Recent CBS news coverage around one individual’s medical identity being compromised after his wallet was stolen continues to tell of the frightening trend around health care cybersecurity issues. From medical procedures getting unknowingly charged to an account, to personal information selling on the dark web, the impact of lax protection of health information affects some on a daily basis.

At the time of the airing, industry research uncovered some other staggering statistics:

• 11 million patient records were exposed in 2018, up 25% from the year prior, according to a report from Protenus. In an updated report, Protenus indicates breached records tripled in 2018 vs 2017, with over 15 million patient records breached
• Gary Cantrell, Deputy Inspector General for Investigations, Office of Inspector General (OIG) stated that, at the time, the agency had handled nearly 400 reports of medical data breaches
• This 2017 KLAS report, authored by Garrett Hall and Jon Christensen, showed that only 16% of provider organizations felt they had a fully functional cybersecurity program

Cybersecurity Ventures predicts that ransomware attacks on hospitals will increase by more than 5x between 2018 and 2021. And Modern Healthcare estimated that, if online theft keeps accelerating at the current pace, by 2024 everyone in the U.S. will have had their health care data compromised.

Data breaches are embarrassing and costly, with estimates that a breach can cost health care providers more than $400 per patient.

                                        Initiatives to Protect Patient Records

One initiative underway to combat cybersecurity attacks on health care is the CSA 405(d) Task Group, an industry and government collaboration that began in May 2017. The Task Group is focused on building a set of voluntary, consensus-based principles and practices to ensure cybersecurity in the Health Care and Public Health (HPH) sector.

In December 2018, the Task Group published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).  The goal of the publication is to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the most pertinent cybersecurity threats. The HICP provides guidance on cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.

Legacy data management planning also supports a strong cybersecurity defense. Take stock of potential weak spots within the organization. Outdated systems and too many data silos can be easy entry points for a hacker. Often healthcare providers have 30-40 disparate legacy systems in various states of use and security. Think of each legacy system as a potential door or window. Too many unlocked doors and windows leaves the organization unstable and vulnerable for a cyberattack.

A solid legacy data archive offers a secure and efficient method to batten down the hatches and protect legacy data from cybersecurity breaches while providing ongoing access to the records and compliance with industry record retention standards.

Check out these helpful security-focused resources to start proactively safeguarding the valuable health data in your care:

• 10 privacy and security questions you should ask your future data archiving partner to ensure your data is safe. This is a great resource if your organization is vetting out system decommissioning partners.
• A comprehensive security-focused white paper with numerous suggestions and action steps to consider.

Ready to increase protection of your legacy data from cyber attack? Connect with us.

Greenway Health LLC, an EHR software developer, will pay $57.25 million to resolve allegations in a complaint filed by the United States Department of Justice under the False Claims Act.

The complaint alleges the company:

• Falsely obtained 2014 Edition certification for its Prime Suite product when it concealed from its certifying entity that the product did not fully comply with certification requirements
• Modified its test-run software to deceive the company hired to conduct the certification
• Caused certain Prime Suite users to falsely attest that they were eligible for EHR incentive payments when the company was aware its 2011 version of Prime Suite did not correctly calculate the number of clinical summaries that were required to be provided to patients
• Violated the Anti-Kickback Statute by paying money and incentives to its client providers to recommend Prime Suite to new customers

What does this mean for Greenway Health customers?

The company entered into a five-year Corporate Integrity Agreement (CIA) with the HHS Office of Inspector General (HHS-OIG) that requires:

• Greenway retain an Independent Review Organization to assess the company’s software quality control and compliance systems
• A review of the company’s arrangements with health care providers to ensure compliance with the Anti-Kickback Statute
• Prompt notice to Greenway customers of any patient safety-related issues, and maintaining a customer portal with information about any steps users should take to mitigate potential safety risks
• The allowance of Prime Suite customers to obtain the latest versions of Prime Suite at no additional charge, the opportunity to migrate their data to another Greenway product at no additional charge, or to have Greenway transfer their data to another EHR vendor without penalties or any other fees

If your organization is affected by the Greenway settlement and is investigating a transfer of Prime Suite data, an archive is a good option.  You may find that mapping and migrating all of the historical data from Prime Suite to a new EMR is costly and complex.  Migrating the Prime Suite data to a long-term medical data storage solution, on the other hand, allows you to retain the records simply, securely and affordably.  An archive, like HealthData Archiver^®, will meet state medical record retention requirements.   And, with Single Sign-On archive technology, the Prime Suite records can be easily accessed from the new EMR in the context of the patient record being treated.  A well-planned legacy data management strategy alleviates future IT costs, risks and burdens as platforms come and go.

Contact Harmony Healthcare IT, the makers of HealthData Archiver^®, if you’re planning a Prime Suite system replacement.

Forced fun, also known around offices everywhere as team building, often provokes a collective groan from the very crew you want to motivate. But what happens when you move the opportunity to connect outside of the corporate setting?

It turns out that investing in experiences in untraditional environments leads to more organic bonding, increased employee engagement and, ultimately, maximized operational efficiency.

Recently, Harmony Healthcare IT (HHIT) tested out this concept. Looking to congratulate the team on a great 2018 and energize for an even greater 2019, we went offsite. Michael Jordan references were made, pins were knocked down, hugs were shared, and laughs were had.

And even though it didn’t feel like a day at the office, the knowledge that HHIT is a company that invests in its people will continue to positively impact the days, weeks, and months to come when we’re actually in the office.

Ready to be part of a company that invests in its people? Connect with us.