Get Out of the Fog, Stay Safe in the Cloud – Part 2

Andrew H. Lee, Senior Product Managerfogblog_security_150px

You know that cloud-based solutions add greater protection from security risks, but it’s important to consider the correct criteria to be sure you select the solution that best fits your needs.   Here are five key takeaways:

  1. Password Policies –Strict password policy requirements are imperative to protect your data. For greater security, password requirements should include a minimum length, alpha-numeric character combinations, and lock-outs after failed login attempts. Be clever when setting your passwords.
  2. Time-outs when idle – Make sure your system automatically times out if you leave your system idle for more than 10 minutes.
  3. Encryption – Make sure your cloud solution encrypts the patient data. Look for encryption of at least 128 bit.
  4. Enterprise-Grade Hosting –An Enterprise-grade hosting facility such as Amazon is recommended to assure greater security.
  5. 3rd Party Audits – Find a vendor who has taken a proactive approach to security by arranging to be audited to identify areas of risk and has made the investment to secure all backdoor vulnerabilities (i.e.: PLYNT Security Testing Verification & Certification).

While there are no guarantees in protection from hackers, it is important to reduce the risks associated with maintaining patient health information. The right cloud solution can significantly reduce the risk.

Next in our cloud series, we’ll look at cloud models, so stay tuned.

Is your practice management solution living up to your needs for today and beyond? We’d like to hear from you as we shape the future of practice management.
Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Last Chance for Meaningful Use Incentives, Avoid Penalties in 2016

Avoid 2016 PenaltiesOctober 1 marks another important meaningful use deadline—especially if you missed the opportunity to begin on July 1 and avoid the 1% Medicare payment adjustment in 2015. October 1 is the last day to begin meaningful use and avoid a larger penalty—a 2% adjustment in 2016.

Additionally, if you begin by October 1 and attest by February 28, 2015, you are eligible for the remaining Medicare incentive payments—up to $24,000 over the next three years based on a percentage of your Medicare Part B billings.

Continue reading

Meaningful Use Delay Approved

gov_buildingNew rules allow you to report under the old Stage 1 rules for three months in 2014—but should you?

CMS has approved a rule that conditionally allows providers to delay implementing 2014 Edition meaningful use changes. Eligible providers (EPs) are granted flexibility in their meaningful use demonstration if:

  • Their EHR vendor did not have the software available in time;
  • They did not have enough time to install the new software; or
  • They didn’t have sufficient time to train themselves and their staff.

Under this new rule, you could attest to three months of Stage 1 under the 2013 Edition requirements in 2014—even if you were supposed to start Stage 2. You could even use 2011 Edition certified software like OfficeMate/ExamWRITER v10 to complete Stage 1 in 2014.

Should you take advantage of the delay?

Continue reading

Get out of the fog Stay safe in the cloud – Part 1

Andrew H. Lee, Senior Product Manager fogblog_security_150px

How much risk of a security breach is there in maintaining personal health records?
“A data breach on par with last year’s retail sector calamity is a possibility for the health care industry…” according to a recent article on data security by The American Optometric Association.  Unfortunately these prophecies are coming to fruition. CNNMoney has just reported a major hospital network security breach, in which 4.5 million patients’ records were stolen, leaving patients at risk for fraud and identity theft.

Clearly the risk of a security breach is real.  Paper, laptops, and thumb drives can be stolen from your practice.  Network connections can be hacked into if you do not secure your Wi-Fi Hotspot.  However can you trust your cloud vendor? You need to know what to look for in a cloud-based solution to further mitigate your risk.

Stay tuned for Part 2 of Security in the Cloud.  We’ll tell you five key factors to consider when selecting a solution to fit your needs and stay safe in the cloud.

Shape the future of practice management!
See what’s up and coming, and let us hear from you about your vision for your practice. Learn more.

 Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

On Task with Security Risk Analysis

17317DR_MU_core9_shadowCore Measure 9

It seems like every time you turn around, there’s another large security breach. The results can be devastating for not only the business that was hacked, but their customers as well. The risk isn’t limited to retailers – it exists anywhere customer information is used, accessed, or stored. With that in mind, core measure 9 was created and included in meaningful use.  As evidence of the gravitas of this goal, there are no exclusions to this measure.

We all know how important it is to protect electronic health information, and the utmost care must be exercised to protect patients’ medical records.

Defined and Deciphered
Core measure 9 seems like a simple concept, but can be deceptively complex. The goal is to protect patients’ electronic health information that was created or is maintained by certified EHR through the implementation of appropriate technical capabilities.

Per CMS, the provider must:

“…conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider’s risk management process for EPs.”

Huh? Exactly!

It seems daunting to decipher what the requirements are, much less figure out how to actually accomplish the task.  Essentially, you’re required to perform a security risk analysis to ensure that your patients’ medical records are secure, and to minimize the risk of a security breach.

The Challenge
Part of the challenge to this measure is the broad nature of the measure itself. Fulfilling the measure doesn’t rely on a simple security feature that can be enabled or disabled. Rather, practices must conduct—at least annually—a comprehensive security risk analysis in accordance with the requirements under HIPAA, and correct all identified security deficiencies.  There is a full list of security criteria that must be met and/or corrected, however, a simple checklist will not satisfy the requirements. Each of the criteria must be sufficiently documented, so that in the event of an audit, you will pass. Also, there are no exclusions allowed for this measure, and since it’s not a percentage based measure, there is no CMS reporting window to track your progress.

Success Can Be Yours
Core measure 9 is essentially the same as core measure 15 from Stage 1. If you’ve already succeeded at this measure in Stage 1, you’re well on your way to success in Stage 2. Unfortunately, because of the broad nature of the measure, it’s also one of the more difficult challenges to master. This is not a measure that can be conquered simply with your EHR system. Still, this is a measure that is attainable. Given the complexities, and myriad of factors to consider, we will take on the required tasks in Part 2 of “On Task with Security Risk Analysis.” Stay tuned.

In the meantime, if you have questions or need help with meaningful use, contact us at meaningfuluse@eyefinity.com.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Cloud Technology in a Flash

blog_stopwatchThe second installment in our series of posts about cloud technology. Now let’s look at speed and bandwidth.

by Eyefinity Senior Product Manager Andrew Lee

Better Use of Time
A cloud-based system can save you time, by removing hardware issues from your practice and providing readily accessible records, but what’s required?

The Need for Speed
Internet speed can be a significant factor. Before taking the leap to the cloud, ask providers about bandwidth requirements for their solutions. This is important when evaluating the cost of a practice management solution. If you’re required to subscribe to a very high-speed internet service, that’s a red flag. This could add hundreds of dollars every month, and suddenly what seemed like a low monthly cost for the practice management system, is drastically inflated.

We recommend a minimum of 3 Mbps (Megabits per second) download and 1.5 Mbps upload speeds. For optimal performance, you’ll want 3 – 6 Mbps, depending on the number of doctors and staff in your office.   Check your current speeds at www.speedtest.net.

Ask the Right Questions
Some practice management solutions require speeds up to 20 mbps, and have response times up to 30 seconds, so be sure to ask what’s required, and how fast the system will respond. A web-based system should respond within a couple of seconds, and an optimized system should average less than one second.

Up next, unlocking the secret to security in the cloud.

We want to hear from YOU.
With your input, the next level of practice management solutions will be everything you want and need it to be. Learn more.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Get out of the Fog About Cloud Technology

hotairballoonThis is the first in a series of posts about cloud technology

by Eyefinity Senior Product Manager Andrew Lee

There is a tremendous amount of buzz in the industry about “the cloud” and cloud-based systems. The major benefits we hear are that the cloud can help practices reduce costs and enable access to patient data from anywhere. But what does this really mean?

It’s a foggy topic, and we’re here to help clear the air. In this blog series, your peers and industry experts will explain cloud concepts in a simple way that you can understand and apply to your practice. Armed with the right information, you can make decisions with confidence.

Top 6 Questions to Ask Before Moving to the Cloud

Here are a few questions that have probably come to mind and you should consider when thinking about moving to the cloud:

  1. Is it secure?
  2. Is it fast enough for my staff?
  3. What’s the difference? Hosted? SaaS? Web app? Native app?
  4. What’s the return on my investment? And, what’s the cost savings?
  5. How do cloud solutions change my workflow in the practice?
  6. How can I be liberated to run my business efficiently and effectively?

So, what exactly IS “the cloud”?

Simply paraphrased and taken from the U.S. Department of Commerce:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of resources (e.g., networks, servers, storage, applications, and services) that you can quickly and easily update and push to your device, whether it’s a desktop computer, laptop, tablet, or smart phone.

Then you may ask, “Hmmm, which cloud model is best for me and my practice?”

It’s all about YOU. Unlike software that you need to install from a disc or software you download to your server, the basic premise of the cloud is that YOU can access it anytime, anywhere, and from any device.

The beauty is no one needs to come to your office and install the software. You can access it from a web browser. It’s like accessing water from your faucet, on-demand, anytime.

But is it secure and fast? Stay tuned for the next blog in this series.

Did you know that you can help to shape the future of practice management in the cloud? With your input, the next level of practice management solutions will be everything you want and need it to be.

Learn more.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Follow

Get every new post delivered to your Inbox.

Join 75 other followers