In This Issue:
  • 4 Things You Can’t Forget for Back-to-School
  • University of Mississippi Medical Center to pay $2.75 million HIPAA breach settlement
  • CEO Note: Is Your Healthcare Record Safe?
  • Tier3MD Tid-Bits: Best Way to Keep Your Network Safe
  • Mergers on the rise as hospitals optimize for value-based care
Contact Us
855-MyTier3 (698-4373) *2204
4 Things You Can’t Forget for Back-to-School
Cleveland Clinic
[Health Essentials from Cleveland Clinic - Medical, health and wellness news, information and insights from Cleveland Clinic’s experts, designed to help people make quality decisions about their healthcare.]

Your child’s school checklist should include health info

[backpack stuffed with supplies]

Backpack? Check. Notebooks? Check. Pens and pencils? Check. Your kid’s health information? Well …

That’s not one to forget. As you make up your child’s back-to-school to-do lists, pediatrician Kim Giuliano, MD , says it’s very important to remember to add up-to-date health information to the mix.

1. Check: up-to-date health records
Dr. Giuliano says before that first school bell rings, parents should call their child’s doctor for current medical records to pass along to school administrators. These include:
  • Current immunizations
  • Signed copy of any sports release forms from a sports physical
  • Sign-off that they’re healthy for participation in physical activity
  • List of your child’s medications and allergies
2. Check: hearing and vision
Dr. Giuliano says most annual checkups for kids include a hearing and vision test, but if your child wasn’t tested, be sure he or she is evaluated for both.

“Hearing and vision problems definitely can impair your child’s learning abilities,” says Dr. Giuliano. “We want to make sure that all of their senses are optimized so they can be as productive as possible in school.”

3. Check: special medical needs
Dr. Giuliano says it’s vital that the school to know if your child has any special medical needs, especially if he or she has: Parents can work with their pediatrician to supply the school with an emergency action plan for potential medical emergencies. The school nurse or the school office personnel will then know what to do if your child gets into trouble.

“It’s also good for them to have a supply of your child’s medication on hand so that they can administer this at the time of emergency, or just at their routine scheduled times if it’s going to be dosed during the day,” adds Dr. Giuliano.

4. Check: the basics
Finally, don’t forget the healthy basics. Healthy kids do better in school, says Dr. Giuliano, so making sure they get plenty of sleep, exercise and good nutrition will go a long way to successful learning.
University of Mississippi Medical Center to pay $2.75 million HIPAA breach settlement

The Office for Civil Rights said that UMMC was aware of security risks as far back as April 2005 but did not take appropriate action.

By Bernie Monegain Healthcare IT News
July 25, 2016
[Mississippi HIPAA breach]

The University of Mississippi Medical Center has agreed to pay a $2,750,000 fine levied by the Department of Health and Human Services Office for Civil Rights to settle several violations of the Health Insurance Portability and Accountability Act.

The breach goes back to March 21, 2013, when UMMC’s privacy officer discovered a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit and notified OCR.

The breach of unsecured electronic protected health information affecting approximately 10,000 people triggered the OCR investigation, which said that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet took no action to avoid it.

[Also: OHSU pays $2.7 million fine to HHS Office for Civil Rights for two HIPAA breaches]

Besides paying a penalty, UMMC also agreed to adopt a corrective action plan to ensure compliance going forward.

“In addition to identifying risks and vulnerabilities to their ePHI, entities must also implement reasonable and appropriate safeguards to address them within an appropriate timeframe,” OCR Director Jocelyn Samuels said in a statement. “We at OCR remain particularly concerned with unaddressed risks that may lead to impermissible access to ePHI.”

OCR’s investigation revealed that UMMC failed on several scores. The university did not implement its policies and procedures to prevent, detect, contain, and correct security violations, nor did it implement physical safeguards for all workstations that access ePHI.

Also, UMMC should have assigned a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI, OCR said.

Moreover, OCR said UMMC should have notified each individual whose unsecured ePHI was reasonably believed to have been accessed, acquired, used or disclosed as a result of the breach.
Is Your Healthcare Record Safe?
I had the pleasure of attending a Technology Association of Georgia (TAG) meeting last week on the Georgia Tech Campus. The meeting was titled: Securing Healthcare and Balancing Compliance, Security and Information Access. Long title, but necessary! Of course, as a healthcare IT professional, this was extremely interesting to me. It helps me answer the constant question on “is your healthcare record safe?” After all this time, I still can’t answer that.

The meeting focused a lot on security. The panel was fantastic. There was a Lawyer, ex-FBI hacker, Hospital CIO, and EMR software owner. Outstanding panel. The brought up some amazing points. Like; who has access to your records? Did you ever stop to think about that? They also talked about how hackers are attacking the healthcare record, and how valuable it is. On the black market, a Personal Information Record sells for around $25 each. a PHI record sells for $200 each. Why the drastic increase? A healthcare record is valuable for not only identity theft, but for drug seeking. Example: An elderly patient has Medicare, and has knee problems. Their health record is stolen. Someone can pose as them, present with knee problems, and obtain strong painkillers. There is also insurance fraud to add on top of that. So really…is your healthcare record safe?

One other thing to consider when thinking about your healthcare record, is that EMR’s were built to share. The whole premise of the government incentives and meaningful use, is to share data. We are struggling to protect data we are trying to share. Hackers are well aware of healthcare software, and the fact that healthcare is 10 years behind the banking industry when it comes to security. Keeping your healthcare record safe is at the forefront, improvements are on the horizon. In the meantime, be vigilant, and as a patient, help protect your personal record.

Sheryl J. Cherico,
CEO/COO, Co-Founder

Sheryl is the CEO of Tier3MD and one of the leading Healthcare IT Consultants in the country.

Best Way to Keep Your Network Safe
The best way to keep your network safe is really very simple. Education of your staff, and training of your staff. You can spend thousands of dollars on the best software out there, but unless your staff is educated and trained, you will be at risk.

What to train them on

1. Recognizing Phishing schemes. These usually show up in the form of emails, or pop up windows. They are made to look exactly like a reputable bank or business. They are almost perfect. Just remember, a bank, paypal, etc. will not send you an email to login in and update your personal information. Anytime you receive an email, tweet, pop up window, etc., asking for personal information, be suspicious. Anytime they want you to “click here”, be suspicious. It never really happens that way.

2. Make sure you PC is up to date with the latest virus definitions, and that it scans each night. A lot of my clients like to shut their PC’s down at night, and I highly suggest you don’t. At night is a good time to scan your PC for viruses and malware because it could slow you down while you are working. Many times our helpdesk will get a call that their PC is very slow. After a little investigation, we find out a virus scan kicked off at noon. In addition, Microsoft puts out critical updates on Tuesday nights, and you certainly don’t want to miss those. Don’t be afraid to leave your PC on.

3. Have good policies in place, and train the staff on what those policies are. Having a good password policy is not only a HIPAA requirement, it’s a great way to protect your PC, as well as your individual login. A little tip I give the users to help them stay secure yet remember their passwords is to use numbers in place of letters. For example: an “E” can be a “3”, and an “L” can be a “1” and and “I” can be a “!”. The word Linkedin would be: 1!nk3d1n. No one is going to guess that!

4. Remember to train new employees! I’ve seen this over and over, where the staff gets trained once per year, and the new employees get a quick overview on the important aspects of protecting patients. Remember to thoroughly train new staff not only on policies of the practice and HIPAA, but on cyber security, and keeping their computers safe.

5. Back up your work. No one is perfect. People will make mistakes and it is very difficult on that employee to take the weight of bringing down the network because of their mistake. We certainly don’t want to put anyone in that position. If you have a good backup, your practice could be back up and running in no time. Your IT department can help protect your users by making sure backups are performed regularly, and tested to make sure they are working on a daily basis.

Training your employees is one of the most important ways to keep your network safe. Remember, your staff is medical, not technical. They just need to understand how to protect themselves. They don’t keep up on the latest viruses. The IT staff does. Have them send out memo’s about new threats and what to watch for. Help them recognize strange behavior, and what a Phishing scheme would look like. Utilize your IT staff for help. It really is the best way to keep your network safe.

Let us know if you need help: /
1-855-698-4373 *2204
Mergers on the rise as hospitals optimize for value-based care
The first half of 2016 has seen more healthcare organization M&A activity than the same timeframe in 2015 as providers are figuring out how to navigate rapid industry change and emerging payment models, Kaufman Hall said.
By Jeff Lagasse Healthcare IT News
July 25, 2016
Hospital mergers and acquisitions rose by 6.1 percent when compared to 2015, Kaurman Hall and Associates said, with 52 transactions during the first half of 2016.

That’s up from the 49 deals recorded during that same timeframe last year, the firm said. And looking just at the second quarter of 2016, there were 27 transactions announced, up 3.8 percent from the 26 recorded in the second quarter of last year.

Sustained growth demonstrates that hospital and health system leaders across the country continue to turn to mergers, acquisitions and other forms of partnerships as a means of reducing costs, enhancing competitive positioning and pivoting to a value-based business model, the analysis found.

The largest deal announced in the second quarter of 2016, for instance, was Universal Health Services' $445 million acquisition of the remaining interest in Valley Health System, which encompasses six acute care hospitals in Las Vegas, the analysis found. Kaleida Health, meanwhile, was involved in four transactions, while HCA Healthcare was involved in three; and Texas was the most active state with 11 transactions.

Kaufman Hall said the deals that were identified occurred across the acute care spectrum, including nonprofit, for-profit, rural, urban and academic health centers. Of the 52 transactions, 39 involved acquisitions by nonprofits and 12 were acquisitions by for-profit organizations; one transaction involved a nonprofit/for-profit combination.

A total of 11 publically owned, nonprofit hospitals were acquired during that time. Twelve transactions involved partnerships with faith-based organizations.

"The continuing uptick in mergers and acquisitions is not surprising," Kaufman Hall managing director Anu Singh said in a statement. "The industry is rapidly changing and many organizations are not optimally positioned to navigate the transition to value-based care on their own. Healthcare leaders should thoroughly evaluate the partnership options to help ensure strong, competitive positioning for their organizations into the future."
Michael H. Brown
855-MyTier3 (698-4373), ext 2204
Copyright 2015 Tier3md. All Rights Reserved.