| OVERVIEW
| |
| | individual patients medical advice via
|
| Operating a medical practice is assiduous
| |
| | email
|
| work requiring great attention to detail
| |
| | To provide added value, a healthcare
|
| on a variety of fronts. Patient privacy
| |
| | provider wishes to establish an easy and
|
| has always Been an important concept in
| |
| | affordable way to give their patients
|
| the medical profession. New laws are
| |
| | medical advice over the web. The provider
|
| taking this notion a step further, making
| |
| | must have the ability to send and receive
|
| it mandatory for medical facilities to
| |
| | protected medical advice from work or
|
| protect individually identifiable health
| |
| | home and cannot afford the installation,
|
| information. Government regulations such
| |
| | maintenance and expensive licensing fees
|
| as the Health Insurance Portability and
| |
| | associated with available server-based
|
| Accountability Act (HIPAA) and others
| |
| | solutions. Furthermore, the caregiver's
|
| stipulate the how your digital records
| |
| | patients are largely non-technical and
|
| containing sensitive patient information
| |
| | will not bother with cumbersome key
|
| should be kept secure, but caring for
| |
| | exchange, s/mime and other requirements
|
| your patient's privacy is just good
| |
| | commonly associated with widely available
|
| business.
| |
| | encryption technologies.
|
| One of the most time and labor consuming
| |
| | Additionally, encryption software does
|
| tasks in maintaining an electronic
| |
| | not protect content after it has been
|
| medical record is importing non-digital
| |
| | delivered. Once opened, the patient's
|
| patient information such as radiology
| |
| | identifiable medical information is
|
| reports, hospital dictation and
| |
| | totally exposed; email can be
|
| consultation/referral letters is an
| |
| | accidentally forwarded, laptops and PCs
|
| extremely time and labor consuming task
| |
| | can be lost or sold with PHI remaining on
|
| in maintaining an electronic medical
| |
| | the hard-drive, patient info could be
|
| record. This is unfortunate because most
| |
| | leaked via virus, spy-ware or Trojan
|
| of this information is already in digital
| |
| | worm. Unauthorized individuals gain
|
| format at the sender's location but
| |
| | access and doctor-patient confidentiality
|
| printed to paper for transit.
| |
| | is breached. The caregiver must be able
|
| Transmitting digital information
| |
| | to ensure that received documents remain
|
| securely, however, can be problematic at
| |
| | encrypted and can be deleted from the
|
| best. Simply emailing a document to an
| |
| | patient's computer after a given time.
|
| intended recipient would potentially
| |
| | How can the healthcare provider utilize
|
| violate a patient's privacy since the
| |
| | the power of email to give medical advice
|
| mail could be intercepted in transit or
| |
| | while keeping sensitive patient data
|
| read by unauthorized persons on the
| |
| | secure?
|
| destination email server before it is
| |
| | Taceo helps healthcare professionals meet
|
| downloaded. Also, it would be impossible
| |
| | HIPAA requirements for the secure
|
| to tell whether or not the document was
| |
| | storage, transmission and delivery of
|
| tampered with or was sent by someone
| |
| | identifiable patient information. Taceo
|
| electronically pretending to be someone
| |
| | makes the sending and receiving of
|
| else. For example, to promote office
| |
| | secured email and documents quick and
|
| efficiency, medical offices that want to
| |
| | easy. From the desktop or MS
|
| allow physicians to provide electronic
| |
| | Outlook®, providers can encrypt and
|
| mail as a means to transmit information
| |
| | apply usage permissions to control and
|
| are forced to have an "email disclaimer"
| |
| | prevent actions as forwarding, cut/copy
|
| that can not guarantee the privacy of
| |
| | paste, printing and disabling the Print
|
| information contained in an email. The
| |
| | Screen key. Email and documents can also
|
| information may be confidential and
| |
| | be set to "expire" and will become
|
| subject to protection under the law, but
| |
| | unreadable at a given time and date.
|
| the fact remains that no real protection
| |
| | Taceo is by no means a comprehensiven
|
| is provided as a preventative for
| |
| | overall HIPAA security solution, however
|
| security breach of your information.
| |
| | if used properly can help your business
|
| Whether you are a healthcare provider,
| |
| | to inexpensively meet most of the
|
| payer or pharmaceutical company you have
| |
| | critical rules.
|
| electronic information that must be
| |
| | TACEO FEATURES AND BENEFITS
|
| protected. Essential Taceo virtually
| |
| | • Protect EPHI from theft, misdirection
|
| eliminates the costs associated with
| |
| | and unauthorized distribution. • Allows
|
| safeguarding Protected Health Information
| |
| | primary care providers and specialists to
|
| (PHI). With Taceo you are now free to
| |
| | instantly and securely share patient
|
| email medical advice to your patients,
| |
| | records with little cost. • Enables
|
| send prescription requests to the
| |
| | patients to easily access and securely
|
| smallest of pharmacies and safely deliver
| |
| | reply to protected emails containing
|
| patient records to referral doctors.
| |
| | medical advice, prescription information
|
| HEALTH INSURANCE PORTABILITY AND
| |
| | and more from their home or work
|
| ACCOUNTABILITY ACT (HIPAA)
| |
| | computers. • Gives off-site providers
|
| The Health Insurance Portability and
| |
| | an easy method to access and reply to
|
| Accountability Act (HIPAA) of 1996 was
| |
| | secure email sent across disparate
|
| designed to create a new national
| |
| | computing environments • Affordable
|
| standard for protecting the privacy of
| |
| | security beyond the office firewall.
|
| patient's health information. HIPAA also
| |
| | Taceo can ensure the proper use and
|
| focused on improving the efficiency and
| |
| | protection of EPHI no matter where it
|
| effectiveness of the Healthcare system,
| |
| | travels or where it is stored. • Helps
|
| by encouraging the development and
| |
| | ensure authenticity of EPHI with digital
|
| adoption of Electronic Data Interchange
| |
| | signatures. • Improve productivity by
|
| (EDI) between healthcare providers,
| |
| | using the web to instantly & securely
|
| payers and pharmaceutical organizations.
| |
| | share sensitive data. • Taceo offers an
|
| HIPAA also stipulates the strict
| |
| | affordable way to securely store
|
| requirement for organizations to
| |
| | sensitive information on site. •
|
| establish safeguards to protect the
| |
| | Prevent unauthorized access to your
|
| integrity and confidentiality of an
| |
| | documents. • Prevent unauthorized
|
| individual's Protected Health Information
| |
| | distribution (no forwarding) • Prevent
|
| (PHI). HIPAA applies to individual
| |
| | document editing (no cut, copy, paste)
|
| healthcare providers, health plans, and
| |
| | • Set expiration time/date on email &
|
| healthcare insurance providers. The law
| |
| | documents. • Ensures confidentiality
|
| also pertains to organizations that deal
| |
| | and privacy. • Securely and permanently
|
| with the electronic PHI of customers,
| |
| | delete files to Department of Defense
|
| employers and patients. Civil and
| |
| | standards (DOD 5220.22-M). • Patients
|
| criminal penalties can result from
| |
| | can download Taceo for free. • Meet
|
| noncompliance and security violations.
| |
| | regulatory compliance requirements for
|
| PENALTIES FOR HIPAA VIOLATIONS
| |
| | privacy - HIPAA, PIPEDA, 21 CFR Part 11,
|
| HIPAA calls for civil and criminal
| |
| | Sarbanes-Oxley
|
| penalties for security and privacy
| |
| | REDUCING YOUR VULNERABILIIES
|
| breaches. General failure to comply is
| |
| | No security software in the world is 100%
|
| $100 per penalty; violations of an
| |
| | unbreakable, even the most advanced
|
| identical requirement may not exceed
| |
| | digital encryption techniques can be
|
| $25,000 per year. For example: it would
| |
| | broken or circumvented by some person or
|
| be considered a violation to email claim
| |
| | organization with enough motivation, time
|
| or file with identifiable patient
| |
| | and money. Taceo does not totally negate
|
| information that is not encrypted. Even
| |
| | the risk of information leakage, for
|
| though one requirement may not exceed
| |
| | example a malicious individual could take
|
| $25,000, HIPAA has more than 15 named
| |
| | a digital photo of the screen or re-type
|
| security standards, which if repeatedly
| |
| | the content into another document and
|
| violated could quickly grow to more than
| |
| | distribute it. However, Taceo
|
| $375,000. More severe criminal penalties
| |
| | considerably reduces the risk that
|
| also apply to more flagrant HIPAA
| |
| | sensitive data can be disseminated to
|
| violations. Wrongful disclosure of PHI
| |
| | unauthorized individuals or groups. Taceo
|
| can result in a $50,000 penalty and up to
| |
| | Safeguards remain with the data no matter
|
| one year in prison. Offense with intent
| |
| | where it travels or where it is stored.
|
| to sell of misuse patients protected
| |
| | Even if a CD or USB thumb-drive
|
| health information is punishable with a
| |
| | containing protected data is stolen, the
|
| maximum $250,000 fine and/or 10 years
| |
| | information contained therein will remain
|
| Imprisonment.
| |
| | encrypted and cannot be opened by
|
| TACEO: HELPING TO NAVIGATE THE HIPAA
| |
| | unauthorized recipients.
|
| MINEFIELD - COMMON HIPAA SCENARIOS AND
| |
| | THE ANALOGUE TO DIGITAL MIGRATION
|
| TACEO
| |
| | Although it is often difficult to make
|
| Medical office wishes to refer and
| |
| | the initial switch to using digital
|
| identifiable PHI to another healthcare
| |
| | patient records, the cost savings can be
|
| provider.
| |
| | profound, especially when amortized over
|
| A primary care physician examines an
| |
| | a number of years. Benefits include
|
| individual and determines that he would
| |
| | better accuracy in health records, less
|
| like to send the patient to another
| |
| | time spent transcribing patient notes,
|
| provider for further diagnosis or
| |
| | filling prescriptions and receiving
|
| treatment. The physician then asks his
| |
| | quicker payment from insurance companies.
|
| her assistant to assemble and email the
| |
| | For the most part many healthcare
|
| patient's history and physical (H&P),
| |
| | practitioners have been slow to adopt
|
| imaging reports, labs, progress notes,
| |
| | digital medical records, as of April 2005
|
| etc. to the off-site healthcare provider
| |
| | only 16.4% of doctors in the United
|
| for review. Unfortunately, the physician
| |
| | States had made the switch. Reasons most
|
| and his assistant are in now violation of
| |
| | often cited for the slow adoption has
|
| HIPAA regulations.
| |
| | been the costs in time and money. Fear of
|
| Unprotected email is like sending a
| |
| | complicated regulations also slow the
|
| post-card through cyber-space. While
| |
| | transition; once records are in the
|
| transiting it is routed through multiple
| |
| | digital realm HIPAA standards must be
|
| servers, an email containing patient PHI
| |
| | strictly adhered.
|
| can be easily read by people other than
| |
| | Although the task appears daunting,
|
| the designated recipient (the off-site
| |
| | individual and smaller medical practices
|
| provider). Furthermore, the patient's
| |
| | can cost-effectively make the digital
|
| records, because of an accidental
| |
| | transition with largely low cost,
|
| keystroke, could be unintentionally
| |
| | off-the-shelf components.
|
| misdirected to an unknown party, thereby
| |
| | Taceo, from Essential Security Software
|
| increasing the severity of the security
| |
| | should be an integral part of any digital
|
| breach. The physician's assistant could
| |
| | migration plan. Taceo can help your
|
| have used Taceo to protect the email and
| |
| | office secure the storage and
|
| attachments. With the quick click of a
| |
| | transmission of PHI. Because Taceo can be
|
| button the worker could have prohibited
| |
| | used on almost any PC, it can be used to
|
| the patient records from being printed,
| |
| | "bridge the gap" with offices of other
|
| forwarded and edited. The outgoing
| |
| | healthcare providers that have not yet
|
| documents would be encrypted and
| |
| | made the switch to digital records.
|
| un-accessible to anyone besides the
| |
| | Whether digital or analog, all
|
| intended recipient healthcare provider.
| |
| | organizations that deal with patient
|
| (Even if the receiving healthcare
| |
| | medical information are subject to HIPAA
|
| provider is not fully set-up to work with
| |
| | ordinances.
|
| electronic patient healthcare
| |
| | SUMMARY
|
| information, they can still securely view
| |
| | Any healthcare provider or organization
|
| patient records without violating patient
| |
| | that works with patient healthcare data
|
| confidentiality.)
| |
| | is at risk for losing control of this
|
| On-line Pharmaceutical Provider
| |
| | information. Unprotected electronic files
|
| A pharmaceutical provider fills
| |
| | containing sensitive data can easily be
|
| prescriptions via on-line ordering, but
| |
| | accessed, altered, stolen and
|
| cannot meet HIPAA secure transmission
| |
| | re-distributed to unauthorized parties.
|
| requirements for emailing regarding
| |
| | Electronic protected health information
|
| prescriptions and medications, order
| |
| | (EPHI) is subject to stringent HIPAA
|
| confirmation, and other information to
| |
| | regulations; penalties for violation of
|
| their patients. The organization could
| |
| | HIPAA rules can result in stiff fines and
|
| resort to analog methods such as calling
| |
| | jail time. Loss of EPHI can place
|
| each individual customer or sending
| |
| | healthcare organizations at great
|
| information to the customers via standard
| |
| | financial and legal risk.
|
| post, however these methods are very
| |
| | Taceo, from Essential Security Software
|
| inefficient and cost prohibitive. To meet
| |
| | can help small to mid-size healthcare
|
| HIPAA regulations the on-line
| |
| | providers mitigate these risks. Taceo can
|
| prescription provider must shoulder the
| |
| | also help organizations meet HIPAA
|
| burden of hiring and training a number of
| |
| | requirements for the secure transmission,
|
| new employees at great cost. What is the
| |
| | access and integrity of EPHI. Taceo is
|
| on-line pharmacy to do?
| |
| | effective, affordable and easy-to-use
|
| With Taceo, the pharmaceutical provider
| |
| | software that enables healthcare
|
| can securely send prescription
| |
| | providers to securely store, transmit and
|
| information, order confirmations and more
| |
| | receive sensitive data. Taceo can encrypt
|
| to their clientele. The confidentiality
| |
| | and help control access to almost any
|
| and integrity of emails containing
| |
| | file. Protected email and documents are
|
| protected health information (PHI) is
| |
| | safeguarded against unauthorized
|
| enforced and maintained even after
| |
| | forwarding, editing, coping, and printing
|
| delivery. Nearly any customer with a PC1
| |
| | or screen capture. Taceo opens up a new
|
| can easily download the free version of
| |
| | realm of possibilities never available
|
| Taceo, enabling them receive and reply
| |
| | before with such ease and affordability.
|
| protected email.
| |
| | Healthcare providers can securely email
|
| Taceo's usage permissions interface
| |
| | medical information to their patients.
|
| provides the company with an effective
| |
| | Pharmacies can use Taceo to send
|
| way to assign flexible rights management
| |
| | prescription order information to doctors
|
| controls based on the profile of the
| |
| | and customers alike.
|
| client. Emails Containing prescription
| |
| | Caregivers can quickly and securely
|
| information can be set to expire when no
| |
| | collaborate with off-site specialists
|
| longer valid.
| |
| | thereby ensuring patients receive good
|
| Healthcare giver wishes to provide
| |
| | treatment and much more.
|
