Giva Blog
Help Desk, Customer Service, Cloud & Security Insights, with a Side of Altruism!

Value in Healthcare Information Technology (HIT)

Healthcare Information Technology

In a digitized world, one of the greatest conveniences is health information technology (HIT). Considering nearly everyone in the US is a consumer of healthcare, there are numerous benefits to adopting electronic health records. The evidence report, Costs and Benefits of Health Information Technology, outlines a few. Health information technology is a means of electronically storing, recording, accessing, or transferring a patient's medical records. This includes health and medical history. Not only is this paperless and perhaps more reliable, but it allows for "clinical decision-making and disease management." It also allows for prescription filling, test ordering, and care reminding. For example, the system can provide alerts for necessary patient vaccinations or send a prescription to be filled at a pharmacy convenient to the patient. Overall, health information technology improves the efficiency of healthcare - a highly profitable, nationwide business.

However, adopting HIT is costly and requires change in the organization. It is considered an investment, but perhaps a necessary investment in terms of economic advancement. In non-financially focused studies concerning adoption of HIT, areas of improvement included increased productivity by the healthcare provider, improved patient safety and, subsequently, fewer adverse drug events (ADE) and time spent in hospitals to treat ADEs, and better physician decision-making. For example, the ability to reduce the "ordering of redundant clinical laboratory tests could produce an annual savings of $35,000 in laboratory charges." It is economically beneficial to improve the efficiency of healthcare.

In a day and age where nearly everything is digitized, it is only fitting a business as widely used as healthcare should follow suit. Adopting health information technology will improve provider efficiency while increasing consumer centeredness. Electronic health records are more personalized, more organized and more efficient. Although implementation of HIT is an expensive adjustment, benefits for both provider and consumer are apparent. Healthcare efficiency is important to society as a whole.

With efficiency of digital access to healthcare records comes the necessity of increased data security measures. The Federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was passed to establish a national framework for security standards and protection of confidentiality with regard to health care data and information. Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. See 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Giva's Compliance with EU & Switzerland Safe Harbor Framework

Giva Safe Harbor Compliance

In October of 1998, the European Commission created a Directive on Data Protection, which prohibits transferring personal data to non-European Union countries that do not meet a certain level of privacy protection. The EU felt this was necessary as it and the United States approach handling data privacy in different ways.

In order to allow US companies to quickly comply with EU standards, the European Commission and the U.S. Department of Commerce worked together to provide a framework by which organizations could certify their compliance. The program is called the U.S.-EU Safe Harbor program, and certifying to the framework allows U.S. organizations to join this program.

With Switzerland, their Federal Data Protection and Information Commissioner also worked with the U.S. Department of Commerce to create a separate "Safe Harbor" framework, for the same purposes as the EU "Safe Harbor" framework.

Giva values the privacy of its users and visitors, and Giva respects the privacy definitions of not only the U.S., but the other organizations around the world that have decided upon their own standards they feel are best for the people they represent. With this, Giva has completed the self-certification process as defined in the Safe Harbor framework for both the European Union and Switzerland.

For more information about Giva's Safe Harbor compliance, please visit our Privacy Policy page.

Report Analyzes Extent of Data Breaches in California

Interesting reading from the NYT this morning:

"The constant drumbeat of data breaches won't cease anytime soon, according to a new report from California's attorney general, Kamala D. Harris.

There were 167 data breaches reported in California last year, an increase of 28 percent from the 131 data breaches reported the previous year. The information of more than 18.5 million California residents was compromised in 2013, a significant jump from the 2.5 million compromised records in 2012.

Those numbers were skewed by two widespread breaches last year. At Target, personal records for 41 million people were compromised, and at LivingSocial, hackers gained access to 50 million records. According to the attorney general, each of these two breaches put 7.5 million California residents' information at risk.

The majority of breaches — 53 percent — were because of malware and hacking, while a smaller number, 26 percent, was attributed to the physical loss of a computer or device. The report reiterates what many already knew: There is much more information to be stolen through hacking than physical loss. The vast majority of the 17 million records compromised in California last year — 93 percent — were attributable to malware or hacking, whereas only 1.15 million records were compromised by the physical loss of an electronic device."

 

Read more at data breach study in California.

Are your cloud applications HIPAA Compliant?

Are You HIPAA Compliant? - The Rise of Healthcare Data Breaches

A recent report by the Identity Theft Resource Center should heighten the level of concern of a number of healthcare companies. According to statistics compiled in 2013, the healthcare sector now accounts for 43.8% of total reported data breaches. That is the most of any sector. The reason is likely two-fold. First, the healthcare industry is subject to some of the strictest reporting requirements in the U.S. economy. These strict regulations force healthcare companies to publicly report information on all large data breaches. Second, hackers are increasingly recognizing healthcare companies as a valuable source of personal information. Hacking accounted for over a quarter of reported data breaches in 2013. Healthcare companies must become more aware of these external threats.

The Health Insurance Portability and Accountability Act (HIPAA) along with other federal requirements make strict security measures and data encryption methods a necessity for healthcare companies. Failure to implement these standards leaves these companies vulnerable to an attack. Companies are subject to federal punishments if a data breach occurs due to relaxed security measures. These include large fines and financial penalties. Given that the healthcare industry is now a popular victim of hackers, healthcare companies cannot afford to assume their security measures are sufficient.

Thankfully, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant? - Healthcare Information Safety

A recent report from the Washington Post offered some sobering news about the safety of information in the healthcare industry. According to the United States Department of Health and Human Services (HHS) 3.6 million patient records have been stolen from health firms via hackers since 2009. This statistic does not include the most recent hacking of Community Health Systems which lost 4.5 million records to a group of Chinese hackers earlier this year. Large data breaches are not the only concern. In 2012, HHS received 21,194 reports of small data breaches from healthcare companies.

Healthcare companies should be wary. According to a 2013 study conducted by the Healthcare Information and Management Systems Society only 69% of health security professionals said their company had established a data breach plan. The organization concluded that the healthcare industry has only reached an "average level of maturity" on security issues. This statement should be concerning to healthcare companies. Strict regulations in the Health Insurance Portability and Accountability Act (HIPAA) and further provisions tied to the 2009 stimulus require healthcare companies to comply with firm security measures. Companies that fail to comply with these measures and are subject to a data breach face many severe consequences. Large financial penalties are in place and companies often suffer backlash.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant?

Earlier this year medical records of 4.5 million patients were stolen from Community Health Systems (CHS) by a sophisticated group of Chinese hackers. According to the Washington Post the names, birth dates, telephone numbers, and social security numbers of patients were copied and transferred from the company's systems. This information has been protected under the Health Insurance Portability and Accountability Act (HIPPA) for the last decade. As required by federal law CHS notified all impacted patients and provided them with free identity theft services. The company’s liability insurance was expected to absorb the major financial impacts of the data breach. Their mandated Security and Exchange Commission Filing stating the consequences of the breach was published on August 18 and can be found here.The Health Insurance Portability and Accountability Act requires all companies contributing to healthcare services to protect patient’s personal health records with strict security and data encryption measures. Companies that suffer a data breach due to relaxed security measures can be found in violation of federal law. Penalties are strict. Significant fines that can jeopardize a company's financial standing and reputation are charged per incident. According to the FBI, the digitization of medical records has encouraged hackers to increasingly target healthcare companies. Strong security measures that align with strict HIPAA regulations are now required of all healthcare providers.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. Click on: 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

HIPAA Security For Help Desk, Change Management, Customer Service

Long before the commercial success of the Internet, Brian J. Fox invented one of its most widely used tools.

In 1987, Mr. Fox, wrote Bash, short for Bourne-Again Shell, a free piece of software that is now built into more than 70 percent of the machines that connect to the Internet. That includes servers, computers, routers, some mobile phones and even everyday items like refrigerators and cameras.

On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named "Shellshock," drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

Many of the commercial tools that individual users and large corporations depend upon are built on top of programs that are written and maintained by a few unpaid volunteers in what is called the open-source community. That community, along with big companies like Google, adjusts and builds new things on top of older work. 

Sometimes there are flaws in that code. And over the years, the flaw becomes part of all sorts of products.

The mantra of open source was perhaps best articulated by Eric S. Raymond, one of the elders of the open-source movement, who wrote in 1997 that "given enough eyeballs, all bugs are shallow." But, in this case, Steven M. Bellovin, a computer science professor at Columbia University, said, those eyeballs are more consumed with new features than quality. "Quality takes work, design, review and testing and those are not nearly as much fun as coding," Mr. Bellovin said. "If the open-source community does not develop those skills, it's going to fall further behind in the quality race."*

Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. 

* Attribution to the NYT

Experts Say 'Bash' Bug Is a Major Vulnerability

You may have heard the news about a vulnerability in Bash called Shellshock. Bash is a command processor that allows a user to conduct actions through a command-line interface for Linux environments. If the Shellshock vulnerability is exploited, a threat actor with access to a Linux server can run arbitrary commands. Many questions are emerging around how companies can protect their employees and customers.

We can help. Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. We look forward to discussing this matter with you.

We take security seriously.

 

Newer Entires     1   2   3   4   5   6