| OVERVIEW | | | | To provide added value, a healthcare provider |
| Operating a medical practice is assiduous work | | | | wishes to establish an easy and affordable way |
| requiring great attention to detail on a variety of | | | | to give their patients medical advice over the |
| fronts. Patient privacy has always Been an | | | | web. The provider must have the ability to send |
| important concept in the medical profession. New | | | | and receive protected medical advice from work |
| laws are taking this notion a step further, making | | | | or home and cannot afford the installation, |
| it mandatory for medical facilities to protect | | | | maintenance and expensive licensing fees |
| individually identifiable health information. | | | | associated with available server-based solutions. |
| Government regulations such as the Health | | | | Furthermore, the caregiver's patients are largely |
| Insurance Portability and Accountability Act | | | | non-technical and will not bother with cumbersome |
| (HIPAA) and others stipulate the how your digital | | | | key exchange, s/mime and other requirements |
| records containing sensitive patient information | | | | commonly associated with widely available |
| should be kept secure, but caring for your | | | | encryption technologies. |
| patient's privacy is just good business. | | | | Additionally, encryption software does not protect |
| One of the most time and labor consuming tasks | | | | content after it has been delivered. Once opened, |
| in maintaining an electronic medical record is | | | | the patient's identifiable medical information is |
| importing non-digital patient information such as | | | | totally exposed; email can be accidentally |
| radiology reports, hospital dictation and | | | | forwarded, laptops and PCs can be lost or sold |
| consultation/referral letters is an extremely time | | | | with PHI remaining on the hard-drive, patient info |
| and labor consuming task in maintaining an | | | | could be leaked via virus, spy-ware or Trojan |
| electronic medical record. This is unfortunate | | | | worm. Unauthorized individuals gain access and |
| because most of this information is already in | | | | doctor-patient confidentiality is breached. The |
| digital format at the sender's location but printed | | | | caregiver must be able to ensure that received |
| to paper for transit. Transmitting digital | | | | documents remain encrypted and can be deleted |
| information securely, however, can be problematic | | | | from the patient's computer after a given time. |
| at best. Simply emailing a document to an | | | | How can the healthcare provider utilize the power |
| intended recipient would potentially violate a | | | | of email to give medical advice while keeping |
| patient's privacy since the mail could be | | | | sensitive patient data secure? |
| intercepted in transit or read by unauthorized | | | | Taceo helps healthcare professionals meet HIPAA |
| persons on the destination email server before it | | | | requirements for the secure storage, transmission |
| is downloaded. Also, it would be impossible to tell | | | | and delivery of identifiable patient information. |
| whether or not the document was tampered with | | | | Taceo makes the sending and receiving of |
| or was sent by someone electronically pretending | | | | secured email and documents quick and easy. |
| to be someone else. For example, to promote | | | | From the desktop or MS Outlook®, providers |
| office efficiency, medical offices that want to | | | | can encrypt and apply usage permissions to |
| allow physicians to provide electronic mail as a | | | | control and prevent actions as forwarding, cut |
| means to transmit information are forced to have | | | | copy/paste, printing and disabling the Print Screen |
| an "email disclaimer" that can not guarantee the | | | | key. Email and documents can also be set to |
| privacy of information contained in an email. The | | | | "expire" and will become unreadable at a given |
| information may be confidential and subject to | | | | time and date. |
| protection under the law, but the fact remains | | | | Taceo is by no means a comprehensiven overall |
| that no real protection is provided as a | | | | HIPAA security solution, however if used properly |
| preventative for security breach of your | | | | can help your business to inexpensively meet |
| information. | | | | most of the critical rules. |
| Whether you are a healthcare provider, payer or | | | | TACEO FEATURES AND BENEFITS |
| pharmaceutical company you have electronic | | | | • Protect EPHI from theft, misdirection |
| information that must be protected. Essential | | | | and unauthorized distribution. • Allows |
| Taceo virtually eliminates the costs associated | | | | primary care providers and specialists to instantly |
| with safeguarding Protected Health Information | | | | and securely share patient records with little cost. |
| (PHI). With Taceo you are now free to email | | | | • Enables patients to easily access and |
| medical advice to your patients, send prescription | | | | securely reply to protected emails containing |
| requests to the smallest of pharmacies and safely | | | | medical advice, prescription information and more |
| deliver patient records to referral doctors. | | | | from their home or work computers. • |
| HEALTH INSURANCE PORTABILITY AND | | | | Gives off-site providers an easy method to |
| ACCOUNTABILITY ACT (HIPAA) | | | | access and reply to secure email sent across |
| The Health Insurance Portability and Accountability | | | | disparate computing environments • |
| Act (HIPAA) of 1996 was designed to create a | | | | Affordable security beyond the office firewall. |
| new national standard for protecting the privacy | | | | Taceo can ensure the proper use and protection |
| of patient's health information. HIPAA also focused | | | | of EPHI no matter where it travels or where it is |
| on improving the efficiency and effectiveness of | | | | stored. • Helps ensure authenticity of |
| the Healthcare system, by encouraging the | | | | EPHI with digital signatures. • Improve |
| development and adoption of Electronic Data | | | | productivity by using the web to instantly & |
| Interchange (EDI) between healthcare providers, | | | | securely share sensitive data. • Taceo |
| payers and pharmaceutical organizations. HIPAA | | | | offers an affordable way to securely store |
| also stipulates the strict requirement for | | | | sensitive information on site. • Prevent |
| organizations to establish safeguards to protect | | | | unauthorized access to your documents. |
| the integrity and confidentiality of an individual's | | | | • Prevent unauthorized distribution (no |
| Protected Health Information (PHI). HIPAA applies | | | | forwarding) • Prevent document editing |
| to individual healthcare providers, health plans, and | | | | (no cut, copy, paste) • Set expiration |
| healthcare insurance providers. The law also | | | | time/date on email & documents. • |
| pertains to organizations that deal with the | | | | Ensures confidentiality and privacy. • |
| electronic PHI of customers, employers and | | | | Securely and permanently delete files to |
| patients. Civil and criminal penalties can result from | | | | Department of Defense standards (DOD |
| noncompliance and security violations. | | | | 5220.22-M). • Patients can download |
| PENALTIES FOR HIPAA VIOLATIONS | | | | Taceo for free. • Meet regulatory |
| HIPAA calls for civil and criminal penalties for | | | | compliance requirements for privacy - HIPAA, |
| security and privacy breaches. General failure to | | | | PIPEDA, 21 CFR Part 11, Sarbanes-Oxley |
| comply is $100 per penalty; violations of an | | | | REDUCING YOUR VULNERABILIIES |
| identical requirement may not exceed $25,000 | | | | No security software in the world is 100% |
| per year. For example: it would be considered a | | | | unbreakable, even the most advanced digital |
| violation to email claim or file with identifiable | | | | encryption techniques can be broken or |
| patient information that is not encrypted. Even | | | | circumvented by some person or organization |
| though one requirement may not exceed | | | | with enough motivation, time and money. Taceo |
| $25,000, HIPAA has more than 15 named security | | | | does not totally negate the risk of information |
| standards, which if repeatedly violated could | | | | leakage, for example a malicious individual could |
| quickly grow to more than $375,000. More severe | | | | take a digital photo of the screen or re-type the |
| criminal penalties also apply to more flagrant | | | | content into another document and distribute it. |
| HIPAA violations. Wrongful disclosure of PHI can | | | | However, Taceo considerably reduces the risk |
| result in a $50,000 penalty and up to one year in | | | | that sensitive data can be disseminated to |
| prison. Offense with intent to sell of misuse | | | | unauthorized individuals or groups. Taceo |
| patients protected health information is punishable | | | | Safeguards remain with the data no matter |
| with a maximum $250,000 fine and/or 10 years | | | | where it travels or where it is stored. Even if a |
| Imprisonment. | | | | CD or USB thumb-drive containing protected data |
| TACEO: HELPING TO NAVIGATE THE HIPAA | | | | is stolen, the information contained therein will |
| MINEFIELD - COMMON HIPAA SCENARIOS AND | | | | remain encrypted and cannot be opened by |
| TACEO | | | | unauthorized recipients. |
| Medical office wishes to refer and identifiable PHI | | | | THE ANALOGUE TO DIGITAL MIGRATION |
| to another healthcare provider. | | | | Although it is often difficult to make the initial |
| A primary care physician examines an individual | | | | switch to using digital patient records, the cost |
| and determines that he would like to send the | | | | savings can be profound, especially when |
| patient to another provider for further diagnosis | | | | amortized over a number of years. Benefits |
| or treatment. The physician then asks his/her | | | | include better accuracy in health records, less time |
| assistant to assemble and email the patient's | | | | spent transcribing patient notes, filling prescriptions |
| history and physical (H&P), imaging reports, labs, | | | | and receiving quicker payment from insurance |
| progress notes, etc. to the off-site healthcare | | | | companies. For the most part many healthcare |
| provider for review. Unfortunately, the physician | | | | practitioners have been slow to adopt digital |
| and his assistant are in now violation of HIPAA | | | | medical records, as of April 2005 only 16.4% of |
| regulations. | | | | doctors in the United States had made the switch. |
| Unprotected email is like sending a post-card | | | | Reasons most often cited for the slow adoption |
| through cyber-space. While transiting it is routed | | | | has been the costs in time and money. Fear of |
| through multiple servers, an email containing | | | | complicated regulations also slow the transition; |
| patient PHI can be easily read by people other | | | | once records are in the digital realm HIPAA |
| than the designated recipient (the off-site | | | | standards must be strictly adhered. |
| provider). Furthermore, the patient's records, | | | | Although the task appears daunting, individual and |
| because of an accidental keystroke, could be | | | | smaller medical practices can cost-effectively |
| unintentionally misdirected to an unknown party, | | | | make the digital transition with largely low cost, |
| thereby increasing the severity of the security | | | | off-the-shelf components. |
| breach. The physician's assistant could have used | | | | Taceo, from Essential Security Software should |
| Taceo to protect the email and attachments. With | | | | be an integral part of any digital migration plan. |
| the quick click of a button the worker could have | | | | Taceo can help your office secure the storage |
| prohibited the patient records from being printed, | | | | and transmission of PHI. Because Taceo can be |
| forwarded and edited. The outgoing documents | | | | used on almost any PC, it can be used to "bridge |
| would be encrypted and un-accessible to anyone | | | | the gap" with offices of other healthcare |
| besides the intended recipient healthcare provider. | | | | providers that have not yet made the switch to |
| (Even if the receiving healthcare provider is not | | | | digital records. Whether digital or analog, all |
| fully set-up to work with electronic patient | | | | organizations that deal with patient medical |
| healthcare information, they can still securely view | | | | information are subject to HIPAA ordinances. |
| patient records without violating patient | | | | SUMMARY |
| confidentiality.) | | | | Any healthcare provider or organization that |
| On-line Pharmaceutical Provider | | | | works with patient healthcare data is at risk for |
| A pharmaceutical provider fills prescriptions via | | | | losing control of this information. Unprotected |
| on-line ordering, but cannot meet HIPAA secure | | | | electronic files containing sensitive data can easily |
| transmission requirements for emailing regarding | | | | be accessed, altered, stolen and re-distributed to |
| prescriptions and medications, order confirmation, | | | | unauthorized parties. Electronic protected health |
| and other information to their patients. The | | | | information (EPHI) is subject to stringent HIPAA |
| organization could resort to analog methods such | | | | regulations; penalties for violation of HIPAA rules |
| as calling each individual customer or sending | | | | can result in stiff fines and jail time. Loss of EPHI |
| information to the customers via standard post, | | | | can place healthcare organizations at great financial |
| however these methods are very inefficient and | | | | and legal risk. |
| cost prohibitive. To meet HIPAA regulations the | | | | Taceo, from Essential Security Software can help |
| on-line prescription provider must shoulder the | | | | small to mid-size healthcare providers mitigate |
| burden of hiring and training a number of new | | | | these risks. Taceo can also help organizations |
| employees at great cost. What is the on-line | | | | meet HIPAA requirements for the secure |
| pharmacy to do? | | | | transmission, access and integrity of EPHI. Taceo |
| With Taceo, the pharmaceutical provider can | | | | is effective, affordable and easy-to-use software |
| securely send prescription information, order | | | | that enables healthcare providers to securely |
| confirmations and more to their clientele. The | | | | store, transmit and receive sensitive data. Taceo |
| confidentiality and integrity of emails containing | | | | can encrypt and help control access to almost |
| protected health information (PHI) is enforced and | | | | any file. Protected email and documents are |
| maintained even after delivery. Nearly any | | | | safeguarded against unauthorized forwarding, |
| customer with a PC1 can easily download the free | | | | editing, coping, and printing or screen capture. |
| version of Taceo, enabling them receive and reply | | | | Taceo opens up a new realm of possibilities never |
| protected email. | | | | available before with such ease and affordability. |
| Taceo's usage permissions interface provides the | | | | Healthcare providers can securely email medical |
| company with an effective way to assign flexible | | | | information to their patients. Pharmacies can use |
| rights management controls based on the profile | | | | Taceo to send prescription order information to |
| of the client. Emails Containing prescription | | | | doctors and customers alike. |
| information can be set to expire when no longer | | | | Caregivers can quickly and securely collaborate |
| valid. | | | | with off-site specialists thereby ensuring patients |
| Healthcare giver wishes to provide individual | | | | receive good treatment and much more. |
| patients medical advice via email | | | | |