| OVERVIEW | | | | |
| | | | To provide added value, a healthcare provider |
| Operating a medical practice is assiduous | | | | wishes to establish an easy and affordable |
| work requiring great attention to detail on a | | | | way to give their patients medical advice |
| variety of fronts. Patient privacy has always | | | | over the web. The provider must have the |
| Been an important concept in the medical | | | | ability to send and receive protected medical |
| profession. New laws are taking this notion a | | | | advice from work or home and cannot afford |
| step further, making it mandatory for medical | | | | the installation, maintenance and expensive |
| facilities to protect individually | | | | licensing fees associated with available |
| identifiable health information. Government | | | | server-based solutions. Furthermore, the |
| regulations such as the Health Insurance | | | | caregiver's patients are largely |
| Portability and Accountability Act (HIPAA) | | | | non-technical and will not bother with |
| and others stipulate the how your digital | | | | cumbersome key exchange, s/mime and other |
| records containing sensitive patient | | | | requirements commonly associated with widely |
| information should be kept secure, but caring | | | | available encryption technologies. |
| for your patient's privacy is just good | | | | |
| business. | | | | Additionally, encryption software does not |
| | | | protect content after it has been delivered. |
| One of the most time and labor consuming | | | | Once opened, the patient's identifiable |
| tasks in maintaining an electronic medical | | | | medical information is totally exposed; email |
| record is importing non-digital patient | | | | can be accidentally forwarded, laptops and |
| information such as radiology reports, | | | | PCs can be lost or sold with PHI remaining on |
| hospital dictation and consultation/referral | | | | the hard-drive, patient info could be leaked |
| letters is an extremely time and labor | | | | via virus, spy-ware or Trojan worm. |
| consuming task in maintaining an electronic | | | | Unauthorized individuals gain access and |
| medical record. This is unfortunate because | | | | doctor-patient confidentiality is breached. |
| most of this information is already in | | | | The caregiver must be able to ensure that |
| digital format at the sender's location but | | | | received documents remain encrypted and can |
| printed to paper for transit. Transmitting | | | | be deleted from the patient's computer after |
| digital information securely, however, can be | | | | a given time. How can the healthcare provider |
| problematic at best. Simply emailing a | | | | utilize the power of email to give medical |
| document to an intended recipient would | | | | advice while keeping sensitive patient data |
| potentially violate a patient's privacy since | | | | secure? |
| the mail could be intercepted in transit or | | | | |
| read by unauthorized persons on the | | | | Taceo helps healthcare professionals meet |
| destination email server before it is | | | | HIPAA requirements for the secure storage, |
| downloaded. Also, it would be impossible to | | | | transmission and delivery of identifiable |
| tell whether or not the document was tampered | | | | patient information. Taceo makes the sending |
| with or was sent by someone electronically | | | | and receiving of secured email and documents |
| pretending to be someone else. For example, | | | | quick and easy. From the desktop or MS |
| to promote office efficiency, medical offices | | | | Outlook®, providers can encrypt and apply |
| that want to allow physicians to provide | | | | usage permissions to control and prevent |
| electronic mail as a means to transmit | | | | actions as forwarding, cut/copy/paste, |
| information are forced to have an "email | | | | printing and disabling the Print Screen key. |
| disclaimer" that can not guarantee the | | | | Email and documents can also be set to |
| privacy of information contained in an email. | | | | "expire" and will become unreadable at a |
| The information may be confidential and | | | | given time and date. |
| subject to protection under the law, but the | | | | |
| fact remains that no real protection is | | | | Taceo is by no means a comprehensiven overall |
| provided as a preventative for security | | | | HIPAA security solution, however if used |
| breach of your information. | | | | properly can help your business to |
| | | | inexpensively meet most of the critical |
| Whether you are a healthcare provider, payer | | | | rules. |
| or pharmaceutical company you have electronic | | | | |
| information that must be protected. Essential | | | | TACEO FEATURES AND BENEFITS |
| Taceo virtually eliminates the costs | | | | |
| associated with safeguarding Protected Health | | | | • Protect EPHI from theft, misdirection |
| Information (PHI). With Taceo you are now | | | | and unauthorized distribution. • Allows |
| free to email medical advice to your | | | | primary care providers and specialists to |
| patients, send prescription requests to the | | | | instantly and securely share patient records |
| smallest of pharmacies and safely deliver | | | | with little cost. • Enables patients to |
| patient records to referral doctors. | | | | easily access and securely reply to protected |
| | | | emails containing medical advice, |
| HEALTH INSURANCE PORTABILITY AND | | | | prescription information and more from their |
| ACCOUNTABILITY ACT (HIPAA) | | | | home or work computers. • Gives |
| | | | off-site providers an easy method to access |
| The Health Insurance Portability and | | | | and reply to secure email sent across |
| Accountability Act (HIPAA) of 1996 was | | | | disparate computing environments • |
| designed to create a new national standard | | | | Affordable security beyond the office |
| for protecting the privacy of patient's | | | | firewall. Taceo can ensure the proper use and |
| health information. HIPAA also focused on | | | | protection of EPHI no matter where it travels |
| improving the efficiency and effectiveness of | | | | or where it is stored. • Helps ensure |
| the Healthcare system, by encouraging the | | | | authenticity of EPHI with digital signatures. |
| development and adoption of Electronic Data | | | | • Improve productivity by using the web |
| Interchange (EDI) between healthcare | | | | to instantly & securely share sensitive data. |
| providers, payers and pharmaceutical | | | | • Taceo offers an affordable way to |
| organizations. HIPAA also stipulates the | | | | securely store sensitive information on site. |
| strict requirement for organizations to | | | | • Prevent unauthorized access to your |
| establish safeguards to protect the integrity | | | | documents. • Prevent unauthorized |
| and confidentiality of an individual's | | | | distribution (no forwarding) • Prevent |
| Protected Health Information (PHI). HIPAA | | | | document editing (no cut, copy, paste) |
| applies to individual healthcare providers, | | | | • Set expiration time/date on email & |
| health plans, and healthcare insurance | | | | documents. • Ensures confidentiality |
| providers. The law also pertains to | | | | and privacy. • Securely and permanently |
| organizations that deal with the electronic | | | | delete files to Department of Defense |
| PHI of customers, employers and patients. | | | | standards (DOD 5220.22-M). • Patients |
| Civil and criminal penalties can result from | | | | can download Taceo for free. • Meet |
| noncompliance and security violations. | | | | regulatory compliance requirements for |
| | | | privacy - HIPAA, PIPEDA, 21 CFR Part 11, |
| PENALTIES FOR HIPAA VIOLATIONS | | | | Sarbanes-Oxley |
| | | | |
| HIPAA calls for civil and criminal penalties | | | | REDUCING YOUR VULNERABILIIES |
| for security and privacy breaches. General | | | | |
| failure to comply is $100 per penalty; | | | | No security software in the world is 100% |
| violations of an identical requirement may | | | | unbreakable, even the most advanced digital |
| not exceed $25,000 per year. For example: it | | | | encryption techniques can be broken or |
| would be considered a violation to email | | | | circumvented by some person or organization |
| claim or file with identifiable patient | | | | with enough motivation, time and money. Taceo |
| information that is not encrypted. Even | | | | does not totally negate the risk of |
| though one requirement may not exceed | | | | information leakage, for example a malicious |
| $25,000, HIPAA has more than 15 named | | | | individual could take a digital photo of the |
| security standards, which if repeatedly | | | | screen or re-type the content into another |
| violated could quickly grow to more than | | | | document and distribute it. However, Taceo |
| $375,000. More severe criminal penalties also | | | | considerably reduces the risk that sensitive |
| apply to more flagrant HIPAA violations. | | | | data can be disseminated to unauthorized |
| Wrongful disclosure of PHI can result in a | | | | individuals or groups. Taceo Safeguards |
| $50,000 penalty and up to one year in prison. | | | | remain with the data no matter where it |
| Offense with intent to sell of misuse | | | | travels or where it is stored. Even if a CD |
| patients protected health information is | | | | or USB thumb-drive containing protected data |
| punishable with a maximum $250,000 fine and | | | | is stolen, the information contained therein |
| or 10 years Imprisonment. | | | | will remain encrypted and cannot be opened by |
| | | | unauthorized recipients. |
| TACEO: HELPING TO NAVIGATE THE HIPAA | | | | |
| MINEFIELD - COMMON HIPAA SCENARIOS AND TACEO | | | | THE ANALOGUE TO DIGITAL MIGRATION |
| | | | |
| Medical office wishes to refer and | | | | Although it is often difficult to make the |
| identifiable PHI to another healthcare | | | | initial switch to using digital patient |
| provider. | | | | records, the cost savings can be profound, |
| | | | especially when amortized over a number of |
| A primary care physician examines an | | | | years. Benefits include better accuracy in |
| individual and determines that he would like | | | | health records, less time spent transcribing |
| to send the patient to another provider for | | | | patient notes, filling prescriptions and |
| further diagnosis or treatment. The physician | | | | receiving quicker payment from insurance |
| then asks his/her assistant to assemble and | | | | companies. For the most part many healthcare |
| email the patient's history and physical | | | | practitioners have been slow to adopt digital |
| (H&P), imaging reports, labs, progress notes, | | | | medical records, as of April 2005 only 16.4% |
| etc. to the off-site healthcare provider for | | | | of doctors in the United States had made the |
| review. Unfortunately, the physician and his | | | | switch. Reasons most often cited for the slow |
| assistant are in now violation of HIPAA | | | | adoption has been the costs in time and |
| regulations. | | | | money. Fear of complicated regulations also |
| | | | slow the transition; once records are in the |
| Unprotected email is like sending a post-card | | | | digital realm HIPAA standards must be |
| through cyber-space. While transiting it is | | | | strictly adhered. |
| routed through multiple servers, an email | | | | |
| containing patient PHI can be easily read by | | | | Although the task appears daunting, |
| people other than the designated recipient | | | | individual and smaller medical practices can |
| (the off-site provider). Furthermore, the | | | | cost-effectively make the digital transition |
| patient's records, because of an accidental | | | | with largely low cost, off-the-shelf |
| keystroke, could be unintentionally | | | | components. |
| misdirected to an unknown party, thereby | | | | |
| increasing the severity of the security | | | | Taceo, from Essential Security Software |
| breach. The physician's assistant could have | | | | should be an integral part of any digital |
| used Taceo to protect the email and | | | | migration plan. Taceo can help your office |
| attachments. With the quick click of a button | | | | secure the storage and transmission of PHI. |
| the worker could have prohibited the patient | | | | Because Taceo can be used on almost any PC, |
| records from being printed, forwarded and | | | | it can be used to "bridge the gap" with |
| edited. The outgoing documents would be | | | | offices of other healthcare providers that |
| encrypted and un-accessible to anyone besides | | | | have not yet made the switch to digital |
| the intended recipient healthcare provider. | | | | records. Whether digital or analog, all |
| (Even if the receiving healthcare provider is | | | | organizations that deal with patient medical |
| not fully set-up to work with electronic | | | | information are subject to HIPAA ordinances. |
| patient healthcare information, they can | | | | |
| still securely view patient records without | | | | SUMMARY |
| violating patient confidentiality.) | | | | |
| | | | Any healthcare provider or organization that |
| On-line Pharmaceutical Provider | | | | works with patient healthcare data is at risk |
| | | | for losing control of this information. |
| A pharmaceutical provider fills prescriptions | | | | Unprotected electronic files containing |
| via on-line ordering, but cannot meet HIPAA | | | | sensitive data can easily be accessed, |
| secure transmission requirements for emailing | | | | altered, stolen and re-distributed to |
| regarding prescriptions and medications, | | | | unauthorized parties. Electronic protected |
| order confirmation, and other information to | | | | health information (EPHI) is subject to |
| their patients. The organization could resort | | | | stringent HIPAA regulations; penalties for |
| to analog methods such as calling each | | | | violation of HIPAA rules can result in stiff |
| individual customer or sending information to | | | | fines and jail time. Loss of EPHI can place |
| the customers via standard post, however | | | | healthcare organizations at great financial |
| these methods are very inefficient and cost | | | | and legal risk. |
| prohibitive. To meet HIPAA regulations the | | | | |
| on-line prescription provider must shoulder | | | | Taceo, from Essential Security Software can |
| the burden of hiring and training a number of | | | | help small to mid-size healthcare providers |
| new employees at great cost. What is the | | | | mitigate these risks. Taceo can also help |
| on-line pharmacy to do? | | | | organizations meet HIPAA requirements for the |
| | | | secure transmission, access and integrity of |
| With Taceo, the pharmaceutical provider can | | | | EPHI. Taceo is effective, affordable and |
| securely send prescription information, order | | | | easy-to-use software that enables healthcare |
| confirmations and more to their clientele. | | | | providers to securely store, transmit and |
| The confidentiality and integrity of emails | | | | receive sensitive data. Taceo can encrypt and |
| containing protected health information (PHI) | | | | help control access to almost any file. |
| is enforced and maintained even after | | | | Protected email and documents are safeguarded |
| delivery. Nearly any customer with a PC1 can | | | | against unauthorized forwarding, editing, |
| easily download the free version of Taceo, | | | | coping, and printing or screen capture. Taceo |
| enabling them receive and reply protected | | | | opens up a new realm of possibilities never |
| email. | | | | available before with such ease and |
| | | | affordability. Healthcare providers can |
| Taceo's usage permissions interface provides | | | | securely email medical information to their |
| the company with an effective way to assign | | | | patients. Pharmacies can use Taceo to send |
| flexible rights management controls based on | | | | prescription order information to doctors and |
| the profile of the client. Emails Containing | | | | customers alike. |
| prescription information can be set to expire | | | | |
| when no longer valid. | | | | Caregivers can quickly and securely |
| | | | collaborate with off-site specialists thereby |
| Healthcare giver wishes to provide individual | | | | ensuring patients receive good treatment and |
| patients medical advice via email | | | | much more. |