Posts By: Beth Osborne

6 Healthcare Data Archiving Best Practices

Posted by & filed under Healthcare.

The digitization of the healthcare industry ushered in a new era. Paper was no longer the lone way to manage patient records. While the use of EHRs and pharmacy management systems reduced the paper, the amount of data exploded. To manage all this and remain compliant with HIPAA and record retention laws, healthcare data archiving has become a go-to for organizations.

The practice offers many benefits for healthcare entities. You can retire legacy systems, which reduces costs. Such a system also makes the information easily accessible for audits or requests. Further, it lives in the cloud, so it’s not on a physical on-site server. You can enjoy all these benefits with many different solutions, but there are some best practices to keep in mind. 

Healthcare Data Archiving Best Practices

Before you choose a platform or devise an archiving strategy, consider these best practices.

Ensure You’re Compliant with Record Retention Regulations

Do you know how long you must retain records? The statute varies by state. In most cases, it’s 10 years, but some states like Massachusetts and Oregon require lengthier periods. Compliance with this doesn’t just mean you have the records somewhere. They need to be in a storage system that protects the protected health information (PHI). Be sure that the digital archiving service you choose does that.

Have a Backup 

Back up everything! That’s the mantra that every organization understands in a digital world where ransomware attacks happen regularly. If hackers were to seize your archive, the backup would be your failsafe. (Check out this story of an organization losing their patient data archive.) Be sure your provider backs up all your data in the cloud. 

Select an Option that Can Handle All File Types

Healthcare data archiving includes more than documents. You likely have lots of images as well or other formats. When you transfer your records to an archive, it won’t be suitable if it can only accept a limited number of file types. Go over the types of files you have and get assurance the system can handle them.

Seek Out a System with User Level Permissions

You may have multiple locations and lots of different users. However, you may not want all to have the same permission levels. Thus, you’ll need an archiving solution that lets you manage who has access and what kind of access.

Be Sure About Security

Healthcare data is very attractive to hackers. You need a robust system that goes beyond standard cybersecurity methods. Inquire about encryption. You’ll want to know that it’s in use when data is in transit and at rest. Further, you should discuss their co-location partner and the security protocols they have in place, both digitally and physically.

Find a Platform That’s Intuitive 

You don’t need a complex system to handle your archive. If it’s going to require hours of training, adoption will be low and frustration high. Instead, you’ll prefer a web-based, easy to use interface that anyone can figure out in a few minutes. Features like search and filtering should be simple to use, as well. 

Healthcare Data Archiving with ViewMaster

Healthcare data archiving doesn’t have to be cumbersome or expensive. Our system, ViewMaster, has all the features you need with all the security you expect. See how it works today by watching our video

Healthcare Ransomware Attack of Mailing Service Exposes Over 20,000 Records

Posted by & filed under Healthcare, Regulatory News.

healthcare ransomware

Healthcare entities have a regulatory obligation to protect protected health information (PHI). Compliance also extends to healthcare partners that handle PHI. Unfortunately, cybercriminals are targeting these partners as well as healthcare organizations. A recent healthcare ransomware attack exposed over 20,000 patient records. The hackers seized a mailing service provider’s data using Ryuk ransomware. On January 19, 2021, the company published a press release on the incident

What Happened?

In May 2019, hackers infected the mailing service provider’s servers with Ryuk ransomware. Ryuk is the work of an eCrime group know as Wizard Spider. Hackers designed it to infiltrate enterprise environments. It works by identifying and encrypting network drives and resources. It also disables the backups. The primary method of infection is through phishing attempts. Emails include an infected document. Upon opening it, the hackers are in and begin to collect admin credentials and move critical assets.     

The mail printing service received a ransom request from hackers. They demanded money to unlock the servers. Any data on the servers was now unusable. The company did not pay the ransom. They also said they didn’t find evidence of access to customer files. However, they cannot with full certainty say there was not a breach, hence the notification to patients.

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) did investigate to determine if there were any HIPAA violations. The OCR announced there were no violations and closed the case. 

Healthcare Ransomware Attack Puts Lens on Business Associates

When any security breach occurs, there are always lessons to learn. The importance of this case is that it wasn’t the healthcare organization attacked—it was a business associate. Any relationships between healthcare entities and vendors that involve PHI access require a HIPAA business associate agreement (BAA).

This agreement means that the vendor will follow HIPAA compliance in handling sensitive information and safeguarding it. That’s a minimum, but you should go beyond that when you choose vendors. Ask these questions:

  • What are your encryption methods? 
  • Do you encrypt at both rest and transit?
  • Does your staff participate in annual HIPAA compliance training?
  • Have you ever had a breach?
  • Do you backup all data?
  • Who is your data center partner?

You should make these questions part of your process of selecting partners. 

What Answers Should You Expect?

With these questions, there are right and wrong answers. Encryption will be a big part, especially confirming that encryption occurs at transit and rest. You also need to have a feel for their cybersecurity posture. What proactive measures do they have in place to thwart, identify, and defend against cyberattacks?

Hackers are only becoming more sophisticated. These layers of security are really going to happen on the data center and cloud side. That’s where the data is, so you need to get the specifics on their co-location partner. 

Further, backups and redundancy are critical. In many healthcare ransomware incidents, organizations lose data forever if victims don’t pay. Last year, this happened to a Colorado hospital, wiping out five years of patient medical records on their legacy EHR. 

A Secure, Compliant Partner for Healthcare

We never like to report on breaches and ransomware. Unfortunately, these things occur in abundance, and the healthcare industry is a top target. We are proud to say we’ve never experienced a breach. Nor have we ever violated HIPAA standards. After over two decades and tens of thousands of healthcare data projects, we understand what it means to be secure and compliant.

Learn more about our data security and HIPAA compliance protocols. 

Pharmacy Analytics Trends and Insights

Posted by & filed under Pharmacy.

pharmacy analytics

Pharmacy analytics can be a powerful tool for the industry. The world of big data is only growing, and by leveraging it, pharmacies can make better decisions. They can also play a role in drug shortages. As pharmacies begin their critical role in COVID-19 vaccinations, pharmacy analytics could also serve the public health. 

In looking at pharmacy analytics trends, here are some key trends and insights that should be top of mind for the industry.

Drug Shortages

The pharmacy industry was facing challenges with drug shortages and supply chains. The pandemic exasperated these even further. There was a higher demand for some drugs that were possible treatments for the virus. At the same time, shutdowns all over the country impacted every supply chain.

Data can help. First, it can identify potential shortages faster when you combine historical data with AI or other tools to model future supply. Data analysts can then proactively determine shortage risk. 

Medication Adherence

Medication non-adherence costs the healthcare system millions every year. There are many reasons patients don’t take their medications, many related to SDOH (social determinants of health). Consumers may have concerns over copays or access. Pharmacy analytics could flag these patients. Then health plans, especially ones associated with Medicare Advantage, could create outreach programs to help these patients. 

For example, in partnership with the pharmacy, the plan could advise the patient of delivery or curbside pickup services. Small steps like these could keep people healthier and reduce strains on the healthcare system. 

Risk Detection of Questionable Drug Use

The country is still fighting an opioid epidemic. There are also many other categories of drugs for misuse—those prescribed for anxiety, ADHD, and sleep, to name a few. Analysis of a pharmacy’s user base, inclusive of all locations, is an effective tool in flagging possible drug misuse. 

Overprescribing is still rampant. Two recent settlements by the Department of Justice (DOJ) highlight this. 

First, Reckitt Benckiser Group agreed to pay $1.4 billion to settle claims it promoted an opioid addiction treatment, Suboxone, to physicians they knew were indiscriminately writing prescriptions for it. Further, the DOJ accused the company of using its “Here to Help” program to not help addicts but connected them with doctors who prescribed their drug.

Another case involved Avanir Pharmaceuticals. They settled a kickback case for $108 million. The DOJ allegations consist of the company incentivizing practitioners to prescribe their drug Nuedexta for conditions like dementia, although it was not an approved use.

Pharmacy analytics could be critical in alerting regulators and organizations to abuses by both patients and prescribers. 

Store Performance

Another use of analytics for pharmacies is to measure their own performance. By looking at real-time data, you could compare month-over-month or year-over-year. It could provide you with insights on patterns around growth or decline. Data points of interest may include script performance, Rx sales, patient demographics, prescribers, payers, and more. 

With a business intelligence tool, your decision-making will be data-driven. It could help improve profitability and reduce patient churn. 

COVID-19 

Pharmacy is playing a pivotal part in testing and vaccinations. All pharmacies are submitting data to government agencies in some form. These pharmacy analytics are critical to understanding infection patterns and inoculation rates. There have been challenges with COVID-19 data aggregation and interoperability. Data from pharmacies could improve the process.

Pharmacy Analytics Can Impact Care

These use cases for analytics all have an undercurrent—they can improve patient care in this country. Prescriptions are a vital part of the healthcare ecosystem. The data from pharmacies has the potential to impact care, public health, and overall decision-making.

If you enjoyed this post, please keep coming back by subscribing to our blog!