Viewfinity is helping numerous healthcare organizations meet the eligibility requirements for Meaningful EHR Use credits.  A key initiative is helping the organizations move to a least privilege environment. This fundamental layer of protection offered by locking down desktops protects the privacy and security of patient data in the EHR and guards medical institutions from unwanted security breaches.  Read on or go directly to our website to learn more about how a least privileges environment is a key step in meeting the objective noted above to be eligible for meaningful use credits.

About Meaningful Use:  This is a great site that explains all you need to know about how the Stimulus bill includes a component which provides over $30 billion in rewards for American doctors to bring electronic health records into their practices and use them to improve the health of their patients.  “On February 13th, 2009 the U.S. Congress passed American Recovery and Reinvestment Act (also known as the “Stimulus Bill), sending hundreds of billions of dollars of federal funding to lift our economy. A central component of the bill is over $30 billion in rewards for American doctors to bring electronic health records into their practices and use them to improve the health of their patients. As President Obama signed the bill into law, he declared it to be, "the most meaningful step in years towards modernizing our health care system."

The IT security element associated with Viewfinity that applies to the core set of 15 MU eligibility requirements is as follows:

• Objective: Implement systems to protect privacy and security of patient data in EHR
• Measurement: Conduct or review a security risk analysis, implement security updates as necessary, and correct identified security deficiencies

In a recent article by Howard Anderson of Health Info Security, Howard brings forth an argument by an attorney, Jim Pyles, that if breaches and their high costs are not brought under control, then an “insurance crisis” is likely to be a result.

Does your healthcare organization really want to deal with the high cleanup costs after a security breach? What about the reputation disasters that is not far behind? If these weren’t enough reasons for your organization to start thinking about how to prevent breaches, then what if the insurance industry decides to not insure your organization or drastically increase the coverage costs due to the rising costs and frequencies of security breaches within the healthcare industry? It would be impossible to operate without insurance coverage, never mind an affordable one. 

Protecting patient data is the responsibility of the healthcare organization.  Taking proactive measures by implementing a solution or solutions with security policies and procedures to support the technology is a good step in the right direction.  Reviewing your organization’s privacy and security policies and the nature in which they are handled is critical because there may be some changes that are needed to further mitigate the risk of a breach.  It is up to your organization to take action to further assess what technologies, policies, and procedures will help to prevent a security breach, all while complying with the HIPAA and HITECH Act mandates.  You will be protecting your bottom line as well as your most valuable asset, the patient.

“Security gaps leave patient records exposed,” reported Ricardo Alonso-Zaldivar of Associated Press.

In the article, the inspector General of the Health and Human Services released two reports that find that the drive to connect hospitals and doctors so they can share patient data electronically is being layered on a system that already has glaring privacy problems. Connecting it up could open new pathways for hackers.  This report resulted from an audit performed by the Government of seven hospitals that resulted in a staggering 151 security vulnerability weaknesses.

“The list of vulnerabilities read like a road map for hackers,” said Ricardo Alonso-Zaldivar.  Some of the vulnerabilities include inadequate password requirements, computers that did not automatically log off inactive users, unencrypted laptops that contained patient data, problems with wireless access that included the inability to detect unauthorized intrusion, lack of continuous monitoring, and even the absence of a firewall separating wireless from other internal networks.  A very common problem amongst the seven hospitals was the slow updating of their computer software to defeat known security bugs.

The full article can be read at: http://on.msnbc.com/lK4by2

The seriousness of protecting online records has come to light in recent reports such as the two released by the inspector General of the Health and Human Services.  Why would anyone want to get a hold of patient data? Just like any other record out there, there is valuable information such as names, date of birth, address, and social security numbers.  This information makes it possible for any hacker to steal a patient’s identity and expose sensitive information.

Implementing best practices through multiple layers of security protection helps to protect online records.  One such practices is to implement a least privileges environment, where administrator rights are removed from the end users, and policies and application level processes are managed using a privilege management solution. Viewfinity Privilege Management has helped EagleMed LLC manage administrator rights at the endpoint – for both in-house PCs and mobile laptops.  EagleMed LLC takes protecting patient data seriously.  According to Ryan Kane, Systems Engineer for EagleMed LLC, “The bigger gain was the ability to lock down our PCs and use Viewfinity Privilege Management to manage administrator rights. By locking down the machines, we prevent the sharing of patient data and we’re also mitigating the security risks introduced through malware.  This will have a very positive impact with the auditors. From an IT perspective, staff now only has access to do what they’re required to do.”

Read the full EagleMed Case Study.