Wednesday, October 19, 2016

Ten HIPAA Security Tips Saving Small Practice’s Time, Money and Reputation

This article was submitted by contributing author, Vic Berger.

My business practice focuses on helping organizations understand their risks related to security. Cyber Security is one risk every organization struggles with. Small businesses face the same types of risks as bigger companies but lack the staffing and resources to respond the same as a large organization. I am frequently asked by small business owners “What cost effective recommendations would you make for my business to make it more secure?” Here are my top ten recommendations for small businesses when dealing with information security.

1.                  Have A Written Security Policy
Every business needs a good written information security policy. This is the basis for your security plan, as well as your legal safety net when something happens. There is no single action a company can take that is more important. Yet this is often the first issue I find in audits of companies of every size, and in every sector.  The plan needs to be well written; read and understood by every employee in the company; and consistently maintained.  There are numerous templates and examples of security policies on the internet. Many consulting companies will tailor a stock plan to suit your organization.

2.                  Encrypt Everything
The first rule of I.T. security is “no solution is perfect 100% of the time”. You cannot always trust prevention methods to keep your data safe. The only way to consistently assure the protection of your data is to encrypt it so it cannot be read. This is especially important with cloud or internet based storage accounts. Dropbox, Google Drive, OneDrive, Box, and Egnyte are all great tools, but no cloud provider will guarantee the security of your data, and all have recently been breached. My basic rule of thumb is: if it is on the internet, consider it public access unless you have encrypted it. You can encrypt your cloud storage using a simple to use (and free for personal use) encryption program from nCryptedcloud that supports Dropbox, Box, Google Drive, OneDrive, and Egnyte available at  You can also use a portable USB format hardware encryption and key management device from BlackSquare called Enigma, at for personal and small business encryption on portable devices, computers, and cloud accounts.
3.                  Protect Your Website
Current information security statistics indicate that 85% of all websites have one or more significant security vulnerabilities. I apply patches to my websites almost daily to keep up with newly discovered vulnerabilities. There are three basic types of websites, with three different recommendations based on what you use:
A.      A static web page with basic company information that doesn’t change. Your biggest risk is disruption or defacing of this type of website. Your hosting provider or ISP will take care of the service disruption. For defacing, keep a good site backup and do a complete CLEAN restore as soon as possible (hackers leave behind gotchas).
B.      An interactive or dynamic web site with user content and/or e-commerce. Often these are created using a standard Content Management Software (CMS) package like WordPress, Joomla, or Drupal.  These are best left to a professional company to update and manage if possible. If you must do it yourself, get a good book on securing your type of CMS. Subscribe to the vulnerability notification feed for your CMS type (all of the common solutions have this). Check your website against new vulnerabilities often.
C.      A site dedicated to internet e-commerce or a highly interactive site where users log in to access content.  Hire this one out! Do not try to do this yourself unless information security is your core business, or you have an I.T. staff with specialized training and certifications in internet security.

4.                  Data Backups
I see irreplaceable data lost almost every day. I have seen it in government agencies, fortune 500 companies, and in every industry vertical. It can be from a data breach, a hardware failure, a natural disaster, or from human error. Whatever the reason, there is no excuse for not having good backups. You should have at least one full data backup per week. More if your data changes frequently. Store the backups offsite, and somewhere safe.  I suggest the granite vault at Perpetual Storage, it is the safest storage site in the country. You should also buy a GoBox and store everything you would need to rebuild your business after a major disaster.

5.                  Avoid Consumer Grade
If you can buy an I.T. product at a local box store, electronics retailer, or office supply store it is probably consumer grade, and not designed for business. This includes firewalls, routers, wireless access points, servers, storage, networking devices, tape drives, or anything that protects, moves, or manages your data. Yes, commercial grade is more expensive, for a reason: It Is Commercial Grade! Consumer grade security equipment was designed to protect a few ports and protocols commonly used by consumers. Business applications use different ports and protocols. It either does not run behind consumer grade equipment or you have to poke holes in your security to make it work. Consumer grade security is also easy to breach. Commercial grade uses much better security methods, and is consistently tested. Call your local I.T. reseller and ask them what they recommend.

6.                  Know Your Risks
Knowing what you have, that would be of value to someone else, helps you determine what to focus on to protect. Do you have sensitive or privileged data? Is your data unique or valuable? Are there government regulations like HIPAA or Sarbanes-Oxley that affect your industry? Are customers or consumers ever given access to your data? How many employees do you have, and what risk areas do they create? Beyond what is already addressed elsewhere in this whitepaper, as a minimum you need: Antivirus (web search free antivirus), Anti spyware (web search free anti-spyware), and a good security shell for your organization (Try Arellia If you have customers that are EVER by your work computers you need an anti-keystroke logging solution (StrikeForce Your mail and web should have mandatory content filters (either through your ISP or your firewall).

7.                  Plan For BYOD
BYOD stands for bring your own device. This is a huge shift in the government and corporate sector, but probably business as usual in small businesses. Small businesses often use what they have, even if it is a personal device. This is increasingly creating security issues. What your employees, knowingly or unknowingly, have on their devices, and what they do with them in their own time is now brought into your environment. This can open up security holes as well as create liability issues. Make sure that BYOD is clearly defined and covered in your security policy. There is technology that can restrict the security vulnerabilities of personal devices, so ask your local I.T. reseller for assistance. Finally, make sure your employees clearly understand your expectations and limits where BYOD is concerned.
8.                  Who Is Guarding The Sheep
This applies whether you are a fortune 500 company or a small business. I.T. administrators have great power. They can view privileged information, and have an extremely high level of system access and control, more than even the owners and senior executives of the company. This is a great responsibility, but also a huge temptation. It is very common to discover that I.T. administrators have been inside payroll files, HR files, or other personal or sensitive material. A good security shell like Arellia (see #6) creates log files to review, but that means that someone has to faithfully do this. Again, start with policy and clearly define responsibilities and expectations. Two person integrity is always prudent where money and manpower permit. And as always, rule #2 applies: Encrypt everything!

9.                  Physical Security Is Information Security
Theft is about opportunities, and criminals use them very effectively. Data from a stolen laptop is easier to obtain than hacking. Why brute force passwords when you can easily install a keystroke logger. A screwdriver to the back door is as good as a key if there is no other security. You must have good physical security policies and practices to have good information security. Cameras are effective and have become reasonably cheap. Programs that wipe stolen devices are commonly available. Keeping sensitive information and records locked away after hours deters opportunistic thieves. Think like a criminal, and then protect yourself from what you would exploit.

10.              Know When To Call For Help
             I am a passable plumber, marginal carpenter, and just plain dislike auto mechanics. I can do all three if required but usually end up spending more time, effort, and money than what I had intended. I can tackle small jobs but I leave the major projects to the professionals. I.T. Security is a highly specialized field with significant training and experience necessary to operate at a professional level. Your whiz kid nephew, who is good with computers, does not have that level of training or the required experience. This is especially important when there is an incident. Less than 3% of all I.T. professionals have the security experience and certification necessary to handle a data breach. I leave significant plumbing, carpentry, and auto mechanics jobs to the professionals, leave your major I.T. security issues to the professionals as well.

This article was submitted by a contributing author:
Vic Berger
CEO, Opsis Technologies

For more information on protecting your office regarding this issue or additional HIPAA, OSHA, HR, and Medicare resources, please visit our web site: or email support at:

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Tuesday, October 18, 2016

2016 Ongoing HIPAA Training: Saving You 3 Months When You Breach PHI

Time for a HIPAA Check Up From the Neck Up!

This training will Save You 3 Months After You Breach PHI! 

Recovering from the Breach:
1) Steals Your TIME!
2) Destroys Your REPUTATION!
3) Ruins Your CAREER!

Creating a Culture of HIPAA Privacy and Security is one of the biggest challenges facing Healthcare Providers and Business Associates today! Why? You Don't Have ANY SPARE TIME!

In this training HCSI will guide you through the process of how to develop a Culture of Compliance so that when the Auditor comes knocking at your door you are spending minutes with him instead of MONTHS!

What to Expect in the Training:
1-How to develop an effective Risk Analysis.
2-How to develop policies and procedures.
3-How to develop a Compliance Plan in case of an audit.

For more information on protecting your office regarding this issue or additional HIPAA, OSHA, HR, and Medicare resources, please visit our web site: or email support at:

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Thursday, October 13, 2016

Cutting the Fat from 2016 Compliance Officer Duties: HIPAA, OSHA, Medicare, HR

As you know, HIPAA, OSHA, Medicare, Human Resource Management have each established their own ongoing requirements for Compliance Officers, per location.

Would you agree that this list of duties can be confusing and overwhelming?

This is why we are going to have a training that will help cut the fat from these lists of responsibilities to help compliance officers who are also front desk, office managers, assistants, or even doctors 
to focus on the core procedures that must be documented and communicated to staff.

Also, Exciting news...we think!!! I'm going to be rolling out a HUGE Incentive Program for you!

I'm not going to roll out the red carpet with all the details of our Incentive Program until the webinar, but what I can say is that it involves HCSI mailing you $100 Holiday Gift Cards in October! 

Again, this webinar is going to do two things:
1) "Check up from the neck up": Ongoing Compliance Officer Duties
2) "Roll out the Red Carpet": Incentive Program

Who should watch this webinar:
•           Doctors
•           Practice Management (Office Manager, Assistants, etc.)
•           Compliance Officers (HIPAA, OSHA…)
•           Staff (Front Desk, Back Office, IT, etc.)

(Allow 1 hour for the training)

This video can also be viewed on YouTube, at:

For more information on protecting your office regarding this issue or additional HIPAA, OSHA, HR, and Medicare resources, please visit our web site: or email support at:

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Wednesday, October 12, 2016

Fire Safety and Extinguisher Use in Healthcare Facilities


In 2006-2010, U.S. fire departments responded to an estimated average of 6,240 structure fires in or on health care properties per year. These fires caused an average of six civilian deaths, 171 civilian injuries and $52.1 million in direct property damage annually. Almost half (46%) were at nursing homes, and almost one-quarter (23%) were in hospitals or hospices. Cooking equipment was involved in three out of five (61%) fires; dryers were involved in 7%, 6% were intentionally set; another 6% were started by smoking materials, and heating equipment was also involved in 6%. Only 4% of these fires spread beyond the room of origin. Causes, circumstances, and extent of fire spread varied by occupancy.

This graphic provides estimates of fire frequency and associated losses for reported fires in: all health care properties; in nursing homes; in hospitals or hospices; in mental health facilities caring for those with developmental disabilities, mental retardation, mental illness or substance abuse issues; and in clinics or doctors’ offices. Estimates were derived from NFPA’s fire department survey and the USFA’s National Fire Incident Reporting System (NFIRS).
Introduction to Fire and the Proper Use and Maintenance of Extinguishers

This is The Fire Triangle. Actually, it's a tetrahedron, because there are four elements that must be present for a fire to exist. There must be oxygen to sustain combustion, heat to raise the material to its ignition temperature, fuel to support the combustion and a chemical reaction between the other three elements.
Remove any one of the four elements to extinguish the fire.
The concept of Fire Protection is based upon keeping these four elements separate.

Types of Fires

Not all fires are the same. Different fuels create different fires and require different types of fire extinguishing agents.

Class A Class A

Class A fires are fires in ordinary combustibles such as wood, paper, cloth, trash, and plastics.

Class B Class B

Class B fires are fires in flammable liquids such as gasoline, petroleum oil and paint. Class B fires also include flammable gases such as propane and butane. Class B fires do not include fires involving cooking oils and grease.

Class C Class C

Class C fires are fires involving energized electical equipment such as motors, transformers, and appliances. Remove the power and the Class C fire becomes one of the other classes of fire.

Class D Class D

Class D fires are fires in combustible metals such as potassium, sodium, aluminum, and magnesium.

Class K Class K

Class K fires are fires in cooking oils and greases such as animals fats and vegetable fats.
Some types of fire extinguishing agents can be used on more than one class of fire. Others have warnings where it would be dangerous for the operator to use a particular fire extinguishing agent.

Types of Fire Extinguishers

Water and foam extinguishers Water and Foam

Water and Foam fire extinguishers extinguish the fire by taking away the heat element of the fire triangle. Foam agents also separate the oxygen element from the other elements.
Water extinguishers are for Class A fires only - they should not be used on Class B or C fires. The discharge stream could spread the flammable liquid in a Class B fire or could create a shock hazard on a Class C fire.

CO2 Extinguisher Carbon Dioxide

Carbon Dioxide fire extinguishers extinguish fire by taking away the oxygen element of the fire triangle and also be removing the heat with a very cold discharge.
Carbon dioxide can be used on Class B & C fires. They are usually ineffective on Class A fires.

Dry Chemical

Dry ChemicalDry Chemical fire extinguishers extinguish the fire primarily by interrupting the chemical reaction of the fire triangle.
Today's most widely used type of fire extinguisher is the multipurpose dry chemical that is effective on Class A, B, and C fires. This agent also works by creating a barrier between the oxygen element and the fuel element on Class A fires.
Ordinary dry chemical is for Class B & C fires only. It is important to use the correct extinguisher for the type of fuel! Using the incorrect agent can allow the fire to re-ignite after apparently being extinguished successfully.

Wet Chemical Extinguisher Wet Chemical

Wet Chemical is a new agent that extinguishes the fire by removing the heat of the fire triangle and prevents re-ignition by creating a barrier between the oxygen and fuel elements.
Wet chemical of Class K extinguishers were developed for modern, high efficiency deep fat fryers in commercial cooking operations. Some may also be used on Class A fires in commercial kitchens.

Clean Agent

Halogenated or Clean Agent extinguishers include the halon agents as well as the newer and less ozone depleting halocarbon agents. They extinguish the fire by interrupting the chemical reaction of the fire triangle.
Clean agent extinguishers are primarily for Class B & C fires. Some larger clean agent extinguishers can be used on Class A, B, and C fires.

Dry Powder

Dry Powder extinguishers are similar to dry chemical except that they extinguish the fire by separating the fuel from the oxygen element or by removing the heat element of the fire triangle.
However, dry powder extinguishers are for Class D or combustible metal fires, only. They are ineffective on all other classes of fires.

Water Mist
Water Mist extinguishers

Water Mist extinguishers are a recent development that extinguish the fire by taking away the heat element of the fire triangle. They are an alternative to the clean agent extinguishers where contamination is a concern.
Water mist extinguishers are primarily for Class A fires, although they are safe for use on Class C fires as well.

Cartridge Operated Dry Chemical
Cartridge-Operated Dry Chemical extinguishers

Cartridge Operated Dry Chemical fire extinguishers extinguish the fire primarily by interrupting the chemical reaction of the fire triangle.
Like the stored pressure dry chemical extinguishers, the multipurpose dry chemical is effective on Class A, B, and C fires. This agent also works by creating a barrier between the oxygen element and the fuel element on Class A fires.
Ordinary dry chemical is for Class B & C fires only. It is important to use the correct extinguisher for the type of fuel! Using the incorrect agent can allow the fire to re-ignite after apparently being extinguished successfully.

Fire Extinguisher Chart
Fire Extinguisher Chart

The Rules for Fighting Fires

Just remember the three A's

ACTIVATE the building alarm system or notify the fire department by calling 911. Or, have someone else do this for you.
ASSIST any persons in immediate danger, or those incapable on their own, to exit the building, without risk to yourself.
Only after these two are completed should you ATTEMPT to extinguish the fire.

Only fight a fire if:

  • The fire is small and contained
  • You are safe from toxic smoke
  • You have a means of escape
  • Your instincts tell you it's OK

Fire Extinguisher Use

  • It is important to know the locations and the types of extinguishers in your workplace prior to actually using one.
  • Fire extinguishers can be heavy, so it's a good idea to practice picking up and holding an extinguisher to get an idea of the weight and feel.
  • Take time to read the operating instructions and warnings found on the fire extinguisher label. Not all fire extinguishers look alike.
  • Practice releasing the discharge hose or horn and aiming it at the base of an imagined fire. Do not pull the pin or squeeze the lever. This will break the extinguisher seal and cause it to lose pressure.
When it is time to use the extinguisher on a fire, just remember PASS!
Pull the pin.
Aim the nozzle or hose at the base of the fire from the recommended safe distance.
Squeeze the operating lever to discharge the fire extinguishing agent.
Starting at the recommended distance, Sweep the nozzle or hose from side to side until the fire is out. Move forward or around the fire area as the fire diminishes. Watch the area in case of re-ignition.
Fire Extinguisher Inspection
Like any mechanical device, fire extinguishers must be maintained on a regular basis to ensure their proper operation. You, the owner or occupant of the property where the fire extinguishers are located, are responsible for arranging your fire extinguishers' maintenance.
Fire extinguishers must be inspected or given a "quick check" every 30 days. For most extinguishers, this is a job that you can easily do by locating the extinguishers in your workplace and answering the three questions below.
  • Is the extinguisher in the correct location?
  • Is it visible and accessible?
  • Does the gauge or pressure indicator show the correct pressure?

Fire Extinguisher Maintenance

In addition, fire extinguishers must be maintained annually in accordance with local, state, and national codes and regulations. This is a thorough examination of the fire extinguisher's mechanical parts, fire extinguishing agent, and the expellent gas. Your fire equipment professional is the ideal person to perform the annual maintenance because they have the appropriate servicing manuals, tools, recharge materials, parts, lubricants, and the necessary training and experience.
Fire Safety Preparation and Followup
Ensure that your ENTIRE staff has completed their OSHA compliance training. Verify that your OSHA Compliance Officer and/or HR department have properly done the following:
  • Have all fire safety alarms, detectors, exit signs, fire doors, emergency lights, etc. Properly inspected by qualified building maintenance staff and/or the local fire department.
  • Developed safe emergency evacuation routes and have these posted in readily available areas visible to both staff and patients.
  • Have regular fire drills and instruct employees on the use of alarms, extinguishers, and other emergency procedures in your Fire Safety Plan.
  • Train with your staff often enough that they feel confident and knowledgeable in the event of an emergency. Fires happen and move quickly. Your staff needs to know how to notify 911, and move themselves and patients quickly and efficiently to a safe location.
For more information on protecting your office regarding this issue or additional HIPAA, OSHA, HR, and Medicare resources, please visit our web site: or email support at

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Wednesday, October 5, 2016

Time To Remind Staff About Holiday Decoration Safety Rules

Workplace Holiday Season Safety
Halloween, Thanksgiving, Christmas, Hanukkah, Kwanzaa, New Years and other holidays inspire staff members to set up decorations. These initiatives are often done with good intentions, meant to bring a touch of cheer or team festivity to a sometimes sterile healthcare office environment, but you will bear the blame if any decorations result in fire or occupational safety hazards.

Decorating the workplace can result in falls and dangerous tripping hazards. Avoid placing trees, gifts, Halloween decor (particularly dangerous or flammable cob web, steamers and banners) or other freestanding decorations in busy areas where people might run into them or trip over them. Always use the proper step stool or ladder to reach high places safely, not chairs or other unstable furniture. Before using a ladder, read and follow the manufacturer's instructions and do not exceed recommended usage limits. Potential trips over cords or decorations, slips and falls are workers’ compensation claims waiting to happen.
It's also essential to make sure that your holiday decor does not block exits, cover exit signage, or block access to fire safety equipment. Do not place any type of decorative items in exit corridors or hang decorations from or covering fire sprinklers.

General Holiday Safety Tips

Holiday Decorations
Holiday decorations should create higher morale at the workplace, not hazards and potential for accidents and injuries, so take proper precautions. Choose artificial greenery made of fire retardant materials for office decorating. All decorations (including trees, wreaths, curtains/drapes, hangings, etc.) should be either noncombustible (not all artificial trees are), inherently flame retardant (the label will say so), or have been treated with a flame retardant solution.


  • Consider an artificial tree, which poses less risk than a live one.
  • Make sure live tree has water at all times so as not to dry out & become a fire hazard.
  • Live trees can be safer when sprayed with flame retardant.
  • Live trees should be in a location that does not interfere with foot traffic. Do not allow blockage of your escape route--doorways, exits, or pathways.
  • Live trees do not belong near heat sources (vents, flames, space heaters, etc.) where they can dry out.
  • Keep in mind trees can be top heavy, so use a sturdy stand. Consider safely using support from thin guy wires attached to walls or ceilings, to keep them from falling over and injuring someone.

Electric Lights

  • Before plugging in electrical decorations, carefully check each set of lights, new or old, for broken or cracked sockets, frayed, loose or bare wires, or loose connections. Damaged sets may cause a serious electric shock or start a fire; if damaged, discard - do not attempt to repair. Always unplug a light string or electrical decoration before replacing light bulbs or fuses.
  • Don't overload extension cords, which could overheat and start a fire. Extension cords have different ratings so be sure to check before plugging in multiple light string sets.
  • Never tack or staple an extension cord to the wall or woodwork--it could damage the cord and create a fire hazard. Make sure cords do not dangle from counters and table tops where they can be pulled or tripped over.
  • If an extension cord is used in a busy area or crosses a walkway, secure with duct tape or cover with mats or carpet.
  • Consider using miniature lights with cool-burning bulbs. Use only lights that have been tested for safety, identified by a label from an independent testing laboratory, such as Underwriters Laboratory (UL). Use indoor lights only indoors and outside lights outdoors.
  • Fasten outdoor lights securely to trees, building, walls or other firm support to protect from wind damage. Don't mount or support light strings in any way that might damage the cord's wire insulation.
  • Never use electric lights on a metallic tree. The tree can become charged with electricity from faulty lights, and any person touching a branch could be electrocuted. To avoid this danger, use colored spotlights above or beside a tree, never fastened onto it.
  • Turn off all lights on trees and other decorations when you leave the workplace. Lights could short and start a fire.

Trimmings/Other Decorations

  • Use only non-combustible or flame-resistant materials. Choose tinsel, artificial icicles, plastic or non-leaded metals.
  • Wear gloves while decorating with spun glass "angel hair," which can irritate eyes and skin. A common substitute is non-flammable cotton. Both angel hair and cotton snow are flame retardant when used alone. However, if artificial snow is sprayed onto them, the dried combination will burn rapidly.
  • When spraying artificial snow on windows or other surfaces, be sure to follow directions carefully. These sprays can irritate your lungs if you inhale them.
  • Never place trimmings near open flames or electrical connections.


  • Contribute to 10,000 fires per year. They are generally not safe to use in the workplace.
  • Never use candles to decorate trees; keep away from flammable materials, such as boughs or wreaths, other decorations or wrapping paper, and curtains/drapes.
  • Never leave lit candles unattended, and extinguish before leaving the workplace.


  • Preparation for holiday parties: Decorate only with flame-retardant or noncombustible materials. If guests will be smoking, provide them with ashtrays and check them frequently. After the party, check around furniture and in trashcans for cigarette butts that may be smoldering.
  • Holiday food preparation: Thoroughly cook and serve foods at proper temperatures.  Refrigerate cooked leftovers within 2 hours at 40 degrees Fahrenheit (F) or below. More information can be found at
To summarize, using the list below should help keep you on the plus side of OSHA, your local fire authority and provide your staff a safe work environment during the holidays.
        NO decorative electrical lights of any kind in the patient vicinity (i.e., any room where a patient receives care).
        NO decorations that create a trip hazard (e.g. electrical cords or extension cords across halls or walkways).
        NO natural cut or once-live evergreen trees or garlands.
        NO artificial Christmas trees unless labeled or otherwise identified or certified as “flame retardant” or “flame resistant.”
        NO decorations that obstruct exits.
        NO combustible decorations. All decorations must be flame retardant and labeled as such. These decorations should always be kept away from ignition sources (e.g., light fixtures, electrical receptacles, etc.).
        NO decorations that are explosive or highly flammable (e.g., decorative crepe paper or pyroxylin plastic decorations).
        NO decorations that impair the visibility of an exit sign or portable fire extinguisher.
        NO decorations that impair the proper operation or the fire sprinkler system. Do not attach anything to sprinkler heads.
        NO decorations attached to painted surfaces with tape or staples. Hanging decorations from a ceiling grid is preferable.
        NO wall decorations in excess of 10% of the wall surface area.
Also consider declaring a date on which all holiday decorations must be taken down, which can help to eliminate any lingering compliance problems. Many facilities set the date of January 3 to conclude all holiday decorating activities.

Be safe and  enjoy the holiday season from HCSI!

Source(s):, http://www.foodsafety.gov,

To subscribe to this blog, enter your email address:

Delivered by FeedBurner