We thought we would take the time to run some background on the latest electronic medical record software certifying organization to appear on the ONC-CHPL, InfoGard. We wanted to figure out why they aren’t as prominent on the ONC-CHPL as Drummond and CCHIT. It was found that there is in fact good reason. Apparently, they are “kind of a big deal” in development of Meaningful Use guidelines… Continue reading: InfoGard Laboratories: Security Specialists in HIT
As more and more physicians and hospitals transition into the digital age, a vast amount of personal health data is ‘bait’ in the internet phishing world. While EHR system security is often a top priority, there is little secure hosting and encrypting of health information can do to stop email phishing scams.
It’s as simple as this:
- A faculty physician at a large university health system receives an e-mail appearing to be from the hospital’s information technology staff.
- The e-mail requests the doctor’s login information in order to perform routine security upgrades to the system.
- This seems like a legitimate request from a reliable source; the physician replys back providing his/her login and password.
HITECH Act Brings High Price for Privacy Breach: Are Healthcare Organizations Ready for Health IT Security Demands?November 10, 2009 | No Comments on HITECH Act Brings High Price for Privacy Breach: Are Healthcare Organizations Ready for Health IT Security Demands?
The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, significantly increased the HHS Secretary’s authority to impose higher monetary penalties for HIPAA violations occurring after Feb. 18, 2009.
Prior to the HITECH Act, the HHS Secretary could not impose a penalty of more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan or clearinghouse could also bar the Secretary’s imposition of a civil money penalty by demonstrating that it was unaware that it violated the HIPAA rules.