Seems to be agreement on the merits; most aspects encounter bumps early in the product/service cycle and this is no exception. As with most facets of healthcare, geography plays an out sized role in quality of care and coverages available to their populations. As of February 2016, 29 states and the District of Columbia have laws for private payer policies for telehealth, and 23 states have parity laws that require insurers to cover telehealth services at the same rates as in-person services (Zeke Emanuel, Joshua Sharfstein, Topher Spiro, & Meghan O’Toole, 2016, pp. 40–41).


Bibliography

Katie Dvorak. (2016a, April 13). CAP: Telemedicine licensure, reimbursement issues states must address. Retrieved April 14, 2016, from http://www.fiercehealthit.com/story/cap-telemedicine-licensure-reimbursement-issues-states-must-address/2016-04-13

Katie Dvorak. (2016b, April 13). Cleveland Clinic to work with CVS on MinuteClinic telemed services. Retrieved April 14, 2016, from http://www.fiercehealthit.com/story/cleveland-clinic-work-cvs-minuteclinic-telemed-services/2016-04-13

Zeke Emanuel, Joshua Sharfstein, Topher Spiro, & Meghan O’Toole. (2016, April). State Options to Control Health Care Costs and Improve Quality. Center for American Progress. Retrieved from https://cdn.americanprogress.org/wp-content/uploads/2016/04/07050836/CostContainment-report.pdf

Your Next Fitness Wearable could be a Patch

This article was in my archives from last year but not published. Because of my refocus on this blog with a current healthcare focus, sharing with the audience is not a bad thing. Since this was originally published last year, I have yet to find any follow ups on this topic.

[embeddoc url=”https://herbied.edublogs.org/files/2016/04/Thenextevolutionoffitnesswearables.html_-1315pcx.pdf” viewer=”google”]

PGT Trucking tests headset with sensors for driver fatigue

This is so cool. Can do handsfree and alert to driver fatigue, the main culprit behind a fatal LCV accident in Charlotte

PGT Trucking, a 1,100-truck carrier with flatbed operations is testing fatigue monitoring technology from Maven Machines.

Source: PGT Trucking tests headset with sensors for driver fatigue