We've moved!
Our new address is:
3079 Crossing Park
Suite E
Norcross, GA 30071
We are all settled in our new offices and invite you come to our Open House on April 20, from 11:00-2:00. We will have a representative of the Georgia HITREC (Regional Extension Center) available to talk with practice managers and physicians who attend. We hope you can join us!
Mary |
|
|
HIPAA and Meaningful Use
 Medical Practices have been faced with HIPAA regulations since 1996, and most are aware that several hospitals have faced huge fines for not meeting HIPAA. To date, however, Medical Practices had not felt the sting of an HIPAA audit and it seemed that publishing their HIPAA policy and taking reasonable steps to maintain patient privacy would keep it that way. However, with the advent of Meaningful Use, proof of a stricter adherence to HIPAA now demands much greater attention and creates a increased potential for audit.
The Stage 1 Core Objectives of Meaningful Use require that a practice "Conduct a risk analysis per 45CFR164.308(a)(1)". According to John Brewer, founder of HIPAAaudit.com, this requirement actually includes four areas of concern. Not only must a practice perform a risk analysis, they must also include risk management (with reference to 164.306(a), a Sanction Policy and an Information System Activity Review (EMRandHIPAA.com, 3/9).
The Information System Activity Review is actually the easiest to accomplish, as a Meaningful Use certified EHR will produce a report that covers most of this requirement. Practices must still implement procedures to regularly review records of information of system activity, such as audit logs, access reports, and security incident tracking reports. (Jones, HIPAA.comhttp://www.hipaa.com, 2009). Ed Jones of HIPAA.com reminds us that practices must regularly review information system activity for inappropriate use or security incidents, such as unauthorized disclosure. A certified EHR will have built-in reporting functionality that will facilitate the review requirement. Practice Managers must ensure that their EHR vendor provides instruction in utilizing automatic reporting functionality, establishing audit logs and access reports, and identifying and tracking security violations. As part of the risk analysis, and in preparing security policies and procedures, the practice should identify information and reporting requirements for:
v Creating audit log entries.
v Safeguarding all written documentation, including policies and procedures.
v Establishing safe storage requirements for maintaining written documentation and for backup of electronic documentation for at least six years.
John Brewer notes that the practice will also "need to ensure" that users are set up correctly. For instance, each user must have a specific login and have access only to those areas "appropriate for their position" (Brewer, EMRandHIPAA.com, 3/9). This is often referred to as "role-based security," and should be clearly defined during the EHR implementation.
LAN Systems can assist with your storage and backup requirements. Feel free to contact us for more information on the Information System Activity Review. We will discuss the remaining areas of the Meaningful Use security requirements in upcoming newsletters. |
|
GA-HITREC Update
As the date arrives when Medical Practices can attest to Meaningful Use and qualify for their incentive Medicare dollars, GA-HITREC continues to register physicians to their program to provide free services around achieving Meaningful Use and participation in their EHR purchasing agreement. For practices that do not currently have a certified EHR, these services focus on a Ten-Step Program to become Meaningful Use compliant. A GAP Analysis will be conducted for practices that have a certified EHR, with specific direction on the steps that need to be taken for a provider to reach Meaningful Use.
Regardless of which category a practice falls, HIPAA (Health Insurance Portability and Accountability Act) compliance has become a major issue in reaching Meaningful Use attestation. As the REC strives to provide tools that assist in satisfying the HIPAA requirements within Meaningful Use, most practices will find they have a great deal of work to do to satisfy this criteria. To assist in this effort, we will begin a series of articles focused on HIPAA and Meaningful Use. |
|
Protecting Your Computer From Malware
Each year the damages from computer malware cost US businesses billions of dollars. These costs are not only in lost productivity, but permanent loss of critical business data. Arguably, most if not all infections are preventable with the proper understanding, training and protection. Don't be the next victim, take the steps now to ensure protection and recovery if the worst should happen.
First, let's understand computer malware. Often the term virus is used to describe all malware. Technically speaking, there are viruses, rootkits, Trojan horses, worms and spyware. The attack method may differ but they are all malicious.
A virus is a program that runs itself and replicates itself. It can affect files or the boot sector and can delete all your data. The "Melissa" and "I Love You" viruses gained global attention.
A rootkit or Trojan horse allows access to your system without your knowledge. Often they look like a useful piece of software but in fact they are back or trap doors.
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes. Once on the system, worms do not need to attach to another program and can run themselves. Worms cause a denial of service attack making the network unusable. In general, worms target the network and viruses attack files.
Spyware is computer software that is installed on a personal computer to intercept or take control of the PC. Spyware can hijack a computer and cause serious problems by gathering and transmitting personal data, loading undesirable software or redirecting browsers to malicious sites.
Protecting yourself -
- Have a good backup, just in case you need to restore
- Use a firewall
- Keep your system updated with the latest security patches
- Install and update anti-virus and anti-spyware software (see below for choices)
- Do not open email from anonymous, unknown or suspicious sources
- Do not download files or software from anonymous, unknown or suspicious sources
- Do not navigate to suspicious or promiscuous websites
- Regularly scan your system for malware (see below for choices)
- Worth repeating - be sure that you have a good backup so that you can restore your full system if needed
- If you think you have been attacked, act quickly to isolate the infected computer and remove the malware.
You can purchase anti-virus and malware protection or there are many free versions for home users. For anti-virus, AVG, Avast and others have free versions. For corporate anti-virus, our choice is Symantec Endpoint. It provides a high-level of protection and is designed for a corporate environment. For malware, we like Malwarebytes (personal or corporate edition) and Advanced System Care. With so many choices if you like one better, use it. The important point is that you have to have malware/virus protection.
Use a three prong approach to keep your system safe: educate, protect, monitor. Try to understand the types of threats to your computer. The more educated and informed, the better you can protect your system. Monitor for threats and scan your system often. If it looks suspicious, don't open the email, go to the site or download the file or software.
Please be watchful of the sites you visit, the software you download and the email you open as the threats to your system change daily.
For added protection, use Microsoft Security Essentials. Take a few minutes to update your system and if you have questions or need help, please feel free to contact us at 770 662-0312 or HelpDesk@lansystems.com. |
|
|
|
|
| eNewsletter for the Health Care Community |
 |
 |
Technology Solutions and Services for the business side of medicine
EHR and Practice Management
Consulting
Setting solution goals
Functionality requirements
System selection
Implementation planning
Ongoing technology review
Virtual Chief Technology Officer (vCTO)
Virtual Chief Technology Officer expertise to align practice and IT strategy
Set IT goals
Manage IT costs
Plan for growth
Architecture Review
Assess system needs
Define objectives
Recommend upgrades
System Installation
Hardware implementation
Software implementation
LAN / WAN Design & Integration
Turn key installation and testing
Support Services
Packages that bundle on-site and remote support with HelpDesk to provide comprehensive service level agreements
Help Desk support (remote access/phone support)
24 x 7 maintenance contracts
Hardware & Software support and troubleshooting
Printer repair
Internet Solutions
High Speed Business Internet Access
Business Email
Web design & hosting
Wi-Fi HotSpots
Emergency Services
Server, network, hardware
Business critical software | |
