Managed File Transfer: Preventing Healthcare Identity Theft

17 06 2010

In a recent report by the Smart Card Alliance entitled, “Medical Identity Theft in Healthcare,” the study sites that, “Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services budget.” In 2009 alone, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk according to the Identity Theft and Resource Center (ITRC).

Paper records are no longer acceptable for your organization.

The American Recovery and Reinvestment Act (ARRA) and the associated provisions under the Health Information Technology  for Economic and Clinical Health (HITECH),  have highlighted the need to address security and privacy across our healthcare system.

The report goes on to state that “the way to stop medical identity theft confusion is to improve patient identification and provide enhanced data production through strong authentication and encryption.” How can a healthcare organization achieve this? B2B Managed File Transfer. Protection of patient information does not happen just inside the four walls of your organization. Think of the providers, health record banks, health insurance and hospital Web portals.

The key is two-factor authentication and data encryption. Are you employing these security methodologies at your organization?


P2P Networks Vs. Managed File Transfer

18 05 2010

In a recent ComputerWorld’s, “P2P networks a treasure trove of leaked health care data, study finds,” the article states, “that nearly eight months after new rules were enacted requiring stronger protection of healthcare information, organizations are still leaking such data on file-sharing networks. In a research paper to be presented today at the IEEE Security Symposium, the findings include thousands of documents containing sensitive patient information on popular P2P networks such as Limewire, eDonkey and BearShare.  Further research by Eric Johnson, a Dartmouth college professor, finds that “one of more than 3,000 files discovered by researchers was a spreadsheet containing insurance details, personally identifying information, physician names and diagnosis codes on more than 28,000 individuals.” At a time when a person’s private healthcare information (PHI) is coming under closer scrutiny due to the Health Information for Economic and Clinical Health (HITECH) Act, it seems surprising that these P2P networks are still in use.

The problem with P2P software is that it is usually improperly installed on a computer that contains sensitive data.  While the use of the P2P software might be as benign as sharing music and video files, if installed improperly, the P2P software makes all data on the computer visible. Healthcare is not the only industry that has been burned by this issue – businesses and government alike face the same problem. So how do you securely share movies, music, photos and other files without jeopardizing the security of sensitive information? Ad-hoc Managed File Transfer. Similar to P2P networks ad-hoc managed file transfer solution enables you to send large files up to 2GB without disrupting sensitive data that may be on your machine.

Moreover, due to the secure nature of Managed File Transfer, you can send proprietary, confidential or sensitive information and not just large files. The ability to send messages and files securely with the ability to track when the recipient has received the message or file, gives the end user more control over how they send information and gives businesses, healthcare organizations and the government a secure person-to-person file sharing tool that prevents the leak of private information.

EHR Systems and Integration: Preparing for HITECH

15 02 2010

An important characteristic of any proven EHR solution is the ability for integration. Can the solution you choose integrate with your current applications: clinical solutions, back-end office applications, revenue cycle solutions, etc? An EHR solution should work within your existing workflow and minimize complexity caused by increased automation, various Web services and governance requirements.

Can Your EHR System Integrate into Other Systems?

The single most important aspect to successfully implementing a secure EHR system is ease of use. If the solution is too difficult for end users from any and every department within your HCO, it will not be utilized.  End users will look for a way to circumvent your secure solution if it is too complex and takes them away from completing their daily tasks.

With end users in mind, you should be cognizant of what departments within your organization will need to use your secure communications solutions and how. Like HIPAA, the HITECH Act includes PHI as well as name, Social Security number, address and insurance account numbers. This affects almost every department within and outside your organization, including:

  • Partnering healthcare networks
  • Physician services
  • Health information management
  • Patient financial services
  • Patient access/registration
  • Radiology
  • Ancillary departments

How does your healthcare organization secure data at every department?

HITECH – Show Me The Money!

19 01 2010

The pressure is on to automate clinical processes and exchange information electronically, and to do so in a secure environment. The negative impact of a data breach potentially outweighs government early adopter incentives and non-compliance fines.  With data breaches making headlines at an increasing rate, healthcare organizations face intense media scrutiny, customer churn and a tarnished reputation.

According to the Ponemon Institute’s report, “The 2008 Annual Study: Cost of a Data Breach”, breaches are costly events for an organization; the average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million. Cost of lost business continues to have the highest financial impact with 69 percent of total data breach costs attributed to customer churn.

Conversely, HCOs stand to gain serious money by proving HITECH (The Health Information Technology for Economic and Clinical Health Act) compliance. Each physician will receive $44,400 a year for three years if they can prove they have completed an electronic data exchange to another entity. Early adopters of “meaningful use” of EHR systems will be the first to benefit from the government stimulus money. Non-adopters will be subject to penalties and fines up to $1.5 million if they fail to meet compliance requirements.

Help me. Help you.

HITECH Act: New Data Security Rules for Healthcare

2 11 2009

In a recent NetworldWorld article, entitled, “HITECH Act: What you need to know about new data-breach guidelines,” the focus is on the increasingly strict punishments and fines on organizations that “stumble” in protecting personal heath information (PHI). The new law was passed by Congress in February and is now coming into enforcement by the U.S. Department of Health (HHS) and the Federal Trade Commission.

Fines will range as low as $100 per violation to up to $1.5 million or more for knowingly and willfully violation of data breach rules. The HITECH Act covers healthcare providers, insurers, clearinghouses and also business partners handling personal information regarding individual health records. Other protected information includes names, Social Security numbers, address and insurance account numbers.

While the full scope of the law is yet to be revealed, companies in healthcare and related industries, need to comply to this rule in 2010. The big mandate is encryption.  Organizations are going to have to encrypt effectively among business partners.

Are you ready for the HITECH Act? For more information on the law, please visit: