HIPAA Communication News

Webinar Today: Communication Best Practices During a Pandemic

During the 2019 Novel Coronavirus pandemic, instant, immediate, and enterprise-wide communication is essential for slowing the spread of the virus and ensuring service continuity.

Relatively little is known about the Novel Coronavirus and how it is spread. It is a fast-evolving situation and new information is regularly being released by researchers and public health authorities. That information and updates to policies and procedures need to be rapidly communicated across healthcare organizations. It is also important for healthcare professionals to monitor the condition of patients who are self-isolating at home after displaying symptoms of COVID-19.

The 2019 Novel Coronavirus pandemic is placing health systems under a great strain and fast, effective, and efficient internal and external communication is critical.

TigerConnect, the leading secure healthcare communication platform provider, is hosting a webinar where the company’s healthcare communication experts will share communication and collaboration best practices for organizational preparedness, effective response, and service continuity during the 2019 Novel Coronavirus pandemic, and other times of crisis.

During the webinar, TigerConnect will discuss best practices for workflow readiness, how to accelerate internal and external communication, effective broadcasting of important updates to staff and external partners, how patient diagnosis and isolation workflows can be expediated, the best way to prioritize alerts for critical patients, how to ensure staff safety, and the use of text messaging to monitor patients who are self-isolating at home.

The TigerConnect platform has been adopted by more than 6,000 healthcare organizations to collaborate and communicate effectively. One of those healthcare organizations, Singapore Health, is using the TigerConnect platform to improve enterprise-wide communication and coordinate its response to COVID-19 cases. Singapore Health has been commended for the efficiency and effectiveness of its response to the crisis. TigerConnect will be sharing information on the lessons learned to help U.S. healthcare providers deal with the COVID-19 crisis more effectively.

The webinar is being hosted by Dr. Will O’Connor, Chief Medical Information Officer, TigerConnect and Julie Grenuk, Nurse Executive, TigerConnect.

The webinar will consist of a live presentation followed by a Q&A session.

Webinar Details:

Date:     Thursday, March 19th, 2020
Time:     2 p.m. ET / 11 a.m. PT

Click here to register for the free webinar

The post Webinar Today: Communication Best Practices During a Pandemic appeared first on HIPAA Journal.

Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency

In an effort to prevent the spread of the 2019 novel coronavirus, patients suspected of being exposed to the virus and individuals with symptoms of COVID-19 have been told to self-isolate at home. It is essential for contact to be maintained with people at risk, especially seniors and people with disabilities.

Telehealth services, including video calls, can help healthcare professionals assess and treat patients remotely to reduce the risk of transmission of the coronavirus. Telehealth services can also be used to maintain contact with patients who choose not to visit medical facilities due to the risk of exposure to the virus.

On Monday, March 16, 2020, the Trump Administration announced that telehealth services for Medicare beneficiaries have been expanded. Prior to the announcement, doctors were only able to claim payment for telehealth services provided to people living in rural areas and no access to local medical facilities and for patients with established relationships with billing providers.

“We are doing a dramatic expansion of what’s known as telehealth for our 62 million Medicare beneficiaries, who are amongst the most vulnerable to the coronavirus,” explained Seema Verma, administrator of the Centers for Medicare and Medicaid Services (CMS). “Medicare beneficiaries across the nation—no matter where they live—will now be able to receive a wide-range of services via telehealth without ever having to leave home. These services can also be provided in a variety of settings, including nursing homes, hospital outpatient departments, and more.”

Effective March 6, 2020, Medicare will reimburse a wide range of healthcare providers for office and telehealth visits, including nurse practitioners, social workers, and clinical psychologists. Reimbursement will be at the same rate as face-to-face visits.

Relaxation of Enforcement of Noncompliance with HIPAA

Telehealth services are subject to HIPAA regulations. The technology used, such as smartphone and communications platforms, must comply with HIPAA rules and have safeguards in place to ensure the confidentiality, integrity, and availability of ePHI. During a public health emergency such as a disease outbreak the HIPAA Security Rule still applies. Healthcare professionals that provide telehealth services would, under normal circumstances, not be permitted to use certain video conferencing technology such as Facetime or Skype, as the services are not fully compliant with HIPAA.

The HHS’ Office for Civil Rights announced on March 17, 2020 that it is taking a more relaxed position on HIPAA enforcement of noncompliance with certain HIPAA provisions related to telehealth services. “OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.  This notification is effective immediately,” explained OCR in its Notification of Enforcement Discretion for telehealth.

OCR confirmed that during the coronavirus public health emergency, healthcare providers are permitted to use “any non-public facing remote communication product that is available to communicate with patients,” in connection with good faith provision of telehealth. That enforcement discretion also applies to telehealth services related to the diagnosis and treatment of health conditions unrelated to COVID-19. While enforcement has been relaxed, Verma said “it is still important for covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures.”

While OCR does not endorse the use of certain products, it has been suggested that healthcare providers could use Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype. Public facing chat and communications platforms such as Facebook Live, Twitch, and TikTok would not be permitted for telehealth purposes.

OCR reminded covered entities that they can obtain greater privacy protections by using HIPAA-compliant video communications solutions and should obtain a signed business associate agreement. Provides of platforms that do sign BAAs and provide a HIPAA compliant service include TigerConnect, Skype for Business, Zoom for Healthcare, Updox and VSee.

“OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency,” explained OCR in its notice. When the public health emergency ends, penalties would apply if a BAA is not in place and communications platforms are used that are not HIPAA compliant.

The post Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency appeared first on HIPAA Journal.

TigerConnect Secure Communications Platform Offered to Hospitals Free of Charge During COVID-19 Pandemic

TigerConnect, the provider of the most widely used secure healthcare communications platform in the United States, has announced that U.S. health systems and hospitals can use its platform free of charge to help support COVID-19 related communications during the novel coronavirus pandemic.

TigerConnect has been tracking COVID-19 and the impact it is having on the U.S. healthcare system. Unsurprisingly given the rapid spread of the virus, use of its secure communications platform has surged. The company also reports that it is receiving an increasing number of calls from customers looking to expand licenses to make sure all staff have access to the platform to expedite internal and external communication and support isolation workflows.

The TigerConnect platform can be used to create dedicated channels for COVID-19 communications to provide support for patients and staff members. The platform ensures instant and immediate communication of preparedness plans, staff schedules, guidelines on infection control and isolation protocols, and other critical information. Users of the platform can contact any person within a healthcare system instantly, without knowing their number or extension.

“As part of the healthcare community, we harbor a sense of duty to do everything we can to keep the flow of information moving as quickly as possible,” explained TigerConnect. “This is the time to remove any barriers that might keep organizations from having every tool they need to fight COVID-19.”

Hospitals and health systems that have not yet adopted the TigerConnect platform are being offered complimentary use of the TigerConnect secure texting network for up to 6 months to support COVID-19 communications. Existing customers will be provided with complimentary expansion of TigerText Essentials licenses for up to 6 months. TigerConnect has also announced that it will be extending support hours and publishing resources and conducting webinars to help current and new users of the platform optimize communications.

As has been seen in Europe, which is now the epicenter of the COVID-19 pandemic, hospitals and health systems are stretched and struggling to cope with the number of cases. Immediate, enterprise-wide communication is critical for preventing the spread of the disease.

In Singapore, stringent measures have been implemented to prevent the spread of the novel coronavirus. As of March 14, there have been 200 cases of COVID-19 in Singapore but no COVID-19 deaths. Coordinating the response to COVID-19 and ensuring resources are correctly allocated has been a major challenge, but one that has been helped by having an efficient communications system in place. 55,000 healthcare professionals in Singapore are using the TigerConnect platform and usage has increased fivefold in the past three weeks. Being prepared and having the systems in place to deal with outbreaks of disease that support fast and efficient communication has been invaluable.

“It is clear that identifying new cases quickly and sharing that information among key stakeholders is crucial to containment and treatment,” explained TigerConnect co-founder and CEO, Brad Brooks. “Our mission is to help organizations remove the barriers that might slow down those responses as we continue to partner with the organizations on the front lines of this crisis.”

The post TigerConnect Secure Communications Platform Offered to Hospitals Free of Charge During COVID-19 Pandemic appeared first on HIPAA Journal.

HHS Releases Final Interoperability and Information Blocking Rules

On March 6, 2020, the Office of Information and Regulatory Affairs’ Office of Management and Budget announced it has completed its review of the rules proposed by two HHS agencies in February 2019 to tackle interoperability and information blocking.

On March 9, 2020 the HHS’ Centers for Medicare and Medicaid Services (CMS) and the HHS’ Office of the National Coordinator of Health Information Technology (ONC) released their final rules which change how healthcare delivery organizations, health insurers, and patients exchange health data.

The interoperability and information blocking rules were required by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) and the 21st Century Cures Act of 2016. They are intended to make it easier for healthcare data to be exchanged between providers, insurers, and patients and are a key part of creating a patient-centric healthcare system and put patients in control of their own health records.

“These rules are the start of a new chapter in how patients experience American healthcare, opening up countless new opportunities for them to improve their own health, find the providers that meet their needs, and drive quality through greater coordination,” explained HHS Secretary, Alex Azar.

Easy Access to Patient Records Through APIs

One of the ways that patients are given easy access to their health data is through the use of application programming interfaces (APIs). APIs can be leveraged to connect different IT systems and software solutions to allow data to be easily transferred from one to the other. The use of APIs has driven innovation in many sectors, but they have not been adopted in healthcare to give patients easy access to their medical records. The final rules will ensure that changes.

The use of APIs will allow healthcare providers to easily share a patients’ electronic health records with other healthcare organizations with different EHR systems. It will also allow patients to have their healthcare data, including medical records, sent to a third-party health app if thy so wish. The rules also include provisions to ensure that patient data contained in electronic health records is provided to patients at no additional cost when it is accessed electronically.

Improving Interoperability of Health Data

The CMS Interoperability and Patient Access final rule, part of the Trump Administration’s MyHealthEData initiative, is aimed at improving interoperability and patient access to healthcare data. “[The] final rule is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs),” explained CMS in the Interoperability and Patient Fact Sheet, published on March 9, 2020.

The lack of effective exchange of healthcare data has had a negative effect on patient outcomes and is also contributing to high healthcare costs. The CMS final rule removes barriers to information sharing to give patients easy access to their healthcare data, it will improve interoperability, drive innovation, and reduce the burden on payers and providers. When patient health information moves freely, patient care can be coordinated easily, costs can be reduced, and patient outcomes are likely to improve.

“Delivering interoperability actually gives patients the ability to manage their healthcare the same way they manage their finances, travel and every other component of their lives. This requires using modern computing standards and APIs that give patients access to their health information and gives them the ability to use the tools they want to shop for and coordinate their own care on their smartphones,” said Don Rucker, M.D., national coordinator for health information technology.

Final Rules Will Drive Innovation

In addition to requiring healthcare providers to share medical records with third party apps at the request of patients, the CMS rule also calls for health insurers to share cost information with third-party apps. This will give patients information about the out-of-pocket expenses they are likely to incur. This will allow patients to plan and budget for medical bills.

“The days of patients being kept in the dark are over,” said CMS Administrator Seema Verma. “These rules begin a new chapter by requiring insurance plans to share health data with their patients in a format suitable for their phones or other device of their choice. We are holding payers to a higher standard while protecting patient privacy through secure access to their health information. Patients can expect improved quality and better outcomes at a lower cost.”

The CMS final rule also requires CMS-regulated payers to make provider directory information available publicly via a standards-based API. This will encourage innovation and will allow third-party app developers to create services that allow patients to find providers that can offer care and treatment. These apps could also be used by clinicians to find other providers to help with care coordination.

The CMS rule also calls for payer-to-payer clinical health data exchange to allow patients to take their data with them when they change payers and to create a cumulative health record with their current payer. “Having a patient’s health information in one place will facilitate informed decision-making, efficient care, and ultimately can lead to better health outcomes,” explained the CMS.

Preventing Information Blocking

The ONC’s 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule details information blocking practices such as anti-competitive behavior which are prohibited and reasonable and necessary activities that are not classed as information blocking and are permitted. One area where problems will be eased is the sharing of screenshots and videos related to EHR use. Many EHR providers prohibit the use screenshots and videos, when these are important for communicating about usability, the user experience, and interoperability.

The CMS has confirmed that starting in late 2020, using data collected for the 2019 performance year data, the CMS will be reporting clinicians, hospitals, and critical access hospitals that are believed to be engaging in information blocking practices based on how they attested to certain Promoting Interoperability Program requirements.

Patient Privacy and Data Security

The proposed rules will improve interoperability and reduce information blocking, but there has been fierce criticism of the rules by some groups, mostly in relation to patient privacy. Both the American Hospital Association (AHA) and the American Medical Association (AMA) have been vocal critics of the rules criticized the rules, with one of the main issues related to the sharing of health records with third-party apps.

Healthcare providers are required to comply with HIPAA and must ensure safeguards are implemented to ensure patient data is protected. Health app developers and other entities not required to comply with HIPAA, may not have appropriate privacy protections in place. There is also considerable potential for secondary uses of patient health information without the knowledge of patients.

The AHA and AMA are not alone. Many privacy advocates and health systems have expressed concern about the proposed rules and patient privacy. Last year, Epic wrote to the HHS Secretary voicing concern and even threatened legal action if patient privacy was not protected. The letter was signed by 60 healthcare systems.

The CMS and ONC have made patient privacy a key priority. Both the CMS and ONC want to ensure patient data flows freely, but also that patient privacy is protected. To ensure the privacy and security of patient data in transit, the ONC and CMS have adopted the Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) Release 4.0.1 as the standard to support data exchange via APIs.

That standard ensures patient privacy and security for the transfer of health data but does not cover patient data once it has been transferred to a third party. To address risks after data has been transferred, healthcare organizations are permitted to ask third-party app developers to attest to certain privacy provisions, such as whether there will be any secondary uses of patient data and to make sure patients are informed about what those secondary uses will be.

The post HHS Releases Final Interoperability and Information Blocking Rules appeared first on HIPAA Journal.

How One Company is Helping to Drive Down the Cost of U.S. Healthcare and Improve Patient Outcomes

2019 Health Statistics published by the Organisation for Economic Co-operation and Development’s (OECD) show healthcare expenditures in the United States are significantly higher than those in other developed countries. A 2018 Harvard study of 11 developed countries showed the United States had the highest healthcare costs relative to its GDP out of all 11 countries studied. Per capita healthcare spending was found to be almost twice that of other wealthy, developed countries.

Higher costs are not necessarily bad if they translate into better patient outcomes, but the OECD figures show that is not the case. The United States performed poorly for patient outcomes, even though the costs of healthcare are so high. Reducing the cost of healthcare is a major challenge and there is no silver bullet, but there are ways for costs to be reduced and for patient outcomes to be improved.

The Trump Administration is committed to reducing the cost of healthcare through executive orders and HHS rulings. In November 2018 an executive order – Improving Price and Quality Transparency in American Healthcare – was issued which is intended to improve healthcare price transparency to increase competition among hospitals and insurers and drive down healthcare spending.

Another key area where costs can be cut is by eliminating wastage in healthcare. A great deal of money being wasted due to inefficiency, such as the continued use of outdated communications technology.

The healthcare industry is still heavily reliant on communications technology from the 1970s. Advances are being made and new communications tools are being introduced, but oftentimes when new communications technology is purchased, it tends to be introduced in silos and healthcare organizations fail to achieve the full benefits. As a result, communications problems persist.

Communication inefficiencies are costing the healthcare industry dearly and that cost is being passed onto patients. Research shows communication inefficiencies cost a single 500-bed hospital around $4 million a year. The breakdown in communication is estimated to be a major factor in 70% of medical error deaths, according to a study published in the Journal of Medical Internet Research.

One company helping to cut the cost of healthcare is TigerConnect. TigerConnect has developed an advanced communications and collaboration solution that allows all members of care teams to communicate and collaborate quickly, efficiently, and effectively. The platform helps accelerate productivity and eliminates wastage, which allows healthcare providers to reduce the cost of healthcare. The solution has also been shown to improve patient outcomes.

The platform has been shown to reduce wait times in emergency departments, reduce the potential for medical errors, reduce the length of hospitals stays, and the platform helps improve staff morale, especially among physicians. The platform eliminates phone tag, allows all members of the care team to access the data they need to make decisions, and ensures proper patient handoffs, which is where the majority of medical errors occur.  

The TigerConnect team is committed to solving pervasive problems in healthcare communication and continues to innovate and develop its solution to meet the need of healthcare organizations of all sizes. The platform has proven popular with healthcare organizations and the company has been enjoying a period of tremendous growth, according to 2019 figures released today.

The TigerConnect solution is the most widely adopted healthcare communications and collaboration platform in the United States and 2019 has seen the company expand its industry footprint further. More than 600 new clients have been added in 2019, including 100 new enterprise clients such as Geisinger, NCH Healthcare System, Penn State Health, University of Maryland Medical System, Einstein Medical Center, Cooper University Health Care, and St. Luke’s University Health Network. More than 6,000 healthcare organizations are now using the platform.

TigerConnect has also expanded its workforce to cope with the increased demand. Over 50 new members of staff joined the company in 2019. TigerConnect also created new leadership roles, with the appointment of former Vacasa CTO, Tim Goodwin, as its first Chief Technology Officer, former McKesson consultant Sarah Shillington as the SVP of client success, and former Expedia executive, Allie Hanegan as VP of People.

TigerConnect is now looking to make greater gains in 2020 and has launched several initiatives to accelerate growth. Ahead of HIMSS20, TigerConnect will be launching several major product and partner initiatives, the company will be aggressively marketing its solution toward new clients and will also be looking to expand its footprint with its existing customer base. TigerConnect has also confirmed it will be forming a client advisory group and will be leveraging additional forums to get feedback from users to identify areas where the platform can be further improved.

“As we look ahead to the next decade, we see nothing but greenfield opportunity to redefine the way healthcare teams, payers, and patients connect and collaborate. We remain steadfast in our mission to partner with care organizations of every size and type, providing them with the world’s most advanced collaboration technology to produce a vision of the future we can all be proud of,” said Brad Brooks, co-founder, and CEO of TigerConnect.

The post How One Company is Helping to Drive Down the Cost of U.S. Healthcare and Improve Patient Outcomes appeared first on HIPAA Journal.

SpamTitan Top Rated AntiSpam Solution on Business Software Review Sites

The 2018 Verizon Data Breach Investigations Report showed phishing to be the primary method used by cybercriminals to infect healthcare networks with malware and steal financial information. Email was the attack vector in 96% of healthcare data breaches according to the report.

All it takes is for one employee to respond to a phishing email for a data breach to occur, so it is essential for a powerful email security solution to be deployed that will catch phishing emails, malware, ransomware, and other email-based threats.

Email security solutions can vary considerably from company to company. Some may be excellent at blocking email threats but can be difficult to use, others may fall short at detecting zero-day threats, and some fail to block many spam and phishing emails. All of the companies offering email security solutions claim that their products provide excellent protection, so selecting the best solution for your organization can be a challenge. Making the wrong decision can be a costly mistake.

When choosing an email security solution, third party review sites are a godsend and can save you a lot of time in your search. Well respected business software review sites allow verified users of software solutions to provide their feedback on products and let other businesses know which are easy to implement, easiest to use, which are most effective at blocking threats and which companies provide great support when help is required.

It pays to check several different review sites to find the top-rated email security solutions by end users. Our search has highlighted one solution that is consistently rated highly across the leading review platforms: SpamTitan from TitanHQ.

Listed below are some of the many positive reviews from users of SpamTitan Email Security across the top review platforms:

G2 Crowd

G2 Crowd is the largest tech marketplace for business software. The site is used by IT decision makers to learn more about software solutions to help them realize their potential and protect their networks from the full range of cybersecurity threats.

On the G2 Crowd platform, SpamTitan is the top-rated email security solution with scores of 9.0 out of 10 for ease of admin, 9.1 for ease of use, 9.2 for ease of setup and quality of support, and 9.3 for ease of doing business with and meets requirements. The scores are based on 139 reviews from verified users. Across all reviews, SpamTitan achieved a score of 4.6 out of 5.

“I really like the customization that is available for this product. We have total control over the spam filter environment for all our customers. The environment is stable which is very important to us and our customers. The support staff was great when we were getting our environment configured. They were quick to reply to emails and reach out to assist us as needed. The spam filtering is top-notch and much better than other products we have used,” said Jeff Banks, Director of Technology.

Gartner Peer Insights

Gartner Peer Insights is a peer review site that is rigorously vetted by the leading research and advisory company, Gartner.  Gartner provides impartial advice on the top software solutions without bias and with no hidden agenda. Gartner Peer Insights just contains real reviews from real business IT users.

SpamTitan has been rated by 112 users and achieved an average review score of 4.9 out of 5.

“TitanHQ claims that SpamTitan “blocks 99.9% of spam, viruses, and other threats that come through” and I can’t argue against it. It’s been running on my machines for a couple of years now and works very well. Rarely does anything useless go through to my inbox.” Information Technology Specialist, Healthcare Industry.

Capterra

Capterra is an online marketplace vendor founded in 1999 and bought by Gartner in 2015. Capterra serves as an intermediary between software buyers and sellers and is one of the leading sites where decision makers can find out more about software solutions from verified users.

There are 379 reviews of SpamTitan on Capterra. SpamTitan received an overall score of 4.6 out of 5 with individual scores of 4.4 for ease of use, 4.4 for features, 4.5 for value for money, and 4.6 for customer service.

“Overall, we are very happy with the product and the customer support. We did have to put some time into this product but now we have a custom-fit solution, with fault-tolerance (two servers at two locations, both locations have both internet and private WAN access to the Exchange server) and we’re saving thousands of dollars versus the managed solution we used to use. We can tighten things up if we wish, we have a lot of flexibility with this product. I rate it an excellent value. So much power, flexibility and fault-tolerance, for so little money.” Mike D Shields, Director of IT and Telecom.

“It’s as close to “set it and forget it” as you can come in the IT field. Right out of the box support helped me set everything up in less than 20 minutes, no hardware to worry about, nothing like that. Literally all I have to do is check to see if something was blocked incorrectly once in a while, white list it, and done. I’ve been using spam titan for almost a year and in that time we have blocked over 200k spam/malicious emails for a 30 person company before they even hit employee mailboxes. I shut off the service for 48 hours just to make sure it easy legit, it was, and I haven’t shut it off again since.” Benjamin Jones, Director Of Information Technology

Google Reviews

112 business users of SpamTitan have submitted reviews of SpamTitan to Google. The email security solution achieved an average score of 4.9 out of 5.

“The Titan Spam filter is by far one of the best email filters I have ever used. It was simple to setup, it allows users to release their own emails from quarantine quick and easy. Thank you for making such a great quality product, and for having excellent technical support.” Joseph Walsh.

“Great product. Spam reduced to almost zero and no user complaints. Configuration is simple and support is awesome. Love it!” George Homme

Software Advice

379 users have left reviews of SpamTitan on the business software review site, Software Advice.  The solution achieved an average score of 4.58 out of 5

“Our previous product was not stable and didn’t filter out spam as well as we wanted. This tool exceeds out expectations!” Jeff, CatchMark Technologies.

Spiceworks

Spiceworks is a professional network specifically for the information technology, providing educational content, product reviews, and feedback from software users. Members of the Spiceworks community similarly rate SpamTitan very highly. The solution has been reviewed by 56 members and has achieved an average score of 4.6 out of 5.

SpamTitan is also the top-rated email security solution on SpamTitanReviews, with a score of 4.9 out of 5.

The post SpamTitan Top Rated AntiSpam Solution on Business Software Review Sites appeared first on HIPAA Journal.

Microsoft Issues Advice on Defending Against Spear Phishing Attacks

Cybercriminals conduct phishing attacks by sending millions of messages randomly in the hope of getting a few responses, but more targeted attacks can be far more profitable.

There has been an increase in these targeted attacks, which are often referred to as spear phishing. Spear phishing attacks have doubled in the past year according to figures from Microsoft. Between September 2018 and September 2019, spear phishing attacks increased from 0.31% of email volume to 0.62%.

The volume may seem low, but these campaigns are laser-focused on specific employees and they are often very affective. The emails are difficult even for security conscious employees to recognize and many executives, and even IT and cybersecurity staff, fall for these campaigns. The emails are tailored to a specific individual or small group of individuals in a company, they are often addressed to that individual by name, appear to come from a trusted individual, and often lack the signs of a phishing emails present in more general phishing campaigns.

These attacks are more profitable as some credentials are more valuable than others. Spear phishing campaigns often target Office 365 admins. Their accounts can allow an attacker to gain access to the entire email system and huge quantities of sensitive data. New accounts can be set up on a domain with admin credentials, and those accounts can be used to send further phishing emails. New accounts are only used by the attacker, so there is a lower chance of the malicious email activities being discovered.

Spear phishers also seek the credentials of executives, as they can be used in business email compromise attacks in which employees with access to company bank accounts to tricked into making fraudulent wire transfers. Fraudulent wire transfers of tens of thousands, hundreds of thousands, or even millions may be made, malware can be installed, or the attacker can gain access to large quantities of highly sensitive data.

Spear phishers spend time researching their targets on social media networks and corporate websites. They learn about relationships between employees and different departments and impersonate other individuals in the company. They may even already have compromised one or more company email accounts in past phishing campaigns before going for the big phish on a big fish in the company. This is often referred to as a whaling attack. Spear phishing emails are often professional, credible, and are difficult to identify by end users.

As difficult as these spear phishing emails are to spot, there are steps that healthcare organizations can take to reduce risk. Many of these measures are the same as the steps that need to be taken to detect and block more general phishing campaigns.

The best place to start is with employee education. Security awareness training should be provided to everyone in the organization who uses email. Many of these spear phishing attacks start with a more general phishing campaign to gain a foothold in the email system.

The CEO and executives must also be trained, as they are the big fish that the spear phishing campaigns most commonly target. Any individual with access to corporate bank accounts or highly sensitive information should be given more training, and the training should be role-specific and cover the threats they are most likely to encounter.

Employees should be taught not just to check the true sender of an email, but specifically look at the email address to see if something is not quite right. Phishing emails usually have a sense of urgency and usually a “threat” if no action is taken (account will be closed/suspended).

They often contain out-of-band requests that go against company policy such as fast-tracking payments, sending unusual data via email, or bypassing usual checks or procedures. The messages often contain unusual language or inconsistent wording.

When suspicious emails are received, there should be an easy mechanism for employees to report them to their security teams. A one-click email add-on for reporting messages is useful. Spear phishing campaigns are often sent to key people in a department simultaneously, so speaking to peers about messages is also useful. Policies should also be implemented that require checks to be performed before any large bank transfers are made. It should be company policy to double check atypical requests by phone, for instance.

Technical measures should also be introduced to detect and block attacks. An advanced spam filtering solution is a must. Do not rely on Exchange Online Protection with Office 365. Advanced Threat Protection from Microsoft or a third-party solution for Office 365 should be implemented for greater protection, one which incorporates sandboxing, DMARC, and malicious URL analysis will provide greater protection.

Multi-factor authentication is also essential. MFA blocks more than 99.9% of email account compromise attacks. If credentials are compromised in an attack, MFA can prevent them from being used by the attacker.

Spear phishing is the principle way that cybercriminals attack organizations and it often gives them the foothold they need for more extensive attacks on the organization. Spear phishing is a very real threat. It is therefore critical that organizations take these and other steps to combat attacks.

The post Microsoft Issues Advice on Defending Against Spear Phishing Attacks appeared first on HIPAA Journal.

New Alexa Healthcare Skill Helps Patients Manage Their Medications

Amazon has announced that Alexa has a new healthcare skill that patients can use to manage their medications and order prescription refills.

Earlier this year, Amazon announced that it has developed a HIPAA-eligible environment for skill developers that incorporates the necessary safeguards to comply with the requirements of the HIPAA Privacy and Security Rules. Amazon set up an invite-only program for a select group of skill developers to create new skills that could benefit patients.

The new skill is the result of a collaboration between Amazon and the medication management firm Omnicell. Amazon contacted Omnicell and offered the company the chance to create the new skill after it was noticed that many Alexa users were using their devices to set medication reminders. Amazon had received feedback from several users who requested improvements be made to the reminders feature to allow them to set multiple reminders a day to take their medications.

Initially, the new Alexa capabilities will be available to customers of the Giant Eagle pharmacy chain, which operates over 200 pharmacies throughout the Midwest and Mid-Atlantic. The new skill allows patients to set reminders to take their medications, check their current prescriptions, and order prescription refills at Giant Eagle by issuing voice commands to their Alexa devices.

The new skill incorporates a range of privacy and security protections to prevent unauthorized access and misuse. After enabling the Giant Eagle Pharmacy skill and linking their account, users are required to set up a voice profile and set a PIN. Alexa will recognize a user by their voice profile, but they will be required to provide their PIN before any information will be relayed. Healthcare related information is also redacted in the app to maintain privacy and voice recordings can be reviewed and deleted at any time through the Alexa app, Privacy Settings page, or by issuing voice commands after authentication.

“This new technology is just the beginning, as we continue to identify straightforward and easy-to-use pharmacy tasks that voice–powered devices can perform in the real world to keep the patient at the center of care and streamline pharmacy workflow,” said Danny Sanchez, vice president and general manager, Population Health Solutions, Omnicell.

The initial launch will provide Amazon with valuable data that will be used to improve the customer experience. Amazon will be adding further pharmacy chains in the New Year.

The post New Alexa Healthcare Skill Helps Patients Manage Their Medications appeared first on HIPAA Journal.

Solving the Communication Problems in Healthcare

52% of healthcare organizations experience communications disconnects that negatively impact patients daily or multiple times a week, according to a recent study by TigerConnect.

These communication problems are more than a cause of frustration for healthcare employees. They make care coordination difficult and lead to lapses in care. In fact, the impact of poor communication is far reaching and affects the entire organization.

At best, communication inefficiency causes delays that increase the cost of healthcare provision. At worst, poor communication contributes to preventable medical errors, physician burnout and, in the most extreme cases, it can lead to death.

Many healthcare facilities are still heavily reliant on outdated communication technology such as pagers and fax machines. Groups of healthcare employees use different tools to communicate and, even with a growing mobile workforce, landlines are relied upon far too frequently.

TigerConnect research has shown that communication channels in hospitals are badly fragmented. 89% of hospitals are still using fax machines and 39% are still heavily reliant on pagers for communicating with certain departments, roles or, in the worst cases, organization-wide.

Even when modern communications technology is adopted, it is often implemented in silos. Physicians and nurses may be moved onto modern communications systems, but others are not. Consequently, the full benefits are not realized.

These communication problems are not only a source of frustration for healthcare employees, patients are also noticing. A Harris poll of patients conducted in August 2019 showed patients are frustrated by inefficient communication in healthcare during hospital stays, visits, and by the methods providers are using to communicate with them.

Fixing Broken Communication in Healthcare

TigerConnect will be hosting a webinar in which the extent of the communication problems in the U.S. healthcare industry will be discussed along with the problems that communication disconnects are causing.

Dr. Will O’Connor, CMIO, TigerConnect  and Jorge Jeffery, Data Scientist & Researcher, will talk about these issues and will suggest a solution that will improve communication in healthcare, increase workflow efficiency, reduce common bottlenecks that are slowing patient throughput, and how improvements in communication can ensure more patients are seen in less time and the cost of healthcare provision can be reduced.

Webinar Details:

Topic:    Fixing Broken Communications in Healthcare

Date:     Thursday December 12, 2019

Time:    1.00 PM Eastern Time / 12:00 PM Central Time / 11:00 AM Mountain Time / 10.00 AM Pacific Time

Hosts:   Dr. Will O’Connor, CMIO, TigerConnect / Jorge Jeffery, Data Scientist & Researcher

The Webinar will be followed by a Q&A session

You can sign up for the webinar here.

The post Solving the Communication Problems in Healthcare appeared first on HIPAA Journal.