In This Issue:
Contact Us
855-MyTier3 (698-4373)
10 Steps to Avoid Cryptolocker and other Ransomware Viruses
Posted by Sheryl Cherico
 - CEO, Tier3MD

Cryptolocker: What You Need To Know

Cryptolocker is back in the headlines, thanks to a coordinated effort to take down the computers and criminals that run the notorious “ransomware”. But what is it? And how can you fight it? So what is Cryptolocker?

Cryptolocker is ransomware: malicious software which holds your files to ransom.

The software is typically spread through infected attachments to emails, or as a secondary infection on computers which are already affected by viruses which offer a back door for further attacks.

When a computer is infected, it contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid.

  1. Make sure your operating system is regularly updated.
  2. Purchase anti-virus tools, including Cryptolocker prevention kits
  3. Do not open attachments from unknown sources.
  4. Make sure you have a good backup at all times.
  5. Move important data to a cloud provider.
  6. Do not click on suspicious pop-ups.
  7. Make sure your staff is educated on good computing practices.
  8. If you feel you were hit, immediately unplug your computer from the network.
  9. Change your passwords on a regular basis
  10. Put in a good policy for opening attachments, emails, etc.


Telemedicine Effective for PTSD Treatment for Rural Veterans
Posted by Dan Bowman

Telemedicine-based collaborative care was shown to be an effective means for providing psychotherapy care to veterans in rural areas suffering from post-traumatic stress disorder, according to research published this week in JAMA Psychiatry.

The researchers, led by John Fortney, Ph.D. of the University of Washington, Seattle, examined 265 veterans from 11 Veterans Health Administration community-based outpatient clinics over nearly two years, from November 2009 through September 2011. Half of the patients (133) received telemedicine treatment--which included telephone and interactive video consults--while 132 patients received usual care. Feedback and treatment recommendations for those receiving care via telemedicine were given to providers at the clinics through electronic health records.

When following up with patients a year after the conclusion of the study, the authors found that 73 of the 133 patients treated via telemedicine had received cognitive processing therapy. PTSD severity also had subsided for patients in the telemedicine program.

To Learn More, click here.

Related Articles:

Have you attested to meaningful use without a security risk assessment?

Posted by Sheryl Cherico, CEO

I am finding out that quite a few practices have “checked the box” on obtaining a security risk assessment as part of their core requirements to achieve meaningful use, and have not had one performed. Why haven’t they? If I had to guess, I would say it’s one of these 10 reasons.

  1. They don’t understand it.
  2. They don’t want to incur the expense of having a private firm do an IT assessment.
  3. They think they are so small they don’t need one.
  4. They are afraid of what might be uncovered.
  5. They have no clue what it is.
  6. No one will ever know we didn’t do it.
  7. I just know we are protected just fine.
  8. I have a great IT partner and my staff is responsible
  9. We had one done 2 years ago
  10. We have all our policies in place.

I have ran into every scenario. Let me make this clear for you. As part of the requirements, it states in the Federal Register that “Core Objective – Protect electronic health information (Conduct or review a security risk assessment of the certified EHR technology) – You must perform a Risk Assessment each year you attest for Meaningful Use!”

So what happens now? You attested to meaningful use, and you didn’t really have one performed. I just had a client tell me “we didn’t do one last year and received the incentives.” Here is the reality of the situation.

Meaningful Use Audits are Occurring.

Organizations can be audited either pre or post payment of incentive funds.

Failure to perform a Risk Assessment is a frequent reason for failing Meaningful Use Audits.
Audits targeted at 20% (1 in 5) of eligible providers Failed audits may require an organization to repay a full year of incentive payments. Incentive fund repayments average ~$10,000 per eligible provider. Incentive payments must be repaid within 30 days of MU audit failure notice. Failure to repay incentive payments will incur additional penalties.

Could a failed MU audit trigger to a HIPAA audit as well? Best business practice Don’t you want to protect your sensitive data?

I don’t want to scare you into this, I just want to make sure you understand it. For the cost of the security assessment, you could end up saving tens of thousands of dollars if you are audited. Why even take that chance? Plus, it’s good business practice. It’s a great idea to check your backups and put solid policies in place. It’s good to have documentation you can follow to help your practice run more efficiently. It’s imperative you have a disaster recovery plan and a business continuity plan. I am a business owner and it is important to me to have all of these things in place.

If you haven’t had your security risk assessment done yet, call Tier3MD. Let us help you with your security.

To Learn More, click here.




Message from CEO

When Did Healthcare Change?

Posted by Sheryl Cherico, CEO

I went to the Atlanta PAHCOM (Professional Association of Healthcare Office Managers) meeting yesterday, and they had a great speaker from Kilpatrick Townsend, a Legal firm here in Atlanta. The topic was “Government and Healthcare. What you need to know.” As we were waiting for the presentation to start, one of the ladies in front of me casually mumbled to the room “What would healthcare look like if the government wasn’t involved.” This quickly turned into a conversation of “why did they get involved, and what made the government get involved.” Funny thing…no one in the room could pinpoint it.

What did healthcare look like before PQRS, government incentives, ICD-10, etc. I can hardly remember! All I remember is that healthcare was “broken” and Hillary Clinton was attempting to fix it.

Keep in mind that I grew up on the border of Canada. From what I am told, the Canadians have no problems with healthcare. Everyone is covered and everyone gets quality healthcare. Is that true?

So what is your opinion? When did we realize that healthcare really was broken, and what was the defining moment? That’s what I am having trouble with. I can remember when I was younger we went to the emergency room for a stomach ache, headache, rash, and anything else I could think of that wasn’t really an “emergency”. The emergency room was basically an extension of the doctors office, and it was there for the hours the doctors office was closed. There was a “story” that a man went to the emergency room with stomach pain. They did all sorts of tests on him that Medicaid covered. Come to find out, he was hungry. His pains were hunger pains. I am not sure if this is true or not, but I take this story to mean someone went to the ER because they had Medicaid, and it was easy to do. Even for the slightest ailment. Is this part of what broke the system?

How about outcomes? Being an IT person, I can totally relate to the power that data brings you. Could we extend the life of human beings by having powerful data on various ailments, such as diabetes, congestive heart failure, high cholesterol, and more? I would say yes! Is data what started this whole government involvement?

In my opinion, a lot of this started from the insurance companies paying claims that were considered unnecessary. They were getting slammed on unnecessary tests, duplicate tests, duplicate prescriptions, extended hospital stays and re-admissions. They had to put the hammer down. This is when I feel things started to change. I remember thinking “why are the insurance companies starting to practice medicine?” At that time, they were still paying 100% on various tests and procedures. Let’s face it…something had to give. Think about it…there is a business side to practicing medicine. If you have a patient in your office, or in the hospital, you want to be absolutely sure you diagnosis them properly. If they have insurance, why not get every test possible? It covers you, the provider, and brings in some much needed revenue for the hospital.

There is a fine line in healthcare in regards to what is needed, and what is “just to be sure” mode. Billions of dollars are spent with precautions, but how do you change it?

To get back to the original question, when did it change? It is very hard to answer. My guess is it changed when the insurance companies started working more to protect themselves. Somewhat like a domino effect. That’s when the idea of “proactive” medicine was starting to sound more like the way to go. A good example of this is paying the providers to talk about smoking cessation. It’s easier to pay the provider, than to treat a lung cancer patient. So… in my opinion, the changes started with the insurance companies. What is your thought?



Sheryl J. Cherico,
CEO/COO, Co-Founder

Sheryl is the CEO of Tier3MD and one of the leading Healthcare IT Consultants in the country.

Video: How does Tier3MD HIPAA compliant off-site backup services work?

November 2014


  linkdein   Facebook   twitter
  Michael H. Brown  
855-MyTier3 (698-4373), ext 2204
Copyright 2014 Tier3md. All Rights Reserved.