Health Information Compliance Alert
ONC Wants Your Opinion on Improving EHRs
PDF
Plus: Malware incident impacts over 500,000 patients. Though the recent statistics suggest most physicians and hospitals are on board the EHR-implementation train, problems still remain that impede practice workflows. The HHS Office of the National Coordinator for Health Information Technology (ONC) is offering a way for interested stakeholders to be part of the federal changes to Certified EHR Technology (CEHRT). The initiative, titled “ONC’s Easy EHR Issue Reporting Challenge,” hopes to “help EHR users identify, document, and report a potential health IT safety issue when it happens,” says Andrew Gettinger, MD, ONC Chief Medical Officer in a blog post. The end-goal is to inform and improve, making EHRs more efficient and easier to use. The submission deadline is Oct. 15, 2018. To read Dr. Gettinger’s blog post with links to sign up for the challenge, visit www.healthit.gov/buzz-blog/electronic-health-and-medical-records/a-new-challenge-competition-can-you-help-make-ehr-safety-reporting-easy/. In other news… A Baltimore-based healthcare provider disclosed a major malware attack and subsequent HIPAA breach that it had uncovered from 2016. The HHS Office for Civil Rights (OCR) wall of shame highlighted the Maryland organization’s results: the exposure of the protected health information (PHI) of 538,127 individuals. “On March 18, 2018, we discovered that malware infected the servers that hosts LifeBridge Potomac Professionals electronic medical record, and LifeBridge Health’s patient registration and billing systems,” stated a LifeBridge press release on May 16, 2018. “We immediately began an investigation and engaged a national forensic firm. Our investigation determined that an unauthorized person accessed the server throughLifeBridge Potomac Professionals on September27, 2016.” The healthcare organization added, “The information potentially accessed may have included patients’ names, addresses, dates of birth, diagnoses, medications, clinical and treatment information, insurance information, and in some instances, social security numbers.” Currently, LifeBridge Health maintains that no nefarious circumstances or activity has resulted yet from the cyber attack and stolen PHI. Read the release at www.lifebridgehealth.org/Main/SecurityIncident.aspx.
Health Information Compliance Alert
- Case Study:
Make the Physical Security of Your Office a Priority
Break-ins happen more than you think. The majority of HIPAA breaches are due in part [...] - Manage HIPAA Security with These Low-Cost Basics
Even the way you set up your office infrastructure can deter thieves, OCR says. It’s [...] - Compliance:
Get the Facts on BA Agreements
Tip: Thoroughly investigate your CSP to ensure a record of HIPAA compliance. The protection of [...] - BAAs Aren't Always the Answer
Contracts differ according to the access and disclosure levels of PHI. Many of the people [...] - Toolkit:
Prep BAs with 4 Tips for HIPAA Security Success
Advise your business partners on the telltale signs of a cyberattack Your business associates (BAs) [...] - Reader Question:
Use Diverse Techniques to Get the Best Risk Analysis
Question: Our midsize practice did a HIPAA risk analysis last year. At our last team [...] - Enforcement News:
ONC Wants Your Opinion on Improving EHRs
Plus: Malware incident impacts over 500,000 patients. Though the recent statistics suggest most physicians and [...]