Different factors may necessitate a cosmetic dental procedure. That given, various methods, too, are used to achieve the desired dental appearance. The processes may be undertaken voluntarily or may be as a result of reasons beyond one’s control. Whatever the reason may be, well-respected cosmetic dental clinics Macleod Trail Dental in Calgary has all the know-how and solutions. Their highly trained dentists ensure their clients attain a beautiful and perfect general appearance of the mouth, teeth, and smile. One need not be embarrassed anymore about the deformity of the mouth, teeth, or smile that may be because of:
Accidents
Accidents
could range from serious road carnages to bar brawls and fights. Such accidents
leave the dental structure disfigured to a varying degree, depending on the
impact of the force applied to the mouth. It could lead to a dislocated jaw
bone or just a missing tooth or two.
Whichever
the case, this would mean your teeth and facial appearance aren’t as they were
before. This could also mean difficulty in taking food or a broken, ugly smile.
We need
food and drinks to sustain our body functions and to unwind. However, the
downside of some foods such as blackberries and cherries is that over time,
they cause tooth discoloration. Drinks, too, such as wine and coffee, cause
stained teeth, and so are habits such as smoking.
Though we
can’t abstain from such foods, drinks, and habits, through teeth whitening
procedure, their side effects on the color of the teeth are minimized.
The teeth can, as a result, regain their white color or the shade of white one desires regardless of the food or drink or habit one takes on. One is at least still assured of the benefits of a pearly white smile when one decides to flash one, thanks to teeth whitening.
Birth Defects
Genetics,
together with environmental factors, can result in congenital disabilities such
as cleft lips or cleft palates. Such congenital disabilities not only cause
difficulty in feeding and speech, but also cause dental problems when the cleft
extends to the upper gum, which results in inhibition of tooth development in
the newborn.
However, cleft lips and cleft palates, through a combination of cosmetic dentistry procedures, are easily rectifiable. Through the processes, the general facial appearances and dental functions of the child are significantly improved. Children born with such congenital disability can thus lead a happy, healthy life just like the rest of the children.
Age
Even
though they say old is gold, with old age comes numerous dental challenges that
if not properly taken care of, can remove the gold in old age and replace it
with pain and suffering.
These
dental challenges include weakening of gums leading to falling off of teeth,
damaged enamel, crooked teeth, and other dental cosmetic problems easily solved
through dental veneers.
If you’re in the body-hacking sphere, you’ll surely have
heard people talking about noopept at this point. But then, what exactly is
noopept, and why do people seem to like it so much?
Noopept has a history dating back to 1996, and it has actually been used for some time in Russia as a treatment for age-related cognitive decline. One particular reason why so many people are looking to noopept for its many benefits is that it’s thought to be around 1,000 times more potent than piracetam by weight. Out of all of the current nootropics currently in circulation, it’s one of the more popular nootropics, next to the racetam family.
What does noopept do, precisely?
How noopept works
When an individual takes noopept, reactions occur within the
brain that improves alpha brain wave function. Not sure what that means? Well,
when alpha brain wave function is heightened, people are much more likely to be
able to commit information to memory, recall earlier information they’ve
learned, as well as understand more complex problems and better seek out a
solution.
Also, when someone takes noopept, there’s an increase of
tonic inhibition within the hippocampus, which contributes to increased
feelings of well-being, a reduction in stress, as well as reduced anxiety.
Noopept is also thought to increase various
acetylcholine-dependent processes in the brain, so you’ll notice that many
noopept supplements have some choline bundled in. Take, for example, the noopept
described here: https://www.zachattacksupplements.com/buy-noopept-30mg-choline-50mg-combo-100-capsules/.
The reason for this is it’s thought that the body can more readily make use of
choline after noopept has been consumed.
Are there any side effects?
Surprisingly enough for a chemical that has such significant
cognitive effects, the side effects reported from those who take noopept are
minor, if they appear at all. Some people do, however, report side effects like
irritability, nausea, or insomnia, if taken too close to bedtime.
These side effects are commonly reported by frequent users
of the substance on various public forums, but any study that has taken people
who haven’t used noopept before hasn’t stated any side effects whatsoever,
making it extremely likely that if noopept is used sparingly, there would be an
extremely low chance of encountering any side effects.
It would appear that noopept is extremely tolerated by the
vast majority of people who consume it.
Conclusion
The sciences associated with brain-hacking and the optimization of human functioning are all still in their infancy. Despite the relatively low amount of concrete knowledge, noopept has shown time and time again to be an extremely well-tolerated nootropic with very quantifiable and measurable benefits. Noopept is safe, inexpensive, and most importantly, quite effective.
For many people, noopept is the starting point on their nootropics journey as it’s one of the fastest acting nootropics currently available. Who knows, in the next coming years, noopept might be commonly taken by people at large to keep them at peak mental fitness. Either way, noopept has firmly created a spot for itself in the world of brain-enhancing chemicals.
By Hants Williams, director of clinical operations, VirtualHealth.
Hants Williams (Photo by Marcela Nowak)
The buzz around social determinants of health (SDoH) is making waves across the healthcare industry. Linked to roughly 80 percent of overall health, stakeholders are increasingly embracing the opportunity of addressing SDoH in care management workflows.
SDoH are defined by Healthy People 2020 as the “conditions in the environments in which people are born, live, learn, work, play, worship, and age that affect a wide range of health, functioning and quality-of-life outcomes and risks.” Essentially, these elements encompass the non-clinical factors that can promote or hinder a patient’s ability to fully comply with care plans.
Transportation sits at the heart of current SDoH initiatives as a fundamental prerequisite to optimal care. Simply put, if patients cannot pick up their medications or get to appointments, a provider’s ability to impact their patient’s health is minimized. Consider, for example, a recent Connance survey that links 50 percent of re-admissions to factors such as transportation and home instability risk.
In the era of value-based care, the simple act of helping patients access transportation can notably improve the outlook on clinical outcomes and costs. For instance, medication adherence is a focal point of industry efforts to improve clinical outcomes, but if a patient cannot access transportation to pick up needed drugs, the potential for improvement is minimized.
Access to transportation is low-hanging fruit in terms of performance improvement, and providers must get ahead of the transportation challenge to implement successful, sustainable population health strategies. It’s also why forward-looking organizations are addressing this critical element of SDoH by equipping care managers with tools that speed identification of transportation needs and available services.
Understanding the Challenge; Recognizing the Opportunity
Industry statistics reveal that the transportation challenge is significant and is expected to compound in the coming years. Estimates point to 3.6 million Americans missing or delaying medical care because of an inability to get to their appointments.
Understandably, the transportation issue is exacerbated in low-income and elderly populations as well as rural regions where public transportation is scarce. Many patients simply lack the disposable income needed to maintain a reliable source of transportation. In terms of elderly populations or those with disabilities, physical or mental conditions that eliminate or significantly restrict driving as an option create additional challenges.
The current and coming transportation challenge is sizeable and will require significant resources. Fortunately, the business case for improving the outlook is an easy one to make: A recent study examining non-emergency transportation costs in Florida found that if a mere 1 percent of medical trips resulted in the avoidance of an emergency room visit, the state could save up to $11 for each dollar spent.
Advancing Transportation Strategies
Providers and payers alike are increasingly turning to tools that help identify SDoH needs like transportation in near real-time, allowing care managers to proactively seek out community resources that can help. For example, one state-run managed Medicaid program deployed a care management platform that allows clinical teams to access pre-approved community services and schedule transportation appointments immediately once needs are identified.
With the help of customized algorithms and advanced artificial intelligence tools, drivers can be deployed to patients’ homes in anticipation of needs rather than finding out after the fact that appointments were missed, or medications were not picked up. The efficiency of the analytics platform is critical to changing the dynamic as clinical teams would otherwise be tasked with combing through millions of line items in patient records to identify potential needs.
Advanced solutions allow users to easily monitor transportation requests across all patients or drill down into a single case to manage unique details of each trip, such as advanced authorizations or ensuring the appropriate vehicle has been scheduled to accommodate assistive devices, child seats and companions. Care managers improve efficiency by scheduling recurring trips and tracking specific patient requests or preferences, which can be shared with the transportation vendor and other care coordinators.
Leveraging the transportation functionality, the state-run Medicaid program completed nearly 24,000 transportation entries in 2018. Through advanced analysis, it was able to forecast usage trends across months, time of day and geography to help its clients optimize operations and predict transportation expenditures. For example, the organization can determine which patients are frequent transportation users, which can alert care managers to book multiple provider appointments at once to reduce costs versus on separate days.
Personalized care management and coordination is part of the healthcare industry’s overarching goal of cultivating healthier communities. SDoH indicators such as transportation are critical to these efforts. Forward-thinking organizations are taking hold of the opportunity to improve care management by investing in infrastructures that support greater access to transportation.
At this point, most of us in health care have read similar statistics about why we need to do more to address social determinants of health (SDoH) — the conditions in which people are born, grow, live, work and age, and how those factors impact individuals’ health — to improve patient outcomes. These conditions and their resulting social needs include, but are not limited to, a person’s equitable access to nutrition, housing, transportation, education, and employment opportunities.
Time is of the essence to tackle some of these social determinants, especially when coupled with the rapidly shifting patient demographic, sometimes called the “silver tsunami.”
Payer
SDoH studies in no short supply
It
seems everyone is in a race to figure out what SDoH approach will move the
needle toward lower risk for their patient populations. But payers, in
particular, have taken on a hefty amount of the leg work needed with social
determinant “barriers to care” studies, because they are generally the most
financially accountable, from a population health analytics perspective, to
remove them.
Recent news about of these payer SDoH pilot programs and research studies have
been both interesting and useful across the care continuum, a summary of which
include:
WellCare, which provides managed care plans for more than 4.4 million Americans, ran a pilot program on more than 33,000 patients, referring them to more than 100,000 community-based social services programs, and was able to reduce inpatient spending by 53 percent, outpatient spending by 23 percent, and emergency spending by 26 percent.
In its Bold Goal 2019 Progress Report, Humana focused on patients in specific lines of business, including their Medicare Advantage program, where 91 percent of seniors who have at least one chronic condition. They enacted the Centers for Disease Control and Prevention’s “Healthy Days” self-reporting method of measuring healthy vs. unhealthy days and have also screened half a million people for SDoH since 2018, with the goal to screen one million by 2019. Humana notes that these social barriers are “deeply personal,” which requires closer partnership to track and measure population health.
Blue Cross is already instituting food, nutrition, and housing services as part of some of its plans. But it also recently announced an investment of $40 million with Solera Health, to address both mental health and SDoH matters, including “food insecurity, medically tailored meals, transportation, falls prevention and social isolation” with lifestyle modification programs such as diabetes or management, and tobacco cessation programs.
A study by the Anthem Public Policy Institute says individuals and the public (researchers and journalists) perceive SDoH differently. Individuals tend to lead with concerns about the health care “system,” whether they can find the right provider, followed by whether they have adequate “social support.” The public tends to “frame health outcomes through the lens of structural factors like education and income level perhaps, in part, because these factors are easier to measure.”
UnitedHealthcare and the American Medical Association partnered to expand the existing ICD-10 diagnostic codes being used to identify social and economic barriers to care. This adds 23 more codes to that list, some of which would “indicate a patient’s inability to pay for prescriptions, inadequate social interaction, or fears about losing housing.”
Existing
workflows provide best locale for SDoH communication
Despite all of the
various innovative steps being taken to bring SDoH to the forefront, we know
that most patients still aren’t
talking about SDoH concerns with their physicians. There are many reasons why, but one
logical solution to bolster SDoH communication between physicians and patients
is to incorporate, at minimum, the ability to identify social needs where they
are already doing business — in these EHR, CRM, and other third-party
platforms.
As is evidenced by the siloed health IT data systems that have for too long
crippled the health care industry’s transparency and ROI, we know that simply
identifying social barriers to care is not enough. Within the designated
“source of truth” that is most responsible for driving patient engagement,
whether that is an EHR, CRM, or other platform, we need to build — or integrate
— expanded capabilities for SDoH identification, referrals, and tracking each
throughout the continuum of care to close the gaps that currently exist.
That is not to say that physicians must now wear yet another hat — that of a
social worker or a social services case manager. But being asked to solve SDoH
from the current physician’s workflow perspective, without integrating SDoH
into the patient record, is basically saying to physicians:
“Improve clinical outcomes. But first, you must identify non-clinical data, be
responsible for referrals to improve these individual circumstances, and track
each of those referrals’ progress, all in different platforms, and none of
which talk to one another.”
This is not setting our patients or their physicians up for success.
The idea of a standardized SDoH screening mechanism within the EHR has been
endorsed by the National Academy of Medicine, the Medicare Access and
Children’s Health Information Program Reauthorization Act of 2015, the 2016
Centers for Medicare and Medicaid Services’ Quality Strategy, and several other
organizations, as released in an Annals of Family Medicine study. But unfortunately, in this
first U.S. study of its kind to address feasibility, “little is (currently)
known about how to capture and present (SDoH) information in community health
centers’ EHRs.” Nor did the study conclude how to integrate EHR-based
documentation needs into community health centers’ existing workflows.
The main barriers cited in the Annals’ study were that EHR-based SDoH tools:
(1) Create a too-fragmented view of the patient, with relevant data in too many
disparate locations
(2) Might add a layer of difficulty to obtain and act on SDoH data
(3) If SDoH patient information has been acquired on paper, that requires yet
another dual, manual data entry problem when “referral workflows were (already)
seen as too time-consuming, especially when no follow-up was planned,”
resulting in “an unmanageable follow-up workload.”
To date, the EHR has done a good job of serving most of the goals to take our
country’s health records digital. But it is also safe to say that the EHR, in
and of itself, cannot be all things to all persons working in health care. In
addition to the major enterprise EHR systems, there is a proliferation of
specialty, industry-specific EHRs, which may or may not have separate CRM
platforms, not to mention all of the other third-party, various other platforms
you can see within any one given practice, such as separate billing and
referral management types of platforms. There is a reason that
“interoperability” among all of these disparate health care data systems has
become another hot topic for the industry.
To yield maximum value for our customers, integrating SDoH data is
best-approached from a workflows perspective — not just connecting disparate
data systems for the sake of “more data,” but to make caregivers’ lives easier,
and to create actionable data that enable better business decisions. And
we already know that one of the easiest ways to improve efficiency for health
care organizations is to remove dual, manual entry between EHR, CRM, and other
third-party platforms that hold patient data — these are the first and most
valid case studies of how to improve organizational efficiency while bolstering
patient care.
There has been a flurry of innovative partnerships and technological
improvements to address SDoH, all of which should ultimately be supported by
policy changes — each of these as prevailing themes at trade shows and
conferences in recent years, such as the America’s Health Insurance
Plans’ (AHIP) annual conference, held recently in Nashville. Meanwhile, we look forward to
participating in more discussions about how those of us in health IT can do our
part — bridging SDoH informational and communication gaps between physicians
and patients. This could include integrating non-clinical SDoH concerns into
the patient’s clinical record, in and out of these platforms, establishing
standards for capturing SDoH to make data-sharing easier, and even incorporating social
services databases for more streamlined SDoH-specific “referral management.”
We talk a lot about how to achieve interoperability in health care, with all of
its disparate data systems, and SDoH is another compelling and recent reason
why we must accelerate these solutions, which would ultimately benefit health
care and all of its stakeholders — patients, physicians, payers, and everyone
in between.
By Chris Goettl, director of product management, security, Ivanti.
Chris Goettl
The first months of 2019 have
seen a record number of reported security vulnerabilities. But potentially the riskiest,
is BlueKeep. BlueKeep is a vulnerability (CVE-2019-0708) that affects Windows
7, Windows XP, Server 2003, 2008 and 2008 R2, which many feel will be exploited
soon.
The concern has been so great
that Microsoft has issued public updates, even for the no-longer-supported XP
and Server 2003 operating systems, and has been very active in issuing warnings
to apply the fixes right away. Some may even say that Microsoft has been
uncharacteristically begging everyone to apply the necessary fixes. The NSA too
has issued an advisory and
news article
warning to fix this immediately.
Why is this so important for healthcare organizations? It’s been reported that “70 percent of devices in healthcare organizations will be running unsupported Windows operating systems by January 2020.” This is a greenfield opportunity for the perpetrators of BlueKeep to expose health records and personally identifiable information (PII), presenting monumental, potential risk.
How does it work? BlueKeep is
considered a ‘wormable’ vulnerability because it does not require
authentication or user interaction to exploit. As such, the worm can spread
from system to system taking advantage of the vulnerability.
Numerous possibilities exist
for a wormable exploit like BlueKeep. For example, if it uses something like
Emotet, a more sophisticated malware platform, a piece of malware could get
onto a system and have the potential of making intelligent decisions about what
it should do next. It could then automate those steps and adapt to its
environment.
Or, what if BlueKeep finds
its way on to somebody’s home computer? In that case it’s probably going to
just sit back and grab any email exchanges that are going on, scrape some email
addresses, and try to spam itself out to spread itself further.
However,
if it got into a hospital’s network it could switch into ransomware mode –
creating perhaps an even more damaging version of WannaCry – holding critical
and even life-saving information hostage.
For
perspective, the WannaCry attack of 2017 was reported to cost as much
as $4 billion, making it one of the most costly ransomware attacks to ever hit
our global economy. The fact that six
security firms have independently reached successful exploit of BlueKeep makes it pretty likely that a weaponized version of BlueKeep
may be a lot more real than some of the other recent threats. Even though
nobody has detected an attack “in the wild” yet, it’s only a matter of time
before the first attacks occur. Bleeping Computer confirms private
MetaSploit modules have already been developed for demonstration.
So, what needs to be
done to keep BlueKeep away? Follow these three important steps:
Leverage a
comprehensive asset management solution to ensure that you have full visibility
into any and all legacy systems that may have one of the vulnerable operating
systems. It only takes one system that remains unpatched to expose your
network. Don’t let any system slip through the cracks.
Immediately apply
the latest updates to all of your legacy systems before BlueKeep hits the
streets. You don’t want to get an ‘I told you so!’ from your incident response
and security team.
Minimize the impact on your
IT teams through automation. With the latest versions of MS SCCM not supporting
Windows XP and Server 2003, the job of applying patches can be a bit more difficult. But
it doesn’t necessarily mean that you must perform your patching manually. You
can patch up to 50 systems including
Windows XP and Server 2003 by accessing this free 60-day license to Ivanti
Security Controls here.
For those who have not
patched BlueKeep yet, it is only a matter of time before the first malicious
exploit is distributed. You can be sure that healthcare organizations will be at
the top of the target list. Be prepared and apply fixes today. Cyber adversaries are likely reverse
engineering the patch as you read this, getting ready to exploit organizations
and individuals alike. Let’s work together to avoid a potential repeat of
WannaCry.
Technology has really evolved over the last half a century and its impact is very vast. Many fields are feeling getting a touch of the improved technological advancement a notable one being the medical and health sector.
In the health sector, the
ripples of technology are not going to disappear anytime soon meaning there are
still plenty to offer that is on its way. Many trends have come and most find a
comfortable spot and stick for ages. The effects are evident in the improvements
in the quality of equipment to the commercial aspect of medical care making the
internet its hub.
Improvements in Health
Technology
One of the key drivers in
the technological age is the curiosity factor that forms the necessity aspect
of inventions. In the medical field, urgency and curiosity come together and
have brought out many pieces of equipment and procedures which have given a
boost to the entire health system.
Cases such as smallpox
have been totally eliminated as a result of vaccination. Growth hormone
problems also have a solution courtesy of endocrinologists and other hormonal
health specialists who have been able to isolate the human growth hormone
(HGH). In case of growth issues, you can easily get HGH
prescriptionfor a normal growth
process.
The oncology unit has also
grown tremendously and there is some sustained level of control when it comes
to cancer patients. The growth translates to many cancer survivors which is
another badge of honor to the technological backing of the health sector.
Each and every day new,
equipment gets conceptualized and the future seems like one timeframe we can
hardly wait for in the health and medical sector.
The Internet Effect
As earlier indicated, the
internet has its vast effects ass a force of technology on the health sector.
The internet is a great research tool that helps in giving patients more
information on their conditions. It also provides essential information on the
care process to the patients.
Communication between
doctors and their patients has received a boost courtesy of the internet and
one can receive medical information through mail among other services. The
commercial aspect of the medical sector has also received ample backup from the
internet. In this vein, a patient can look up the available services and also
book an appointment, without physically visiting the healthcare center.
Artificial Intelligence
Artificial intelligence in
the healthcare field is another blessing improving the delivery of services.
With AI, records are well kept and come in handy in the maintenance of health
data. AI also has a role when it comes to predictive analytics and is a good
research companion, especially in epidemiology. It helps in predicting the
impact of the spread of diseases and shows which part of the demographics that
will be majorly affected. This is essential when it comes to developing cures
deal with the disease in the subject.
Adoption
The major adopters of
technology are mostly the youth, the millennials. Due to their exposure to
technology, they have fast taken to it and most of them diagnose themselves by
looking up signs and symptoms from the internet which is not advisable. The
older generation has also taken to technology after seeing how effective it is.
Conclusion
It is no secret that
technology is very significant in our improved health conditions. As it is
evolving constantly all we have to do is to wait and see what else is in store
for us.
Today, psychologists are offering their services online, and telehealth is continuously becoming popular. The top advantage of such practice in the mental health field is the availability of specialized services and expertise to patients in remote locations. Furthermore, telehealth enhances the availability of professional medical expertise globally with modern ways of clinical supervision.
In overall, telehealth provides
efficient communication among professionals and their patients globally to
engage each other through various technological means and a considerable supply
of interventions to pick from. With all the benefits that telehealth offers,
there are still many arguments in the mental health industry on whether or not
it can be considered truly safe as well as private to the patients.
Why Telehealth Is Under Debate Over its Safety and Privacy
Furthermore, individuals with means
of producing educational videos, applications, or websites, etc. can come up
with such content easily, posing the risk of a patient obtaining inaccurate
information. Another point of concern for telehealth is associated with its
jurisdictional compliance. License specification typically differs per state or
country. However, the ease with which psychologists can provide their services
globally may ultimately lead to inadvertent legal or ethical malpractice.
HIPAA’s
Security Protocols that Safeguards Patient’s Information
The first question a patient may ask when using
telehealth services or telemedicine software is, “How safe and private is the
service?” sincerely speaking, this is quite a valid concern for the patient and
should be taken with utmost seriousness by the health provider. HIPAA (Health
Insurance Portability and Accountability Act) which was passed in 1996 by
the Congress makes sure that individuals can transfer as well as continue with
their insurance cover even after changing jobs.
Additionally, the act instituted industry-wide
policies on billing and healthcare information, among other processes. Most
importantly, HIPAA ensured implementation and proper protection of patient
information known as PHI (Protected Health Information). These protocols also
apply to patient’s data, such as video visits that are transmitted via the
internet.
Why Individual
Therapists May Not Have Sufficient Security Protocols to Safeguard Your Data
To be safe from stiff penalties and be HIPAA
compliant, medical practitioners are required to use telehealth solutions that
meet HIPAA’s regulations. However, not all healthcare providers meet this test
hence raising concerns. The laws typically apply to covered entities and all
business associates such as organizations, agencies, and large medical firms.
Professionals and therapists
listed here all work with a HIPAA compliant service.
Several reports have indicated that personal
therapists, not working under professional medical bodies, may not be compliant
to HIPAA laws. This means that they are less likely to follow and respect the
patient’s privacy rights and information. Thus, this raises significant
concerns for patients using telehealth services. Choosing to work with a
therapist from a large telehealth company ensures that your data and private
information is safe.
By Carol Amick, manager of health care services, CompliancePoint.
Carol Amick
As healthcare providers continue to search for ways to cut costs and increase efficiency, many are outsourcing selected services. One report indicated that 98 percent of the hospitals surveyed were either actively considering outsourcing or had already done so. [1] Outsourcing is expanding beyond non-core functions to clinical areas, as healthcare providers look for ways to decrease costs and increase quality. While outsourcing can be a cost-effective move, failure to properly assess and manage risks related to protected health information (PHI) can create legal and reputational issues for the organization.
However, outsourcing and relying on vendors to perform activities
that involve access to PHI increases the risk to a covered entity. Over the
past three years, the Health and Human Services Office of Civil Right (OCR) has
issued approximately $6 million in financial penalties where failure to obtain
a signed HIPAA compliant business associate agreement (BAA) from at least one
vendor was either the sole reason for the financial penalty, or contributed the
severity of the penalty.[2]
The HIMSS 2019 Cybersecurity Report noted that 30 percent of the
healthcare vendor respondents had not experienced a significant security
incident in the prior 12 months.[3] This
means that 70 percent had experienced a significant security incident.
HIPAA requires that covered entities have a BAA with vendors that
have access to PHI to perform duties on behalf of the covered entity, or if
electronic PHI (ePHI) passes through their systems. The HITECH omnibus rules
require that business associates comply with the security rule with regards to
ePHI, report breaches of unsecured PHI to the covered entity, comply with
applicable requirements of the privacy rule, and ensure their subcontractors
agree to the same regulations[4].
While a BAA does provide a covered entity with some legal
assurances, a BAA does not necessarily indemnify a covered entity against
financial penalties for a breach if the covered entity failed to obtain
“satisfactory assurances” of the vendors security.[5]
Nor will a BAA won’t protect the entity’s reputation. Quest Diagnostics
recently experienced a breach by one of their vendors of financial data for
approximately 11.9 million patients.[6] While
the breach was the fault of the vendor the media focus and public attention is
on Quest Diagnostics.
It’s important to consider if the data an organization is entrusting to a vendor is protected. What is the organization doing to ensure vendors who access ePHI understand their obligations and expectations?
The steps below should be performed at least annually to help
organizations ensure that their vendors are securing their data. Covered
entities may do this internally or enlist the services of an independent agency
to do the review.
Verify the
Organization Has Required BAAs
Organizations must compare their vendor master file against their
BAA file. Many organizations know they set up processes to obtain BAAs when the
Health Information Technology for
Economic and Clinical Health (HITECH) Act, regulations related to business
associates were released in 2013[7]
and accounts payable has been trained not to process a check without a BAA.
However, experience shows that if there is a way around those controls someone
will have figured it out! Vendors can get established without BAA when you
merge or acquire another provider. Vendors can get established without a BAA
when an emergency purchase is made from a vendor. Vendors can change ownership
without providing you with notice that you need an updated BAA.
Reviewing the vendor master file should begin with elimination of
vendors that the organization knows are not BAAs, such as utilities, employee
expense reimbursement, contracted physicians, etc. The organization should then
look at all remaining vendors and determine their use and access to PHI. The
process can be time consuming and painful, but if this basic first step is
never done, an organization will never know if they have identified the vendors
that are putting the organization at risk. At the end of this process, the
organization will have two lists; vendors with BAAs and vendors without BAAs.
Evaluation
of Vendors
Once the organization has a list of vendors that access their PHI,
they need to determine “what are these vendors doing to protect patient PHI.” Some
questions organizations should ask themselves:
Do we do any periodic reviews of vendor
security?
Did we evaluate security before we started
working with the vendor?
Do our vendors have certifications they can
provide to us?
If they advertise HITRUST certification, have
they sent us a current report?
What do we know about what they are doing with
our data?
Are they sending our data off shore?
Do they have security standards that at least
meet HIPAA standards?
Evaluation can be done in a number of ways. If a vendor is audited
annually to maintain their HITRUST certification, or they have a SOC II or
other audit done to validate their security controls, ask for the reports.
Furthermore, they should be reviewed to make sure that the controls the
organization is relied upon to protect ePHI are functioning. If the vendor
doesn’t have an independent review, the organization may need to do their own
review. Reach out to the vendor and talk
to them about their security. Covered entities may find it helpful to survey
their vendors on security.
If a vendor doesn’t want to provide information, or can’t provide
good data, the organization needs to perform a risk assessment to determine if
they are willing to accept the risk presented from the lack of
information.
Update
BAAs
After doing the two steps above, organizations should have
listings of their vendors and their BAAs. For vendors with BAAs, review those
BAAs. Have the agreements been updated to reflect the HITECH Omnibus
requirements? Are the agreements complete with the names of both parties and
the appropriate signatures? Is the contact information correct? If the vendor
doesn’t have a BAA, it’s past time to get a BAA. If the vendor with access to
PHI refuses to sign a BAA, it’s time to terminate that relationship!
Monitoring vendors for PHI security is not a “one time” review. A
vendor who had a great security person who understood HIPAA and the
organizations requirements, can have a financial set back and replace the
experienced Security Director to save money. A vendor who assured an
organization that their data was stored and processed in the US can suddenly outsource
to an offshore location for processing of the account. While this monitoring
can take time and resources, as many have learned in healthcare — a little
prevention can often head off a major issue.
