Posts By: Beth Osborne

What Is ViewMaster?

Posted by & filed under Healthcare, Pharmacy.

what is viewmaster

Record retention isn’t an option in healthcare. There are many regulations in place that define how many years of patient data you must retain. However, the process you are using now may be inefficient and at risk of a breach. Meeting regulations and compliance factors must be balanced with ease of access. To eliminate challenges, we created ViewMaster, a web-based transaction viewing tool.

Why You Should Archive

If you currently still have a legacy system in use to satisfy record retention policies, then you certainly have pain points. Searching through an old system isn’t easy and can be time-consuming. Should you be faced with an audit by a regulatory board, it may take you a substantial amount of time to create a report.

Further, patient information may be at risk for a breach. That’s because legacy systems may no longer be receiving updates, which can make them vulnerable. The other big issue with keeping old platforms in place is the cost. Even if you no longer use it, you’re probably paying a monthly fee.

You can search fast, create reports, and ensure the security of your data with ViewMaster. This system allows you to archive data, images, and documents.

How Does Archiving Work?

viewmaster search

Typically, pharmacies or healthcare organizations choose to archive when they move from one software system to another. They decide not to carry over all their data to the new system, which is usually 18 months to two years of data. However, they still need to retain other documents for 10 years at a minimum.

They choose to archive so that their data conversion is smoother and less complicated. Our solution allows users to log into the system for any web browser and immediately search and filter as necessary. 

In an archiving project, our team receives the data, documents, and images from your current system then digitizes each of them. You can store numerous image types. This includes critical images like signatures of patients acknowledging they picked up their prescriptions and did or did not request a consultation with the pharmacist.

More ViewMaster Benefits

One of the things pharmacies and healthcare love about the platform is that it’s a one-time charge. There are no monthly fees! Organizations don’t have to worry about compliance, as the tool meets HIPAA and HITRUST regulations with encrypted and secure data.

With ViewMaster, you can satisfy all the requirements for record retention and reporting from entities such as the Board of Pharmacy, CMS, DEA, and more. It’s a true turnkey solution to the challenges of meeting requirements while also maintaining security and privacy.

It’s super simple to use as well. Your staff can use it in minutes. It has an intuitive user interface, so you can find what you need in minutes. If you have multiple locations, you can search across them. You can also set up specific user permissions so that each individual can also see what is pertinent to them.

It’s time to ditch legacy systems and archive. Get started by requesting a five-minute demo of ViewMaster.

Social Media and HIPAA: How to Be Smart in the Digital World and Remain Compliant

Posted by & filed under Healthcare.

social media and hipaa

HIPAA was passed long before the launch of social media networks. In fact, HIPAA, passed in 1996, preceded the digital world. However, social media and HIPAA have now become a real concern in the 21st century with HIPAA updating its policies on the subject. There are many benefits to leveraging these sites for healthcare, but it comes with a warning. Many healthcare providers have been the subject of fines and violations due to noncompliant social media activities.  

The First Rule of HIPAA and Social Media

social media HIPAA

Rule number one: don’t post protected health information (PHI) on social media! The HIPAA privacy rule prohibits the use of PHI on any social media profile for any reason. This includes text and images. The only exception is if you have written permission from the patient to do so. For example, many providers include testimonials or case studies around a specific patient’s journey. This type of content can be very compelling, but, of course, requires patient authorization.

As providers, patients, and other stakeholders navigate the modern digital world; it’s often a murky area of what’s legal and what’s not. That’s why every healthcare organization should have documented rules about social media. Social media is not the channel to discuss PHI or even respond to questions or reviews with any snippet of PHI.

While it’s certainly human nature to want to respond on social media, the approach must be compliant and careful. In these types of channels, providers may feel helpless, as consumers basically have free reign to review the provider. However, the provider doesn’t have that same luxury.

Such a case occurred this year in which a dental practice responded to a Yelp review and allegedly disclosed PHI. The settled the dispute with OCR for a $10,000 fine. OCR found that the organization had actually violated HIPAA on several occasions.

How Providers Can Respond Compliantly on Social Media

Providers do have options when responding on social media. But they must always be HIPAA compliant. Here are some ways to craft compliant responses:

  • Respond in general terms with a standard response: while many other companies reply with specificity, that’s a no-go here
  • Reach out to the patient directly rather than responding on social media
  • Draft a response that says you’ll be in touch with them to discuss their concerns (with this approach, you are telling others that you are aware of the situation but will handle it offline)

Responses like these should be documented in your social media training for staff. Training on social media and HIPAA should occur before the employee comes on board and be further supported with refresher training.

What Are the Most Common Social Media HIPAA Violations?

Along with responding to patient posts or reviews, several other violations have been repeat offenders, including:

  • Posting of images or video of patients without approval
  • Gossiping about patients
  • Using any type of information that could lead to a patient’s identification
  • Sharing images within a healthcare organization where PHI is visible (i.e., don’t take a picture of a physician at his desk while there are patient files there!)
  • Distributing any content about patients within a social media private group (it may be private, but it’s still not compliant)

HIPAA Social Media Guidelines

Your organization should have HIPAA social media guidelines. Here are some ideas on what to include:

  • Ensure awareness with HIPAA compliance and social media through consistent training
  • Provide examples to staff on what would be a compliant type of post
  • Communicate to staff the consequences of HIPAA noncompliance
  • Review and update policies annually based on new rules, regulations, and usage
  • Make sure that company and personal profiles are separate
  • Maintain a record of social media posts in the event of an audit
  • Encourage staff to report any possible violations
  • Moderate all comments on platforms
  • Include social media in your risk assessments

While there are many constraints with social media, the healthcare industry shouldn’t just abandon it. Social media is a way for you to provide critical information, share industry news, and promote patient stories (with approval). You just have to balance your social media engagement strategy with remaining HIPAA compliant.

Healthcare Data Breaches Will Cost Sector $4B in 2019

Posted by & filed under Healthcare.

healthcare data breaches 4B

Healthcare is a massive target for cybercriminals. Hackers are clearly outpacing the technology innovation of provider organizations. Healthcare data breaches, according to a Black Book Market Research survey, will cost $4 billion in 2019. That’s billion with a B.

The survey included over 2,800 security professionals from 733 providers. The intent was to identify gaps, risks, and vulnerabilities that are inhibiting the healthcare industry in making strides to combat breaches. About 96% of experts surveyed believe cybercriminals are ahead of their ability to defend against them.

These eye-opening stats reinforce the need for healthcare to be more proactive in cybersecurity. The number of attacks is only increasing, as 93% of healthcare organizations have experienced one in the last three years. About one in 10 healthcare consumers has had their data stolen.  

Why Is Healthcare Still Struggling with Data Breaches?

healthcare data breaches struggle

Since it seems that healthcare data breaches won’t be waning, it’s time to address the real struggle. Much of it comes down to budget constraints. Black Book identified that 90% of respondents said their IT security budgets have remained relatively flat since 2016.

With competing priorities and every department fighting for funding, healthcare organizations find it difficult to invest in something that doesn’t generate revenue. However, the consequence of not investing puts them at a significant risk. This risk is quantifiable, as well. Most cyberattack recovery for healthcare breaches is, on average, $3.92 million. That number can easily rise depending on the type of breach and patients impacted.

Without budget evolution in healthcare, the focus on how to protect healthcare IT isn’t clear. They don’t have historical data. There are emerging technologies like AI. And, some of the buyers in healthcare organizations aren’t performing a true due diligence. That’s because a majority of hospitals don’t have a security executive on staff. Without expertise to make crucial decisions, cybersecurity won’t be as impactful.

Instead of managing cybersecurity internally, many in the healthcare sector are outsourcing this function. This approach can reduce costs and ensure that the latest cybersecurity tools are in place for defense mode.

Healthcare and Technology: Not Exactly the Odd Couple

Healthcare has a unique relationship with technology. It’s been able to boost outcomes, improve patient care, and deliver insights based on big data collection. But it has also created new risks, as healthcare data requires protection and compliance with HIPAA. Where these two sides converge is right now a space of vulnerability.

The future of healthcare cybersecurity must outpace what cybercriminals can do. Otherwise, the cost of risk becomes greater than the desire for profitability. When an organization hits this point, larger budgets for security could become a reality. However, healthcare should make careful investments and not be overly influenced by the immediacy that cybersecurity presents. Being strategic and proactive in cybersecurity is the optimal path to decreasing cyber attacks and healthcare data breaches.