EDITOR’S NOTE: Edward Roche, in association with RACmonitor, is writing a series on the need for U.S. healthcare facilities to protect themselves from cybercriminals demanding ransoms for patient records. This is the fifth installment in that series and comes on the heels of a reported cyberattack Tuesday at Heritage Valley Health System, based in Sewickley, Pa.
The U.S. House of Representatives’ Committee on Energy and Commerce held a hearing last week on cybersecurity in healthcare. In addition, the U.S. Department of Homeland Security (DHS) Cybersecurity Task Force recently released a report suggesting that current guidelines are not adequate to meet the threat posed by cyberattacks.
Of particular concern is risk associated with medical devices, especially when they are connected to networks.
If your devices become infected with malware, then it may start to alter their data, leading to incorrect diagnoses. This could result in deadly consequences in many cases. Hackers could connect to a device, break in, then change its function – for example, something like a heartbeat monitor might be changed into an eavesdropping device.
In the same way that websites sometimes are obstructed and made unreachable by a firestorm of robot-generated inquiries – a “distributed denial of service,” or DDoS, attack – so too would it be possible for devices and the networks that support them to be shut down or made unusable by a sudden and uncontrolled flood of information or requests.
It also is possible that medical devices could be converted into a portal from, through which sensitive patient data could be exfiltrated out of a health provider’s information system. In this case, the login and security credentials of the device itself would be harnessed in order to gain entry into the back-end information system containing patient information.
Sale on the Dark Web
The prices for raw patient data are not terribly high. Reports from the Identity Theft Resource Center indicate that there were 355 breaches of patient information in 2016, constituting about 15 million records. Banner Health in Phoenix, Ariz. lost 3.7 million records; Newkirk Products in New York City lost 3.3 million; 21st Century Oncology in Fort Myers, Fla. lost data on 2.2 million individuals; and such examples go on and on.
The records have a fluctuating price on the dark web: a place where illegal transactions take place behind a wall of encryption and virtual IP addresses. On a per-record basis, patient medical records go for between 24 cents and $2 per patient.
There are relatively low prices because this information represents only preliminary raw material being used for fraud. After obtaining items such as birthdates, social security numbers, driver’s license information, insurance information, and other details, then the trained criminal can begin the process of impersonating the identity of patients.
New Audits on the Way
In 2017, we will see a wave of new audits of healthcare providers. These will not come from the Recovery Audit Contractors (RACs) but instead from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Evidently, the Civil Rights Act has been broadened in its scope to allow the government to audit providers, because having one’s personal information kept securely is considered to be a “civil right.” The audits are not only targeting hospitals, but also business associates. What types of punishment are available? Both civil fines and criminal penalties are being leveraged by the government to encourage good practices.
We can expect much more audit risk from cyber in the future, and we will continue to discuss these new audits in future installments of this series in RACmonitor.
As a provider, a question worth asking yourself these days is this: what degree of risk is there that you might have something on your
What is a “smart” hospital, and what states have the most of them? Furthermore, what makes them smart? Well, it is difficult to define exactly
Please log in to your account to comment on this article.
ICD10monitor has teamed up with renowned CDI expert Dr. Erica Remer to bring you an exclusive webcast on how to recognize sepsis, how to get providers to give documentation that will support sepsis, and how to educate to avert sepsis denials. Register now and become a crucial piece of the solution to standardizing sepsis clinical practice, documentation, and coding at your facility.
Optimize your inpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. Participants will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.
Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P., as she helps you navigate advanced inpatient CDI technologies, regulatory changes, and system interoperability. Angela will provide actionable strategies for integrating AI and predictive analytics into CDI practices, ensuring seamless system interoperability, and maintaining compliance with evolving regulations. Attendees will learn to select and implement advanced EHR systems and CDI software, leverage data analytics to enhance documentation accuracy, and stay audit-ready with the latest compliance updates. Real-world case studies and practical tools will empower you to drive continuous improvement in CDI, improve patient outcomes, and enhance organizational efficiency. Don’t miss this opportunity to advance your CDI practices and stay ahead in this dynamic field.
Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P, for an insightful webcast on improving inpatient clinical documentation integrity (CDI). Inaccurate documentation can lead to misdiagnosis, improper treatment, and compromised patient safety. High workloads, lack of standardized practices, and outdated EHR systems contribute to these issues, affecting care quality and financial outcomes. Angela will offer practical strategies and tools to enhance accuracy, consistency, and timeliness in documentation. Attendees will learn to use standardized templates, checklists, and advanced EHR systems, while staying compliant with regulations. Improve patient care, ensure accurate billing, and reduce audit risks with actionable insights from this essential webcast.
This webcast, presented by Tiffany Ferguson, LMSW, CMAC, ACM, addresses the critical gap in Social Determinants of Health (SDoH) reporting for pediatric populations. While SDoH efforts often focus on adults, this session emphasizes the unique needs of children. Attendees will gain insights into the current state of SDoH, new pediatric Z-codes, and the importance of interdisciplinary collaboration. By understanding and applying pediatric-specific SDoH factors, healthcare professionals can improve data capture, compliance, and care outcomes. This webcast is essential for those looking to enhance their approach to pediatric SDoH reporting and coding.
Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, VP of CDM, for a webcast addressing oncology service coding challenges. Learn to navigate coding for infusions and injections alongside Evaluation and Management (E/M) services, ensuring compliance and accurate reimbursement. Gain insights into documenting E/M services for oncology patients and determining medical necessity. This webcast is essential to optimize coding practices, maintain compliance, and maximize revenue in oncology care.
During this webcast Dr. Ronald Hirsch delves into the inpatient admission order process including when to get it, when it becomes effective, its impact on billing and payment, who can write it, how to cancel it, the effects on the beneficiary, and more. You’ll leave with a clear understanding of inpatient orders and guidelines for handling improper orders that you can implement immediately.
Michelle Wieczorek explores challenges, strategies, and best practices to AI implementation and ongoing monitoring in the middle revenue cycle through real-world use cases. She addresses critical issues such as the validation of AI algorithms, the importance of human validation in machine learning, and the delineation of responsibilities between buyers and vendors.
Copyright © 2024 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
