Tag: HIPAA

Preventing Medical Billing Cash Flow From Becoming A Flat Line

By Ethan White, MDVision.

From last few years, there have been significant modifications in the rules in addition to guidelines that medical coding and billing firms must achieve. The medical billing vendor that is fully compliant in all under HIPAA are authoritatively business associates of most ideal healthcare clients. This means they never reveal private information, take substantial deterrents with client data, and shield the uprightness of the client.

But another utmost and instantaneous requirement is to influence the company’s profits as to make certain you file the medical claims as rapidly and swiftly as possible. For this determination, you can farm out the situation to a medical billing vendor as they promise to adhere to a strict round-the-clock turnaround for medical claim filing. Also, they have the real strength and aptitude to make available the flexible times for patient queries from outpatient ambulatory surgery centers to large hospitals.

Nonetheless to share your medical billing success story across healthcare landscape, some essentials should be think through in accordance of what’s being said, demonstrated and delivered at any stage:

Medical Bill Repricing Solutions

It is for this reason, the top medical billing vendor companies are certainly in a successful partnership attitude that lay emphasis on prompt, practical and a patron-centric billing approach. The objective ought to provide excellence attention to injured worker’s compensation claims and effectual charge clarifications. It always starts by real-time bill review besides fake finding for self-insured houses, third-party administrators in addition to insurance companies. Such practices prevent excessive payments and endorse an equitable repricing level for reimbursement.

Non-Network Negotiation

The non-network negotiations possibly will continue to establish the average for fair and reasonable reimbursement aimed at medical billing claims. But getting the substantial discounts on non-network claims and to regulate 100 percent in excess of provider sign-off to ease the risk is always an ideal method used by medical billing vendors. The supplementary healthcare cost suppression approach can be used for any other reporting type in delivering fair and equitable money to the paymaster and reasonable payment to the provider as well.

Fragmentation into coordination

An outsourced medical billing claim service means that you have a complete squad of professionals who make sure that your entitlements get treated swiftly and precisely, sendoff your practice minus at risk to interruptions in cash-flow. When a physician confidence the chosen billing service company and works self-possessed with billing prerogative team, they develop long-lasting benefits like.

Monitoring and Analytics

Your days in A/R, or revenue cycle period has a noteworthy impression on your bottom line. A medical billing service mete out their overheads transversely the all-inclusive client based on providing an economy of scale, monitoring and analytics. Thought, such medical billing vendors can have the funds to chartering with the best staff potential, so that you pay a smaller amount for the comparable and frequently complex collection percentages. In addition to the uninterrupted fiscal advantage of greater returns as well as decreased costs.

Continue Reading

Health IT Startup: Intiva Health

Intiva Health LogoIntiva Health is the first truly integrated career platform for healthcare professionals.  It redefines the medical credentialing process by making it faster, more efficient and more secure.

Elevator pitch

Intiva Health provides healthcare professionals with a single place to manage their credentials,continuing education, new job opportunities, secure messaging needs and more. It is built on the Hashgraph digital ledger platform, which means it is faster, more secure, and more error proof than blockchain.

Founders’ story

Intiva Health was founded in 2006 as a staffing agency for surgical services and emergency rooms. Today the Austin, Texas, company it has reinvented itself as a digital health startup featuring a next generation blockchain technology that cuts the time it takes for the medical credentialing process from months to seconds, improves HIPPA compliance,and makes document tampering or theft almost impossible.

Marketing/promotion strategy

Intiva Health focuses its marketing and PR efforts on licensed medical professionals (LMPs), practice managers, and the facilities where they work including medical groups, hospitals and professional associations.The company launched a new brand awareness campaign in March 2018 that includedthe introduction of the Intiva Token, a new cryptocurrency that LMPs can use to purchase continuing education classes, cyber insurance and other services.

Intiva is also partnering with the National Osteoporosis Foundation to test the advantages of using the Intiva Token for charitable donations.

Market opportunity                                                                                    

The Intiva Health Platform automates the burdensome tasks of credential and licensure management, continuing education, and discovering job opportunities for healthcare professionals. Intiva Health’s new ReadyDoc™credential verification solution, built on top of the Hashgraph distributed ledger technology, disrupts the existing broken, slow, and error-prone healthcare credentialing system, which today can take weeks or months to verify credentials, and is subject to tampering.

Intiva believes that ReadyDoc can replace the current processes of credentialing and primary source verification by storing documents and credentials in a Hashgraph-based distributed ledger. Providers and facilities can obtain information that is pre-verified, securely stored, and readily available, creating an ongoing, self-auditing verification of provider work history and clinical reputation.

ReadyDoc will act fluidly between health systems and facilities across the U.S., allowing organizations to instantly verify work history and clinical reputations. In the event of an emergency like the Houston hurricane, facilities will be able staff up by vetting the credentials of qualified providers instantly. ReadyDoc eliminates redundancy and the need for third party verification organizations, letting medical professionals get to work sooner.

Who are your competitors?

We believe that Intiva Health is the first integrative platform to manage healthcare career information from one seamless dashboard. It is certainly the first to use the Hashgraph digital ledger technology and offer a cryptocurrency utility token. However, Doximity also offers a career management application for medical professionals.

How your company differentiates itself from the competition and what differentiates Intiva Health?

Intiva Health can replace the current processes of credentialing and primary source verification by storing documents and credentials in a Hashgraph-based distributed ledger. Providers and facilities can obtain information that is pre-verified, securely stored, and readily available, creating an ongoing,self-auditing verification of provider work history and clinical reputation.

Continue Reading

How to Know If Your Software is HIPAA Compliant

By Abbas Dhilawala, CTO, Galen Data.

Abbas Dhilawala
Abbas Dhilawala

The Health Insurance Portability and Accountability Act, known as HIPAA, was enacted in the United States in 1996. The legislation creates data security and privacy requirements for safeguarding medical information. In recent years, HIPAA compliance has become a hot button issue for software developers in the healthcare space, as a number of high profile data breaches compromised millions of patient records across the country.

If you’re developing an eHealth or mobile health app, it is vital that you determine whether your software could be subject to the requirements of HIPAA for medical software applications. Failure to do so could subject you to thousands or even millions of dollars of liability if the use of your application results in an unauthorized disclosure of health information that is protected under HIPAA. Here’s how to tell whether HIPAA applies to you, and how to know if your software is HIPAA compliant.

Does HIPAA apply to me?

Before you start worrying about compliance with the security and privacy requirements of HIPAA, you should determine whether they can be applied to you and your organization. Both the HIPAA privacy rule and the HIPAA security rule apply to all covered entities under HIPAA, such as health plans, healthcare clearinghouses and healthcare providers. The website for Centers Medicade & Medicaid Service offers a Covered Entity Guidance Tool that can help you determine whether your organization is a covered entity.

HIPAA was expanded in 2009 with the introduction of the HITECH Act and again in 2013 with the HIPAA omnibus rule which clarified the responsibilities of business associates of covered entities when it comes to managing privacy and security of patient records. Further guidance was issued in 2016 indicating that cloud service providers would also be covered by the HIPAA privacy, security and breach notification rules.

Software developers in the healthcare space need to tread carefully here – the original regulations of HIPAA that deal with covered entities probably won’t apply to most organizations creating eHealth or mobile health products, but if your app will manage protected health information and share it with any covered entities, such as health plans or doctors, then HIPAA applies to you and you must comply.

If your software collects protected health information from patients but does not share it with a doctor or another covered entity at any point, the HIPAA rules won’t apply to you and you don’t need to worry about compliance.

Required safeguards for software HIPAA compliance

The available data indicates that while theft of computing hardware was the primary cause of healthcare data breaches in 2017, the greatest vulnerability that was exploited was health IT networks. For software developers, the HIPAA security rule is the most likely potential source of compliance issues. The rule mandates three types of safeguards that protect patient data – administrative, physical, and technical. In creating these safeguards, software developers must establish a secure application where authorized personnel have access to the required patient information while unauthorized persons do not. Patient information must also be protected from alteration or destruction.

Administrative safeguards ensure that software administrators who make have access to the data are acting responsibly. If your software stores medical data, anyone with access to that data must be authorized and trained on the ethical and legal requirements of that access. Administrative safeguards include:

Physical safeguards help to mitigate data breaches by ensuring that only authorized users can access the facilities and machines where protected health information is stored. Physical safeguards include managed policies for:

Technical safeguards present the greatest challenge for software developers building HIPAA-compliant products, as software bugs represent the best opportunity for data attacks against your organization. HIPAA does not detail exactly what firewalls, anti-malware devices or encryption tools should be used to secure your software against a data breach, but it does indicate the need for several types of controls:

Continue Reading

Healthcare’s Most Pressing Problems, According To Its Leaders (Part 1)

Most likely, in one of the few lucid moments you have in your hectic, even chaotic schedule you contemplate healthcare’s greatest problems, its most pressing questions in need of solving, obstacles and the most important hurdles that must be overcome. And how solving these problems might alleviate many of your woes. That’s likely an overstatement. The problems are many, some of the obstacles overwhelming.

There are opportunities, of course. But opportunities often come from problems that must be solved. And, as the saying goes: For everyone you ask, you’re likely to receive a different answer. What must first be addressed? In this series (see part 2 and part 3), we ask. We also examine some of healthcare’s most pressing challenges, according to some of the sector’s most knowledgeable voices.

So, without further delay, the following are some of the problems in need of solutions. Or, in other words, some of healthcare’s greatest opportunities — healthcare’s most pressing questions, problems, hurdles, obstacles, things to overcome? How can they be best addressed?

 Nick Knowlton, VP of strategic initiatives, Brightree

Nick Knowlton
Nick Knowlton

Throughout the healthcare ecosystem, patient-centric interoperability has historically been a huge challenge, specifically throughout post-acute care. This problem results in poor outcomes, unnecessary hospital re-admits, patients not getting the treatment they deserve, excessive cost burden and poor clinician satisfaction. This challenge can be solved through creating better standards, adapting existing interoperability approaches to meet the needs of post-acute care, implementing more scalable interoperable technologies, and involvement with national organizations, such as CommonWell Health Alliance and DirectTrust, amongst others.

Brian Wells, CTO, Merlin International

Cybersecurity is one of the most pressing hurdles in the healthcare industry. The life and death nature of healthcare and the shift to electronic health records (EHR) creates an environment where hackers that successfully deploy ransomware and other cyberattacks can extort large sums of money from healthcare entities and steal highly sensitive data. To address this challenge, healthcare entities need to continue to increase their investment in cybersecurity and focus on improving their overall security posture by implementing tools and processes that will monitor all devices and assess their compliance with security policies; stop phishing attacks; keep all servers patched and current; ensure third party vendors comply with policies; and train employees on proper security hygiene.

Lee Barrett, executive director, Electronic Healthcare Network Accreditation Commission (EHNAC)

Lee Barrett
Lee Barrett

Cyberattacks continue to expose the security vulnerabilities of healthcare institutions, keeping many industry stakeholders awake at night. This is why every organization handling protected health information (PHI) needs to build security frameworks and risk sharing into their infrastructure by implementing risk-mitigation strategies, preparedness planning, as well as meet industry standards for adhering to HIPAA requirements. Hospitals and healthcare systems must keep their focus on strategies and tactics that ensure business continuity in the event of an attack as it’s clearly not a matter of if a breach can happen but when.

Margaret J. King, Ph.D., director, the Center for Cultural Studies & Analysis

The core problem for healthcare isn’t science, technology or caregiving intervention. It’s making sure that the systems of delivery and communications are thought through and actually respond to the way patients need and expect healthcare to be delivered. This means it doesn’t matter how advanced and perfected your health system may be — unless it conforms to culture — the way people think and behave — it will do nothing but confuse and frustrate patient needs, which are psychological and social, as well as physical and mental.

Continue Reading

Health IT Startup: Datica

Image result for datica logoThe Datica platform manages all ongoing compliance and security burdens not covered by AWS and Microsoft Azure. Through the platform, customers deploy cloud-native applications and integrate with EHRs. The HITRUST CSF Certified Datica platform services all who handle PHI in the cloud, from startups to the Fortune 100.

Elevator Pitch

Datica removes the risks for digital health in the cloud.

Founders’ story

Travis Good, MD
Travis Good, MD

When CEO Travis Good, MD, and co-founder Mohan Balachandran, began solving healthcare’s universal hurdle in building applications in the cloud — HIPAA — the two entrepreneurs solved the problem. Along the way, they realized that other development companies had also been trying to solve the same problem. They thought: Why should any of us reinvent the wheel? With the compelling market need in front of them, they built their HIPAA-compliant platform and made it available to other development teams, and eventually enterprises. Knowing that trust, security, and compliance would remain the pillars to their platform, the founders sought certifications and audits through HITRUST, SOC 2, and GDPR to make the Datica Platform the most trusted foundation on which to build applications in the cloud.

Marketing/promotion strategy

Datica helps healthcare enterprises and digital health vendors accelerate innovation to improve healthcare through the use of its HIPAA compliant platform. We promote Datica to both market segments through outbound and inbound channels, direct outreach through webinars and local/national presentations around the company’s framework for digital health success, as well as through its podcast, quarterly reports, and executive speaking.

Market opportunity

The market opportunity for the Datica platform is extensive, touching all B2B healthcare stakeholders who store, manage and transmit personal health information in the cloud. Our target audience is 60/40 enterprise (healthcare providers, pharma, and payors), as well as digital health vendors. World-class companies like Johnson & Johnson, Zipnosis, Healthloop, Propeller Health, Methodist Le Bonheur, Stony Brook Medical, Optum and more, trust Datica to remove the risks of digital health in the cloud.

Who are your competitors?

Our largest competitors in the compliant cloud space aren’t other PaaS vendors but rather managed service solutions on one of the major IaaS vendors like Amazon’s AWS or Microsoft’s Azure. With Datica, developers can deploy application workloads to their Datica environment instead of directly to another IaaS to eliminate the burden of compliance. With the Datica Platform, a customer gets the benefits of AWS, Azure, or other infrastructures as the foundation of our platform, plus Datica automates all DevOps and DevSecOps requirements in the cloud. Developers can deploy services & workloads in minutes that are fully in compliance with HIPAA and HITRUST.

How your company differentiates itself from the competition and how Datica differs.

Datica differentiates itself in two ways. The first is through open source resources. Datica has a strong belief in open source resources as the fastest and best way to promote healthcare innovation. Datica open sourced its company policies and resources early in the company life. During HIMSS18, we also announced that the Datica platform now uses Kubernetes (an open source system for automating deployment) as its underlying container orchestration, granting customers greater technical flexibility.

Second, Datica stands apart from other PaaS competitors through its firm commitment to third-party audit and verification of the Platform’s trusted security. Datica is HIPAA compliant, HITRUST CSF Certified and has certifications for SOC 2, GDPR, and GxP.

Continue Reading

HIPAA: A Primer And A Reminder For Those In Healthcare

By Vikash Kumar, manager, Tatvasoft.

A relentless parade of fronts from communication to banking, shopping seems to be unfolded, all thanks to the emerging technology. But somehow healthcare used to stay behind because many of you believed it was too complicated to be fixed. Well, that’s just not true! Now, more than ever, technology has not just succeeded in improving the consumer experience but also has removed the unnecessary cost from the entire healthcare system.

In order to maintain standards of care and improved outcomes for patients, hospitals and medical centers, technology is providing ever-smarter ways like never before. Enacted by the U.S. Congress in 1996, HIPAA was introduced because of the increasing need to address growing technological changes and problems. According to the HIPAA Privacy rule, saving, accessing and sharing of medical and personal information is prohibited. Moreover, it specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically (ePHI — electronic protected health information).

Apart from this, there are a few primary components one needs to be concerned with:

Privacy rules emphasize on what qualifies as PHI (protected health information) and who is mainly responsible for ensuring that nothing would get disclosed improperly. It includes covered entities ranging from health plans to health care clearinghouse, health care providers who have the right to transmit any health information electronically regarding the Department of Health and Human Services (HHS). Other than covered entities, privacy rules even encompass of business associates (anyone who stores, collects, maintains, or transmits protected information on behalf of a covered entity).

On the other hand, security rules relate specifically to electronic information and set guidelines for how to secure PHI. Administrative, physical and technical are the three main categories in which it is broken down. As the name implies, administrative revolves around access control and training, physical safeguards are for actual devices, and technical relates to the data itself.

HIPAA Breach Notification Rule is basically a set of standards that covered entities and business associates must follow in the event of a data breach containing PHI and ePHI. This rule, in particular, emphasizes on two kinds of breaches; minor breaches and meaningful breaches. As a result, organizations are required to report all type of breaches, regardless of size to HHS OCR, but the specific protocols for reporting change depending on the type of breach.

Omnibus Rule: This rule was enacted in order to apply HIPAA to business associates, in addition to covered entities. According to the rule, business associates must be HIPAA compliant.

Continue Reading

Implications of Patient Data Collection in Healthcare

By Brooke Faulkner, a writer in the Pacific Northwest; @faulknercreek.

Healthcare is in a constant state of updating. From new technologies to the latest scientific research, nothing stays the same for long. If it does, there’s almost certainly someone, somewhere, attempting to find a better way.

Right now, though, more than just the medicine is changing. The way we interact with our doctors and the way our doctors interact with each other is redefining what patient care looks like. Slowly but surely, the communication and management of healthcare data is joining the rest of us in the 21st century and going digital. Doctors are available on demand, medical records can be accessed without waiting for a courier, and the amount of information available to the public is growing by the second.

It’s not all so optimistic, though. Concerns about privacy exist in tandem with the benefits of increased access, and medical facilities can be vulnerable to a variety of cyber attacks. Whether you’re considering public health on a global scale or just going to the doctor for a yearly wellness check, digital health data is changing the way we see medical care.

Public Health Opportunities

Increased connectivity in the medical world makes more data available to more people. It’s easier than ever to track disease outbreaks, compare national statistics, and identify trends in global health. In the United States, the field of public health research is expected to spend more than $3.7 trillion in 2018 alone.

We have fewer communicable disease epidemics now than at any time in recorded history. Diagnosis and treatment protocols are more sophisticated, but more often than not, we don’t have to worry about smallpox, measles, or rubella thanks to vaccinations. Instead, many of the health concerns facing Americans are preventable, non-communicable diseases borne of unhealthy lifestyles. In 2017, more than 36 percent of the adult population was obese and 9.4 percent had type II diabetes.

With the data recorded by fitness trackers, electronic food diaries, and other health-focused devices, public health researchers can paint a clearer picture of the lifestyle choices that lead to illness. Public health campaigns can become more targeted and an emphasis placed on follow up and plan adherence through personal technology. By crunching the numbers generated from various populations, researchers can compare and contrast differences among nationalities, noting genetic trends and trying to tease out nature from nurture.

Continue Reading

Clinical Research: The EHR Can Be Your Friend If You Want It To Be

Guest post by Marti Arvin, vice president of audit strategy, CynergisTek.

Marti Arvin
Marti Arvin

The myriad of regulations associated with clinical research can be daunting. In addition to complex regulations, most research entities have the added challenge of coordinating the process across multiple stakeholders that may be spread across different organizations. One way to begin to get a handle on this is to look at integration between the EHR and other systems used in the process. The research enterprise can leverage the availability of electronic systems to the reduce duplicate effort, increase researcher satisfaction and improve compliance.

By integrating the EHR and the clinical trials management system (CTMS), an organization can create a single source of truth, consolidate efforts in teams that have the appropriate expertise and decrease the overall timeline to get a study up and running. A typical research project has multiple processes that must occur for it to get approval from the Institutional Review Board (IRB), gain appropriate funding from the sponsor, and receive any necessary approvals from committees such as biosafety or radiation safety. Traditionally, the researcher has been responsible for assuring all of the necessary approvals have been obtained, the study is appropriately budgeted and all other steps are completed to help ensure compliance, despite the fact that the researcher is the scientific expert on the project, and is often the least experienced in ensuring the study meets all the regulatory requirements.

Creating a process where the CTMS and the EHR are integrated to capture necessary information at both the study initiation phase and throughout the study can help improve the process and ensure all necessary actions are completed.

System integration

System integration can offer improved efficiency and effectiveness in a number of areas. This discussion will focus on just two examples: Clinical trial billing and HIPAA compliance.

How can system integration help with these two issues?

Clinical Trial Billing

It is necessary to evaluate the proposed budget for the clinical trial to ensure services which can be legitimately billed to the patient/subject’s third-party insurance are identified as such and services that must be covered by another source are identified– also known as the coverage analysis. The rules around what can be billed to insurance, particularly to Medicare, are complex.

The process requires someone with expertise in not only general billing and coding, but the specifics of the rules in this area and the ability to read a study protocol. The language of the study’s informed consent document is also critical. The wrong wording in the informed consent can render a service otherwise billable to third-party insurance non-billable, meaning the cost of the service must be covered by another source and makes the initial coverage analysis extremely important. Equally important is a process to ensure the services are in fact billed in the manner anticipated by the original budget and coverage analysis. This helps ensure the organization does not submit a potential false claim by billing insurance when the study should be covering the cost.

By integrating the systems (CTMS, EHR), a process can be developed to trigger certain steps to happen contemporaneously. The researcher’s initial submission to the IRB system can trigger an alert that the study needs to be established in the CTMS. The establishment of the study in the CTMS then triggers the initiation of the process to develop a coverage analysis. The development of the coverage analysis can be built in to the CTMS so that all services provide to the participant are identified on a structured calendar with the corresponding payer source identified.

Continue Reading

Security Best Practices for Protecting Your HIPAA Compliant Data

Guest post by Manoj Puranik, CEO, Atlantic.Net.

Manoj “Marty” Puranik
Manoj “Marty” Puranik

Augusta University Medical Center reported that it had become a victim of phishing for the second time within a 12-month period although fewer than 1 percent of patients were impacted by the second effort. A trio of cybercrime rings took over 26,000 open MongoDB servers and demanded ransom for the owner to retain the data. A successful intrusion of Medical Oncology Hematology Consultants was detected, with 19,203 compromised patient records; however, by that point, the hackers had been inside the system for 20 days.

Kaleida Health announced that it had been victimized by phishing, with 744 patients affected; actually, though, that was adding to a previous tally – with 3,544 total records accessed. Ransomware brought down Pacific Alliance Medical Center; two months later, the firm said that 266,123 patients were impacted.

What do all of these situations and figures have in common? They are all Health Insurance Portability and Accountability Act (HIPAA) violations that took place in 2017. Also, you don’t want to be that organization. Forget the threat to your credibility (perhaps especially the much-dreaded Wall of Shame; the sheer expense is overwhelming. For any data breach, the average drop in revenue experienced by a healthcare firm is $3.7 million

So, with all that said (i.e., since it is more common than anyone would like, and since these cyberattacks are so incredibly costly), it is only reasonable to look over some HIPAA fundamentals and review security best practices for protecting HIPAA compliant data. With the information you collect, you can strategize implementation of the most strongly protected possible system.

Here are a few tips so that your environment can integrate best practices for securing the protected health information (PHI) that is under your watch:

Encrypt everything

Encryption is critical. Just look at a study published in Perspectives in Health Information Management in 2014. While this research is slightly dated, it is compelling because it is a true big data study that looked at all the breaches of HIPAA-protected files that were currently within the HHS Department’s system. At the time of the report, which used all events through September 22, 2013, 27 million people’s records had been compromised, via successful attacks of 674 covered entities and 153 business associates. Forms of intrusion included hacking, improper disposal, loss, theft, unauthorized access, etc. Breaches occurred in various digital environments both through devices and backends, as well as through hard-copy paper documents.

When you look at the data on types of breaches as pieces of the whole, you see how prominent theft is. Here are the top five types of breach in descending order of volume, with the number of individuals, covered entities, and business associates affected in each case (numbers that have now grown substantially): 1. theft – 12,785,150 people (via 344 CEs and 52 BAs); 2. loss – 7,359,407 people (via 74 CEs and 23 BAs); 3. hacking or IT event – 1,901,111 people (via 59 CEs and 20 BAs); 4. unauthorized access – 1,334,118 people (via 136 CEs and 44 BAs); and, 5. improper disposal – 649,294 people (via 32 CEs and 5 BAs).

The key concern here is that these issues are not just about theft. If it were just about laptops being stolen, that would not be as much of a problem because the criminals would not be able to get anything of them necessarily. All of these cases are ones in which the information on the devices that was stolen was unencrypted. In other words, all you need to do is encrypt that data – and even if it does get stolen, you don’t need to worry about it as a violation.

Assess your risk

Conduct a complete risk assessment of all the elements of your ecosystem that store, process, or transfer ePHI, along with other ways in which your information may be exposed physically. Related to the data center environment (whether it’s internal, third-party or hybrid), you want to ask these questions: Are natural disasters common in the location of the data center? Is there a responsible party associated with all hardware components? Have you assessed the security mechanisms that are now in place and any risks that are present? Have you taken into account all ways in which ePHI is accessed or manipulated within your system? Consider the creation, receipt, maintenance and transfer of this information.

Training is fundamental

It is easy, especially related to electronic protected health information, to become obsessed with the systems and to forget about the huge potential for human error. Your staff must be properly trained, especially since the threat landscape is evolving, with an increasingly sophisticated toolset for accessing the data. A very simple yet devastating mistake that is often made is phishing, when a staff member either clicks on a link or submits data, such as usernames or a Social Security number that, thereby, connects them in to a fraudulent system. It is horrifying but true that something as simple as a fake email could create a point of entry for malware or viruses.

Continue Reading

Health IT Startup: Paubox

Image result for paubox logoPaubox is a San Francisco-based startup that focuses on making HIPAA-compliant email easy to accomplish for the healthcare industry. Rather than making encryption cumbersome for the user, Paubox makes it easy without adding additional steps. This makes adoption and deployment of Paubox easy for any size organization, from the single doctor private practice to the largest hospital.

Elevator pitch

Paubox is the easiest way to send and receive secure, HIPAA-compliant email. There are no portals to login to, no software or apps to install, no extra steps for senders or recipients. Users can just write and send email as normal from any device and Paubox will do the rest to deliver encrypted email straight to the recipient’s inbox.

Product/service description

Paubox encrypted email is the easiest to use HIPAA-compliant email solution for the healthcare industry. Using military grade encryption, Paubox focuses on the user first, allowing for seamless inbox-to-inbox email delivery without any extra steps.

Rather than limiting seamless delivery to a closed network, or requiring a button press or to enable secure email, Paubox allows users to just write and send email as normal from any device. Recipients will get encrypted email straight to their inbox without needing to login to portals or download and open an app.

Because of its ease of use, Paubox can deploy within hours for any size organization.

Customers can host their email with Paubox, or keep their existing email address. Paubox integrates with all major commercial email platforms like Outlook, Office 365 and Google Apps.

In addition, Paubox encrypted email includes inbound encryption and protection against ransomware, malware, virus, SPAM and phishing attacks. This extra security is especially important since many data breaches occur from malicious inbound email.

Paubox also offers an Encrypted Email API that allows organizations and developers to integrate seamless email encryption with their apps, patient portals and EHR management software.

Founder’s story

Like all great companies, Paubox was founded to solve the needs of its customers.

Hoala Greevy
Hoala Greevy

Founder and CEO Hoala Greevy has moe than 18 years of experience in email security. After beginning his career at Critical Path, he founded Hawaii’s first email security company in 2003 called Pau Spam, which has since filtered more than one billion messages.

In 2014, when speaking to one of his Pau Spam customers, Make-A-Wish Foundation of Hawaii, Greevy discovered a need for easy to use encryption solutions that could meet industry regulations. There was no solution in the marketplace that was affordable, secure, and easy to use. From those initial discussions, Greevy founded Paubox and continues to develop features and products to fit the market’s needs.

Marketing/promotion strategy

Paubox offers its solutions both direct and through a network of trusted IT partners. Pricing is annual with discounts available for larger customers. In addition to encrypted email, Paubox also offers complimentary products that customers can select, including encrypted online forms, online storage and encrypted email API.

Continue Reading