What Healthcare Professionals Need to Know About Protecting Their Digital Records

What Healthcare Professionals Need to Know About Protecting Their Digital Records

For healthcare professionals, understanding the relevant legislation can be a daunting task. They must learn how to adapt to changes in the world or face stiff fines and other penalties. This is especially true in the field of digital information management. In 1996, then-US President Bill Clinton signed into law the Health Insurance Portability and Accountability (HIPAA) Act. The first part of the law protects the health insurance coverage of workers and their families when they change companies or lose their jobs. The second part mandated the creation of national standards for electronic health records (EHR). Lawmakers would soon take this objective to the next level. In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act granted the US Department of Health and Human Services (HHS) nearly $26 billion. These funds went toward advancing the efforts prompted by the HIPAA Act. Since then, healthcare professionals have been working to improve their digital systems.

Meaningful Use and the Criteria for Compliance

The government has also instituted an incentive policy for eligible medical practices and hospitals. The program pays healthcare professionals if they start using EHR technology. The payments range from $44,000 over five years for Medicare providers and $63,750 over six years for Medicaid providers. To earn the government payments, hospitals and medical practices must show that their digital systems are in “meaningful use.” This term refers to specific requirements that healthcare professionals must meet when they are using EHR for patient care. In 2014, the program’s Stage 2 rules for meaningful use of EHR systems went into effect. Eligible professionals must complete 20 objectives in order to prove meaningful use. Hospitals need to fulfill only 19 objectives. Among other things, these requirements include the following issues and implementations: Providing patients the ability to view, download, and send their health information online Using a computerized provider order entry for medication, radiology, and laboratory orders Generating and transmitting prescriptions electronically Using certified EHR technology for identifying patient-specific education resources Submitting electronic data for immunization registries Using secure services for digital communications with patients Protecting digital healthcare information Signing up for the incentive program is voluntary. However, if medical professionals do not join by 2015, then they will receive negative adjustments to their Medicare/Medicaid fees. These adjustments will start at a 1 percent reduction, but will increase to 3 percent by 2017.

The Penalties for Failing to Protect Digital Databases

Although the incentive program is not mandatory, medical workers must still follow the rules set out in HIPAA and HITECH. Many of these rules, particularly those involving cyber security, overlap with the meaningful use criteria. Failure to follow them can be very costly. Managed care company WellPoint Inc. learned this lesson in July 2013 after the company filed a report to HHS about digital security weaknesses. The report stated that the health information of 612,402 individuals was accidentally made available on the Internet due to flaws in their EHR system. HHS started looking into the company after it filed the report. Its investigation determined that WellPoint had failed to sufficiently implement policies for authorizing access to its online database. The investigators accused the company of inadequately performing a technical evaluation of its system. They also said that it failed to establish safeguards for user identity verification. In the end, the company agreed to settle the matter by paying $1.7 million to the government.

The Need to Create a Safe and Secure Computer System

According to the HHS, the WellPoint case sent an important message about the dangers of failing to follow the law. The situation showed that those who fail to create a secure digital database could end up paying huge sums of money. This is true even for companies that update their systems, but fail to do so in the right way. Medical facilities need comprehensive cyber security agendas if they want to become compliant with both the meaningful use criteria and the overarching legislative framework. They must also perform a security risk analysis and create a risk management strategy. The best way to get started is by contacting an experienced IT company.

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

MDM vs. MAM: Which one is right for you? - Corsica Technologies

MDM vs. MAM: Which One Is Right For You?

How should you handle mobile devices that have access to company data and systems? This is a crucial question for today’s on-the-go, hybrid workforce. Maybe you give your team company-owned mobile devices. Or perhaps your employees find it more convenient

Read more
Managed Network Services - Everything You Need to Know - Corsica Technologies

Managed Network Services: Everything You Need To Know

For overworked IT teams, managed network services are a lifesaver. Rather than monitoring network logs, troubleshooting switches, and working overtime to mitigate vulnerabilities, you can engage a trusted partner to manage your network for you. But not all providers are

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.