Contact the Site Administrator
Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, May 2015
Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data
Activity Monitoring must be part of a security footprint in healthcare organizations. For the first time, criminal attacks are the #1 cause of data breaches.This percentage is up 125% compared to five years ago.
Criminal activity is part of everyday business in healthcare: 65% of healthcare organizations and 87% of BA’s report electronic health data based security incidents in the past two years. Many healthcare organizations believe that they don’t have adequate funding to combat this.
Over the past five years, the most often reported root cause of breaches moved from stolen computers to criminal attacks, and employee negligence remains a top concern.
Trends in Privacy & Security – 2010 - 2015
Root Causes of Data Breaches in Healthcare Organizations
|Lost/stolen computer devices
|Unintentional employee action
|Technical System glitch
Assessing Risks after a Security Incident
50% of healthcare organizations assess risks following a security incident.
|Ad hoc process
|Automated process or software tool
|Incident response management platform
|Engage 3rd parties
10 Weeks to ICD-10 Hands-on Workshop Training - May 15 to July 17
10 Weeks to ICD-10 Hands-on Workshop Training
Starting May 15th, e2o Health will launch a paid 10 Weeks to ICD-10 Hands-on Workshop series. These workshops will help providers complete the tasks necessary to roll-out ICD-10 by October 1st, 2015. They provide:
- Action Oriented ICD-10 Planning through a Project Management tool
- A dedicated project manager assigned for 10 weeks of support for your ICD-10 transition effort
- 10 hours of consulting outside the 10 weeks of Hands-On workshops
- 5 hours for documentation impact assessment
- 5 hours of Project Management Support
First session May 15th to July 17th
The cost for EARLY BIRD SPECIAL is $2000 if you sign-up by May 15th.
To sign up for the 10 Weeks to ICD-10 Hands-on Workshop training, call (800) 409-0096 extension 102 or 212.
The 10 Workshop sessions are designed to complete ICD-10 implementation within 10 Weeks.
- Project Planning for ICD-10 Migration
- Monitoring Progress by surveys and assessments
- Impact Assessment
- Chart Auditing
- Create education flashcards and favorites lists for staff
- ICD-10 Hands-on Training
- Assistance in testing claims to payers and Clearinghouses
- Prepare you to lead the ICD-10 implementation
- Online subscription to ICD-9 to ICD-10 Conversion Tool
- Access to various Tools and Templates for ICD10 Transiti
Five More Facts about ICD-10
Five More Facts about ICD-10
Last week, the Centers for Medicare & Medicaid Services (CMS) shared five facts dispelling misperceptions about the transition to ICD-10. Here are five more facts addressing common questions and concerns CMS has heard about ICD-10:
- If you cannot submit ICD-10 claims electronically, Medicare offers several options.
CMS encourages you to prepare for the transition and be ready to submit ICD-10 claims electronically for all services provided on or after October 1, 2015. But if you are not ready, Medicare has several options for providers who are unable to submit claims with ICD-10 diagnosis codes due to problems with the provider’s system. Each of these requires that the provider be able to code in ICD-10:
If you take this route, be sure to allot time for you or your staff to prepare and complete training on free billing software or portals before the compliance date.
- Free billing software that can be downloaded at any time from every Medicare Administrative Contractor (MAC)
- In about ½ of the MAC jurisdictions, Part B claims submission functionality on the MAC’s provider internet portal
- Submitting paper claims, if the Administrative Simplification Compliance Act waiver provisions are met
- Practices that do not prepare for ICD-10 will not be able to submit claims for services performed on or after October 1, 2015.
Unless your practice is able to submit ICD-10 claims, whether using the alternate methods described above or electronically, your claims will not be accepted. Only claims coded with ICD-10 can be accepted for services provided on or after October 1, 2015.
- Reimbursement for outpatient and physician office procedures will not be determined by ICD-10 codes.
Outpatient and physician office claims are not paid based on ICD-10 diagnosis codes but on CPT and HCPCS procedure codes, which are not changing. However, ICD-10-PCS codes will be used for hospital inpatient procedures, just as ICD-9 codes are used for such procedures today. Also, ICD diagnosis codes are sometimes used to determine medical necessity, regardless of care setting.
- Costs could be substantially lower than projected earlier.
Recent studies by 3M and the Professional Association of Health Care Office Management have found many EHR vendors are including ICD-10 in their systems or upgrades—at little or no cost to their customers. As a result, software and systems costs for ICD-10 could be minimal for many providers.
- It’s time to transition to ICD-10.
ICD-10 is foundational to modernizing health care and improving quality. ICD-10 serves as a building block that allows for greater specificity and standardized data that can:
- Improve coordination of a patient’s care across providers over time
- Advance public health research, public health surveillance, and emergency response through detection of disease outbreaks and adverse drug events
- Support innovative payment models that drive quality of care
- Enhance fraud detection efforts
Keep Up to Date on ICD-10
Visit the CMS ICD-10 website for the latest news and resources to help you prepare. Sign up for CMS ICD-10 Industry Email Updates and follow us on Twitter.
Get Ready for October 1, 2015
I’m on the #RoadtoICD10. Get ready for Oct 1, 2015. #ICD10 http://cms.gov/ICD10
Six Best Practices for Protecting ePHI from SANS Security Model
SANS security model provides a good framework for protecting, storing and transmitting ePHI-focus on security.
HIPAA compliance does NOT equal a plan for secure PHI.
SANS Security Model Best Practices
Six best practices for securing ePHI using the SANS Security Model and HIPAA Compliance:
- Defensive Wall 1 - Proactive Software assurance
- Application security skills assessment and certification
2. Defensive Wall 2 - Blocking Network-Based Attacks
- Intrusion Detection System (IDS/IPS), Firmware (FW), Mass Storage System (MSS)
3. Defensive Wall 3 - Blocking Host-Based Attacks
4. Defensive Wall 4 - Eliminating Security Vulnerabilities
- Vulnerability management, Patch management, Penetration testing
5. Defensive Wall 5 - Safely Supporting Authorized Users
- Encryption, Virtual Private Network, Data Loss Prevention
6. Defensive Wall 6 - Tools to Manage Security and Maximize Effectiveness
- Log management, SIEM, Training, Forensics