All affected patients were sent a notification letter regarding this error on May 15,2013;  a total of 8,330 patients were notified of the breach by LSU and Siemens Healthcare. An LSU website reported that the error occurred in a computer data entry field and was discovered during an investigation. The error caused the names and treatment information of one patient to align with a different patient’s mailing address.

Spokesperson Sally Croom, from LSU Health Shreveport, said that a variety of medical treatment data was compromised during the breach, including vaccination data, complete blood count tests and other medical tests. However, Croom confirmed that the letters didn’t contain any financial data, dates of birth of Social Security Numbers.

When asked by Healthcare IT News whether LSU or Siemens Healthcare was responsible for the database error, Croom said that both LSU and Siemens are focusing on fixing the problem and implementing safeguards for the database.

She went on to say that patient privacy has been very important to LSU Health Shreveport, and that they will continue to work with Siemens to ensure that the billing process is correctly accomplished without further errors.

Have questions about your healthcare data security?  Call Magnicom right away.  Our medical IT professionals understand the importance of securing patient information and keeping your clinic aligned with HIPAA/HITECH compliance requirements.

One Onion employee fell for the phishing attack. Once the SEA had access to this employee’s account, they used it to send the same email to multiple Onion employees. Here’s what happened:

• Other staff members at Onion clicked the link because it was sent to them by a trusted address.
• Most of Onion’s employees were smart enough to refrain from entering important login credentials.
• Unfortunately, two employees from Onion did enter their credentials.
• One of the employees had access to all of the company’s social media accounts.
• Once the company realized that an account was compromised, they sent out a company-wide email asking every employee to change their email passwords immediately.
• The attacker used their access to hack another undiscovered account
• The hacker sent a duplicated copy of the email, along with a link disguised as a password-reset link.
• This went undetected because the duplicated email wasn’t sent to IT teams or any member of the technical department.

The third phishing attack was the final one; it compromised two more accounts. One of the accounts was used for Onion’s Twitter account. Once the third attack occurred, the editorial staff at Onion published articles referencing the attack.  One of the articles is noted here:
Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels | The Onion – America’s Finest News Source.

These articles made the SEA angry, and in retaliation they posted editorial emails on Onion’s Twitter account. The staff at Onion decided that none of their accounts were safe because there was no way to tell which accounts had been compromised, and which hadn’t.  So all Onion employees were required to reset their passwords.

Ensure This Doesn’t Happen to You

The SEA wasn’t using complex methods of attack. This becomes clear when we examine incident, and others like this one such as the Guardian and Associated Press attacks. All of these attacks were accomplished using simple phishing strategies; possibly using dictionary attacks, that are easily preventable if you employ a few simple security measures.

• Keep email addresses for Twitter accounts isolated from emails that your staff typically uses. This will help ensure your Twitter accounts aren’t vulnerable to phishing.
• Always use unique and strong passwords for every account.
• Make sure that all users are educated and suspicious of any links asking for login information, regardless of who sent the link.
• To prevent a hacker from taking ownership of accounts, restrict all password-based access.
• Ensure that all Twitter activity goes through some kind of application such as HootSuite.
• Try to find a way to communicate to users without using their organizational email. The SEA posted screenshots of multiple internal security emails during the Guardian hack. This was probably due to a compromised email address that was overlooked.

Have questions about your business technology security?  Give us a call and book a time with our Information Technology security experts today.  We are your technology support experts, we are here to help you.

# 1—Identify Risks on PHI-Containing Systems

A risk analysis should be performed on PHI-containing systems to identify, assess and prioritize risks. Conducting a HIPAA risk analysis can also assist in developing strategies to safeguard these systems. These efforts are necessary to ensure protection of patient health information. 

#2—Prevent HITECH-Act Penalties

HIPAA requires that all healthcare entities conduct a risk analysis. The HITECH Act in 2009 increased enforcement and penalties under HIPAA; however, many healthcare entities still ignore this requirement. The Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services (HHS) impose severe monetary penalties for those who fail to conduct a HIPAA Risk Analysis.

#3—Prevent Data Breaches

A HIPAA Risk Analysis prevents data breaches by helping healthcare entities better understand their security status. Data breaches are a common occurrence as more healthcare entities have moved to Electronic Health Records (EHRs) and Electronic Medical Records (EMRs).  Digitized patient information improves efficiencies, cuts costs and improves healthcare system outcomes. The financial and reputational fallout that occurs from lost or breached patient data makes it well worth a company’s time and effort to conduct a risk analysis.

 #4—Meet Meaningful Use Requirements

The EHR Incentive Payment Program was created by HITECH to incentivize healthcare entities to conduct a risk analysis. Healthcare providers must demonstrate they are meaningful users of EHRs to qualify for payments under this program. In order to do this, they must confirm that they’ve conducted a risk analysis. Over $12.7 billion dollars have been paid out to 240,000 providers to date, and the Federal government has begun to question the program’s integrity.

So they’re searching for entities that have falsely attested to the necessary qualifications in order to recoup payments. All entities receiving payments under the EHR Incentive Payment Program that have not conducted a risk analysis are at risk of losing funding.

#5—Avoid Penalties Under The False Claims Act

Healthcare entities that have received EHR incentive payments without conducting a risk assessment will be held liable under the False Claims Act. The Office of Inspector General (OIG) has made this a top priority in 2013, and investigating alleged false attesters. Liability will be up to three times the amount of the EHR incentive payment, and healthcare entities that are found guilty may be excluded from Medicaid or Medicare. 

In Summary

Failing to conduct a HIPAA Risk Analysis may result in:

• Increases in data breaches;
• OCR monetary penalties;
• Centers for Medicaid and Medicare Services (CMS) recouping EHR incentive payments; and
• OIG enforcement under the False Claims Act, with liabilities of three times the EHR incentive payment, plus exclusion from all federally funded healthcare programs.

Magnicom is your trusted Atlanta-based medical and healthcare technology support provider.  We are here to help your practice succeed through effective and reliable technology support.

We offer medical practices and any organization impacted by the changes in compliance rules a HIPAA risk assessment.  Contact us to learn more at 678.727.7270.

Why is it Important to Choose the Right CRM Solution?

Once you’ve established the need for a CRM solution, you’re left with the matter of choosing the best one for your business. A CRM solution that works effectively for one company may not meet the needs of another.

This is why it’s important to choose the right solution that allows your business to provide your patrons with the best possible industry experience. Implementing the right CRM solution should be viewed as an investment, and chosen with great care because essentially, you’re selecting a partner to help you grow your company.  Your company should stand out to your customers, and when they know you have their best interests in mind, they’ll be pleased and continuing using your services.

CRM has evolved into a versatile system that allows businesses to maintain existing customers and recognize new ones by utilizing automated functions and lead management that supports your sales and technical personnel. A CRM solution will reduce calls to your help desk and improve customer service. 

When Choosing the Right CRM Solution, Consider the Following:

With the abundance of CRM solutions that are available on the market today, it can be difficult to choose the right one for your business, however this needn’t be so.  Break things down into manageable steps to make things easier for you, and keep the following things in mind as you begin your CRM search.

Your current needs versus your future needs

Analyze your current needs, and remember that the scalability of the product you’re selecting is important. Think three years down the road, and consider what your needs will be then; the solution you’re selecting should meet your needs now and in the future as your company grows.  Be careful, because CRM products will come with many features and items you won’t need. You don’t want to incur unnecessary expenses so be as realistic as you can be. Be in control and ready to ask the right questions. If you remember to analyze your needs first, you’ll find the best solution that will grow with your company.

Functionality

Once you’ve implemented the right CRM solution into your operations it will become an important part of your business strategy, possibly even the KEY part of your strategy.  So you want a product that provides historical interactive analytics. If the CRM solution provides crucial insight regarding historical trends relating to every aspect of your business, then it will provide all the answers you need.

It’s important to analyze trends over time to identify where your company has excelled versus where it’s fallen short. You need this information for your businesses success in the long run. A CRM solution that doesn’t provide this information will hinder your ability to make important business decisions required in today’s marketplace. Look elsewhere for a solution if the product doesn’t offer these tools.

Cost VS. Budget VS. Quality

It’s simple to state a dollar figure and go from there; CRM costs can run from inexpensive to extremely expensive. It’s important to keep in mind that higher cost doesn’t always equate to higher quality; and when a solution is expensive, that doesn’t mean it’s going to meet all your needs and expectations.

Keep weighing your options and stay critical while searching for the right CRM solution. Once you’ve determined your needs for the present and future, and settled upon the functionality you’ll require, it’s a matter of researching the market to get an idea of the cost range you can expect. Remember that implementing a CRM solution should be viewed as an investment.

You’ll be paying total cost of ownership (TCO) over time in addition to initial costs, so it’s important to look for a CRM solution that works for your business and also gives you the opportunity to grow and excel with time.

Hosted Solutions VS. Onsite Implementation.

Today, most software products can be used in one of two ways. Traditionally, the equipment can be purchased and installed on your businesses premises, where the CRM solution can be put into effect on locally at your site. The other option is to use a CRM solution stored on the cloud. Both of these solutions have their pros and cons.

Examine solutions from each of these two areas and choose one based on your budget and needs. Consider what an onsite implementation will offer as opposed to a hosted solution, and it’ll become obvious to you what solution will work for your company. Every case is different, implementation may be great for one business, but another might have greater success with a solution from the cloud. Only you know what will work best for your company.

Hosting/Vendor Selection 

Once you’ve identified your budget and business needs, you can exclude some vendors and save yourself a lot of time. Research is key, and since you’ve now eliminated many vendors and hosting companies, you can begin looking for a vendor that has a good track record and experience in helping customers achieve their business goals.

Remember to ask companies about the types of customers they’ve worked with and their long term plans; and evaluate the security offered by particular solutions because you want to ensure your business isn’t exposed to hackers. Ask for references if possible; typically if a company is proud of the work they’ve done, they’ll provide you with references you can contact.

This is usually the most difficult step in the process but it’s important to take your time because as difficult as it can be, it’ll be extremely rewarding once you’ve found the right solution.

Training 

Make sure that your team knows how to use the CRM solution you’ve decided on. Many people tend to look at training as an expense that can be dismissed, which is a mistake. If you’re staff doesn’t know how to best use the new CRM software, you’re not going to get the results you desire. Find out if the companies you’re considering offer training, and if so, ask for it to be included in the package.

It’s going to take time for you to decide on the right CRM solution. The entire process may take several months to complete.

What to Expect Once You’ve Made Your Choice

It’s been challenging but you’ve put the required effort into making the your decision. You’ve done your research and you’re completely satisfied with your choice, so what should you expect now that you’ve chosen and implemented the solution?

Assuming you’ve followed the advice in this article and done everything correctly, you should quickly begin to see the benefits of your CRM solution. Your customers will notice an improvement in how you’re doing business with them and your users should feel comfortable and confident when using the product.

Most investments take time to pay off, but the rewards should be seen in about six months. Many people don’t like change, so there might be some resistance in the beginning. However, once they see the benefits of the change, they’ll be ready and willing to comply. If they don’t, they might need to be replaced.  The change will be a positive one that will affect the culture of your business.  If they can’t get on board with the new culture, they may need to move on.

As time goes on, keep evaluating your solution; as your business changes, your needs will change as well. Don’t be afraid to make changes, and be flexible. Your solution will grow with you.

Conclusion 

Those who embrace the CRM solutions available will outshine the rest, and those who choose to ignore these solutions will simply be left behind. Your business will be more competitive by raising the bar for customer relations and interactions with your employees. Your CRM solution will help your business run efficiently and smoothly.

For additional information – CLICK HERE

Do you have questions about using CRM in your business?  Contact Magnicom and discuss how technology can benefit your business.  Atlanta Technology professionals are standing by ready to help you.

Every company is unique and your solution will need to match the uniqueness of your company. Making the right CRM choice will ensure your businesses success for the future, so be sure to take your time during the selection process to you choose the best CRM solution for you.  You won’t regret it.

Marsh USA released a report on March 14, 2013, entitled Benchmarking Trends: More Companies Purchasing Cyber Insurance.  It revealed that the number of U.S. companies purchasing Cyber Insurance has drastically risen over the past few years—increasing 33% between 2011 and 2012.  And those who had previously purchased Cyber Insurance are now buying more of it.  Cyber Insurance limits purchased in 2012 were 20% higher than in 2011, averaging $16.8 million.

These ever-expanding and increasing trends are due to a greater awareness regarding the possible risks and costs of cyber exposure. Interest and a focus on cyber exposure across a multitude of industries has been driven by high-profile attacks over the past few years on national and international companies, the U.S. Military, and federal and state governments. Businesses now consider Cyber Insurance a necessity to cover IT losses and possible litigation costs.

Cyber Attacks include:

• Computer fraud;
• Theft or manipulation of sensitive or private information, such as health or financial records; and
• Computer viruses that damage computer and network hardware, destroy data, cripple IT systems, and disrupt business operations.

Bob Parisi, the Senior VP of Technology, Network Risk and Telecommunications for Marsh USA, reported in a Financial Times article in March 2013 that Cyber Insurance is becoming one of the fastest expanding lines of insurance today:

In 1998, it was zero. More companies are becoming painfully aware of how dependent they are on technology.  The awareness has always been at the IT level, but it’s now become embedded in the minds of risk managers, general counsels and at the board level.

Insurers have begun to support this new interest by revisiting their normal policies regarding general liability, property and fidelity/crime insurance in order to clarify the extent to which they’ll cover privacy and cyber risks. The line of coverage and range of issues revolving around Cyber Insurance continues to rapidly evolve as more insurance buyers are beginning to view Cyber Insurance as an essential purchase; and as more insurers are showing an interest in security practices for the companies they’re currently insuring.

When you consider the increase in data breaches, new computer viruses and cyber attacks you can see why Cyber Insurance is a real consideration for businesses now and into future.