Memorial Hospital, a not-for-profit independent community hospital provides acute and  primary  care to more than 40,000 residents of Union County and five surrounding counties.  Memorial’s IT staff is currently rolling out DigitalPersona’s strong authentication solution to more than 600 employees.  Memorial Hospital required a solution that would provide authorized users with quick, secure access to PCs in compliance with HIPAA.  Authorized users include Memorial Hospital’s full-time employees as well as contingent employees who only work at the hospital two or three days each month.  Given that they work at many hospitals and have to remember logins for many different systems, contingent staff traditionally have the highest password reset rate.

“The DigitalPersona solution provides quick, secure access to our electronic systems including our EHR, improving clinician-patient interaction at the point of care,” said Carl Zani, information systems director at Memorial Hospital of Union County.  ”Since deploying DigitalPersona Pro, we’ve experienced a reduction in helpdesk calls for password resets, particularly from contingent staff.  This improves overall efficiency and reduces our IT costs.”

The DigitalPersona solution includes DigitalPersona Pro Workstation software, DigitalPersona Pro Server for Active Directory, DigitalPersona Pro ID Server and U.are.U® Fingerprint Readers.  With Memorial Hospital’s accelerated timescale, it was critical to find a solution that would fit seamlessly into their existing infrastructure.  DigitalPersona Pro Server integrates tightly with the hospital’s Active Directory infrastructure.  DigitalPersona Pro ID Server enables users to log-in from any fingerprint enabled computer within the hospital.  Memorial Hospital will provide users with fingerprint authentication to all enterprise applications including Claims Administrator, Pathways Compliance Advisor, Embla, Medtuity, IMPAX, OBIX, Horizon Patient Folder, Horizon Business Folder, Softlab, Paragon, and Systoc.

“DigitalPersona is providing Memorial Hospital with a turnkey biometric authentication solution for both point-of-care and back-office applications that drives down costs and increases security,” said Jim Fulton, vice president of marketing, DigitalPersona, Inc. “DigitalPersona Pro is ideal for helping healthcare organizations leverage Stimulus funds to make a quick and seamless transition to a secure EHR system.”

They describe the Survival guide on their website as :  a “forest from the trees” overview of the HIPAA Privacy and Security rules. The genesis of these rules is covered in the Background section of this document. The Survival Guide only targets a subset of covered entities, namely providers. Furthermore, the Survival Guide focuses mostly on small providers, since this group will clearly be the most challenged by new laws and regulations, especially if their baseline understanding of HIPAA is lacking.

The Survival Guide was developed as a collaborative effort between an attorney and a registered nurse both licensed in the State of Florida.  In addition the authors, both individually and collectively, have significant technology experience.

The Digital Business Law Group, P.A., (Carlos Leyva’s firm) has also launched a FREE HITECH/HIPAA Compliance newsletter that may be of interest to those who want to keep abreast of the changes as they occur.   If you are interested, sign up for the free newsletter, at http://www.digitalbusinesslawgroup.com.

This incredibly useful guide is available at no cost and is a must read for small practitioners.

Thanks to Deborah for letting us know about the Guide and newsletter.

It’s not for the reasons that you might think  “Of course Electronic Health Records (EHR) are getting all the attention in the media. And certainly implementing an EHR system will be a major IT undertaking for any healthcare provider. But more importantly, and what is not being talked about, are the major changes to the Health Insurance Portability and Accountability Act (HIPAA) that snuck in as part of the American Recovery and Reinvestment Act of 2009 (ARRA).”

Buckardt continues “Contained within ARRA was a significant increase in the penalties for HIPAA violations and significant changes in the administration of HIPAA.”

Prior to ARRA, HIPAA was administered via a voluntary compliance approach with a maximum penalty of $25,000. This approach has changed under ARRA. The maximum annual civil penalty per violation is now $1.5 million. As of February 17th Health and Human Services has been given the statutory duty to investigate HIPAA violations and State attorneys general can now bring suit against both covered entities and their business associates when a HIPAA violation occurs.

Whether you are implementing an EHR system or not Buckardt’s advice to healthcare providers of all sizes is this; “Make sure your practice undergoes a thorough IT security audit from an independent 3rd party expert, especially if you will be implementing an EHR solution. The stakes are simply too high not to take this precaution.”

Konsultek’s white paper titled Is There an IT Doctor in the House? Dealing With the HIPAA Security Rule and EHR Security Compliance in a Small Healthcare Practice is available to those interested in learning more about HIPAA compliance issues and the security considerations surrounding EHR.

To request your copy of the white paper simply email or call 847.426.9355

With approximately 320 employees, the CareCenter provides care for some 500 terminally ill patients across 13 counties. The organization maintains close ties with local communities and offers grief counseling to any resident in the area, frequently working with children struggling to cope with bereavement. In mid 2007, the CareCenter decided to move to an electronic medical records system (EMR) that would enable its approximate 120 nurses, social workers and chaplains to use laptops to access the patient database, enter data in real time, and see the most up to date information on each individual patient as they move from home to home.

The overriding concern of the CareCenter was to secure the system to ensure compliance with HIPAA regulations and maintain patient confidentiality. They turned to Secure Designs (SDI), their managed security services provider for more than seven years, to find the most efficient yet simple way to effect the change.

Guided by SDI’s Chief Technology Officer Ron Culler, the CareCenter decided to implement a user friendly secure remote access system based on the SSL-VPN 2000 appliance with NetExtender from SonicWALL (Nasdaq: SNWL). At the heart of the network are SonicWALL PRO Series firewall appliances, paired to ensure redundancy and continual uptime. The CareCenter’s remote offices are connected via TZ 180 small office appliances. The entire security network is monitored and managed from SDI’s network operations center in Greensboro, NC.

Troy Chappell, Network Administrator at the CareCenter, oversaw the project and championed the adoption of a new IT-aware mindset among nursing and other staff. “It was a great implementation,” he commented. “There was not one hiccup with the SonicWALL system. The system has been fault free for a year and a half and we haven’t had to touch it since then. The SDI team takes care of monitoring and maintenance of the SonicWALL systems, so I don’t need to worry about those issues.”

Learning curve
Chappell added, “The initial learning curve was a challenge for some of the clinical staff. Some of our clinical people were not technically oriented. Luckily, the SonicWALL SSL-VPN with NetExtender is a very easy solution. After getting the staff set up the first time, there has been no problem. ”

Chappell and his staff addressed the issue of training by working with small groups over a period of 9 months. The IT training focused on helping staff to understand practices such as basic laptop usage, login procedures, security protocols, remote connection, patient database usage and synchronization.

Benefits
For the first 90 days after training, remote workers were required to come into the office every day to sync their assessments. This allowed management to check that procedures were being followed correctly. Clinical staff were then trained and allowed to synchronize remotely. The EMR system is now delivering real benefits to the organization, its staff and especially to the patients.

Kathy Cecil, Vice President of Finance and Operations for the CareCenter, explained, “We are achieving savings on printing, copying and mileage costs. Prior to the EMR project, paperwork had to be filed in the patient’s chart after staff returned their information to the office. Time sheets were filled out manually by clinical staff and data entry done by an administrative person. Our new EMR provides us with near-real time data and we are far more efficient, since assessments and time sheets are all completed electronically and synchronized throughout the day.”

Staff have benefited from the additional flexibility in their schedules, which has improved clinical satisfaction and retention. Seamless transfer of knowledge between Hospice staff has proved very popular with patients and their families. The benefits of the system are especially evident when an accelerating case calls for rapid medication and dosage changes and clinical staff have access to up to date information readily available.

“We believe this has put us ahead of the curve,” said Cecil. “Regulations will require electronic documentation in the near future and we are already there.” Another benefit has been the ease of auditing the clinical documentation for both internal sources and external regulatory bodies. Hard charts are still maintained for paperwork requiring original signatures or copies of pertinent information from outside medical facilities. All other clinical information is secured in the patient data base system.

For Troy Chappell, the IT challenges of the project have been eased by SDI’s technical expertise and hands-on approach. He commented, “They worked with us through the project, found answers to our questions, and made adjustments promptly. Post-implementation has been very smooth. SDI’s monitoring spots problems before we know they exist and helps us avoid downtime. By being proactive themselves, SDI has helped us stay proactive too.”

Pam Dixon — executive director of World Privacy Forum and author of a 2006 medical identity theft report — said that number likely has increased since 2007 because more people are using electronic health records that do not have adequate safeguards.

According to the Times, medical identities can be stolen through several means, including:

• Social Security numbers;
• Insurance information such as member IDs and group policy numbers; and
• By health care workers.

While there are protections for traditional identity theft, the Times reports that no such protections exist specifically for medical identity theft.

To read the rest of this article please see the ihealthbeat.org website here.