Tuesday, October 4, 2016

Those Pesky Password Changes!

This article was written by a contributing author.

So the IT guy says you have to renew your password every 30 to 60 days but we have so many passwords to remember in healthcare already!   Where they all are stored?  Electronic medical record systems, in the office,  hospital systems, insurance sites, HR systems, accounting and payroll systems etc.

You get the picture by now.

We are already so burdened down with patients, billing and revenue, coding correctly, pay cuts!
I understand it is so challenging to work in the healthcare now and the virtual world we now live in.
So why must we take this serious!  It seems innocent to let your co-worker use your password just this once until he or she receives theirs.

Everyone in healthcare need to understand these words “Cyber Attack”!  In 2015 there were 10 breaches all made in the month of December of very serious nature reported to HHS Office of Civil Rights.

Let’s take a look 5 of these breaches! 
1. 12/01: Centegra Health System, Il, affected 2,929 people.
A mailing snafu may have exposed personal information of patients.
2. 12:01: Cottage Health, Calif. Affected 11,000 people
In a statement, Cottage Health officials said limited information from as many as 11,000 patients was exposed.
"Cottage Health recently hired a team of cyber security experts to test our data systems," the statement said. "This team discovered a single server that was exposed. We immediately shut down this server and began an investigation."
3. 12/02 Univesity of Colorado Heath, Co. 827 people affected.
A nurse at Poudre Valley Hospital was fired for viewing patients' medical records out of personal curiosity, the Coloradoan reported.
University of Colorado Health, which operates PVH and Medical Center of the Rockies in Loveland, is notified patients that an employee inappropriately accessed their electronic medical records.
4. 12/03 Blue Cross Blue Shield of Nebraska, 1,872 people affected Blue Cross and Blue Shield of Nebraska notified beneficiaries that a printing error caused some dental explanation of benefits forms to be sent to the wrong customers. The forms revealed treatment and services that the insurer paid for their insured.
5. 12/8 Maine General Health and subsidiaries, 500 people affected
On Nov. 13, 2015, the FBI notified MaineGeneral that agents had detected MaineGeneral data on an external website that is not accessible by the general public. The data affected includes the dates of birth and emergency contact names, addresses, and telephone numbers for certain patients referred by a treating physician to MaineGeneral Medical Center for radiology services since June 2009.

These incidents can cost from thousands of dollars to millions of dollars.  Ways to avoid these problems!  Perform risk analysis assessments; provide education and training, policies and procedures.  Role playing can be helpful to make these situations real to your employees and to ensure success in the event of a breach or cyber attack.  The best advice I can offer is to treat these systems and records as if it is your own bank account.  Be consistent with your HIPAA training and make it a constant work in process!

Don’t fret be consistent take advantage of the people in the know that can make your life easier! 

Marchelle Cagle, CPC,CPC-I, CEMC,CPB,CMOM
Cagle Medical Consulting, LLC
consult@caglecpc.com


This article was written by a contributing author, Marchelle Cagle. We are always open to receiving well written articles from people who have experience working with the following topics: HIPAA, OSHA, Medicare, and Human Resources. If you would like to contribute to this blog by writing an article that will help others who could be in your same situation, please email your article to jhuff@hcsiinc.com. All well written articles will be considered for publication.