Altex Business Solutions Blog

Altex Business Solutions has been serving the Texas area since 1993, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

HIPAA Security Risk Analysis in order to maximize your MIPS score

What-You-Need-To-Know-New

As we move into the second half of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:

Continue reading

HIPAA Security Work Plan

HIPAA Security Work Plan

Monthly Security Officer Tip | May

This Month's Topic: Work Plan/Risk Management

 

One of the main purposes of the HIPAA Security Rule is to make sure that an organization is taking appropriate measures to minimize the risk of a breach of ePHI (electronic Protected Health Information).  This is accomplished by an organization performing a Security Risk Assessment (SRA), and the organization working to remediate the security deficiencies that were identified.  

Continue reading

Medisoft - Flash Sale

Medisoft - Flash Sale

What’s New in Medisoft V22?

Medisoft is already one of the most mature practice managementMedisoft is already one of the most mature practice managementsystems on the market. It gets better each year as eMDs addsnew layers of functionality and improved usability.Here are just aHere are just afew notable additions:

Tags:
0 Comments
Continue reading

Global Ransomware Attacks Target Healthcare Organizations

Global Ransomware Attacks Target Healthcare Organizations

As you may be aware, a global ransomware attack, called WannaCry, started on Friday May 12, 2017 and is continuing as of today. The attack has affected 200,000 Microsoft Windows based machines in over 150 countries. The cybercriminals have focused on healthcare and financial services but have affected many other industries and individuals as well.

Continue reading

How healthcare organizations should prepare for a HIPAA audit

How healthcare organizations should prepare for a HIPAA audit

Preparing for a HIPAA audit is vital for healthcare organizations. Sure, these organizations understand that they may face a HIPAA audit, but often let preparation for such an event fall to the bottom of their priority list. It is important to ensure your organization is prepared prior to receiving notification of a forthcoming audit.  An article on Health Data Management explains why these preparations are so important.

Continue reading

68 percent of healthcare organizations have compromised email credentials

68 percent of healthcare organizations have compromised email credentials

A study from the cloud services provider, Evolve IP suggests that over two-thirds of all healthcare organizations have employees using compromised email credentials. An article over on Healthcare IT News explains how Evolve IP determined these findings.

The study found that 55 to 80 percent of organizations have email accounts that have been compromised. Looking at the email accounts with comprised credentials, 76 percent included “actionable password information for sale on the dark web.”

The stolen passwords being sold on the dark web are generally purchased as encrypted passwords, however the encryption is weak enough that hackers are typically capable of cracking them. Although most passwords sold online contain some level of encryption, 23 percent are found for purchase in clear text.

Though hackers gain access to the system through both phishing and key-logging attacks, these vulnerabilities can lead to much larger issues, such as ransomware or denial of service attacks as well as patient data breaches.

How did Evolve IP come up with these findings? The study looked at 1,000 HIPAA-covered entities as well as business associates. Although the passwords were outdated for most compromised accounts, they remain valuable to hackers. With over 75 percent of people using either identical passwords or very similar passwords across the board for online activities, hackers can benefit greatly from outdated password information.

“By understanding the types of changes people make to their passwords over time, hackers can create a user profile and determine a person’s new password fairly accurately by using simple guessing or sophisticated automated algorithms.”

Diving deeper into the healthcare organizations with comprised credentials we can see that some sectors are more secure than others when it comes to password protection. For example, medical billing and collections had the fewest compromised user credentials, while regional healthcare plans had the most with 80.4 percent of organizations having compromised login information.

“The overwhelming majority of these organizations used cryptographically hashed passwords, which researchers explained are inadequate for today’s cybersecurity challenges. Hackers have many tools that can easily crack these types of passwords.”

With healthcare organizations being the biggest target for hackers, it is vital that employees understand the need for email safeguards.

“63 percent of breaches are caused by compromised email credentials. And about 7,500 individual security incidents occurred due to these compromises.”

Continue reading

Managing OB GYN Health and Medical Records with EMR/EHR

Managing OB GYN Health and Medical Records with EMR/EHR

Obstetrics and Gynecology Medical Practices Can Benefit from The Use of Electronic Medical and Health Records

Continue reading

CMS Offers Resources to Promote Chronic Care Management Awareness

CMS Offers Resources to Promote Chronic Care Management Awareness

The Centers for Medicare & Medicaid Services Office of Minority Health (CMS OMH), in conjunction with the Federal Office of Rural Health Policy at the Health Resources and Service Administration (HRSA), recently introduced an initiative to provide support for, educate about, and raise awareness of Chronic Care Management and the many benefits this program provides to both physicians and patients – especially in underserved communities.

Continue reading

Surefire Ways to Improve Your Patient Reviews and Your Practice’s Online Presence On Physician Review Websites

Surefire Ways to Improve Your Patient Reviews and Your Practice’s Online Presence On Physician Review Websites

You’ve heard about the new sushi restaurant in town. You want to try it out, but what’s your first step? Google, of course. You check to see how many Yelp stars it’s won, you read all the reviews, you ask members in your social circle if they’ve tried it yet. Movie night? Before making your film choice, you go right to your browser to find out the ratings on Rotten Tomatoes or take a recommendation from a trusted friend. Today, no matter what the service, be it restaurant, hotel, new car, spa, dog groomer — yes, even physician — decisions are made based upon costumer reviews and word of mouth. Today’s empowered patients are consumers, just as we all are.

Continue reading

Custom EHR Software Solutions for Medical Specialties

Custom EHR Software Solutions for Medical Specialties

Not every physician runs the same type of practice. It only makes sense, then, that not every physician should be forced to settle for a one-size-fits-all EHR solution.

Today’s best EHR software offers customizable options for any type of medical specialty practice. This allows physicians and staff to get the most out of their EHR system without causing disorganization or having to sacrifice the finer points of their practice.

Continue reading

Small and Solo Practices: What to Look for When Choosing an EHR System

Small and Solo Practices: What to Look for When Choosing an EHR System

Back in 2013, as EHR/EMR adoption seemed to soar as a result of government health IT incentive programs and more than $17.7 billion paid in EHR incentive payments. But physicians in solo and small practices did not seem to follow this trend for mainly financial reasons; despite the possibility of government incentive money, the out-of-pocket cost to purchase and implement an EHR/EMR were, at the time, perceived by solo practitioners as too great of a financial burden.

Continue reading

New Autoremind Interface with Medisoft V21 & Lytec 2017

New Autoremind Interface with Medisoft V21 & Lytec 2017

Medisoft V21 & Lytec 2017 

Continue reading

Medisoft V21 Getting Paid Has Never Been Easier!

Medisoft V21 Getting Paid Has Never Been Easier!
Online ebill image
Online epay image
Print and mail image
In OfficePay image

FREE Services…your first 30 days are on us

Continue reading

Article: Doctors are failing to protect your privacy as a patient

Article: Doctors are failing to protect your privacy as a patient

The title of the Business Insider article ( Doctors are failing to protect your privacy as a patient ) will open a lot of eyes. The article is written from a patient perspective on how her data was breached.

Somewhere on the Internet there is a photo of me topless. I’m not a celebrity, and this photo was not taken by paparazzi, an ex-boyfriend, or hackers—it was taken by a medical professional. In 2015, I was diagnosed with breast cancer, which was followed by a mastectomy, and then reconstructive surgery. An attendant in the doctor’s office took before and after photos of me for their records, naked from the waist up. I was told that the photos would not include my head, and would go directly to their database—though this was not comforting when the medical assistant whipped out her personal phone to snap the pictures.

Continue reading

OCR’s Guidance to HIPAA & Cloud Computing

OCR’s Guidance to HIPAA & Cloud Computing

We have previously posted about HHS/OCR’s Guidance on HIPAA & Cloud Computing. The guidance is presented in question and answer form. To see the full guidance, you can go to the OCR page.

Below are the 11 questions with partial answers to keep this brief but provide a good overview:

Continue reading

HIPAA Gets a Little Cloudy

HIPAA Gets a Little Cloudy

Pun intended.  We all use cloud computing resources every day.  All you have to do is go on the Internet, and chances are the website you are accessing uses cloud services.  Our website, www.altexsolutions.com, uses the Amazon cloud.  There are many definitions of cloud services, but at a high level it is the use of computing resources, generally services and storage, from another organization.  So how does this relate to HIPAA?  And what’s the big deal?

Many Covered Entities store healthcare data in the cloud.  Common applications include a cloud based EHR, backup of an onsite server or sending email with ePHI (encrypted email, of course).   The organizations that provide the cloud services (Cloud Service Providers) are Business Associates to the Covered Entities because they are storing the CE’s data.  Easy – right?

Continue reading

Hospital fined $400,000 for obsolete Business Associate Agreements

Hospital fined $400,000 for obsolete Business Associate Agreements

In a clear message to healthcare organizations, The U.S. Department of Health and Human Services Office of Civil Rights (OCR), fined Women & Infants Hospital of Rhode Island (WIH) for not having updated HIPAA Business Associate Agreements.

WIH provided OCR with a business associate agreement with Care New England Health System effective March 15, 2005, that was not updated until Aug. 28, 2015, as a result of OCR’s investigation, and therefore, did not incorporate revisions required under the HIPAA Omnibus Final Rule,” according to a Sept. 23 OCR news release announcing the settlements.

The fine was the result of an investigation regarding a HIPAA breach back in November of 2012

WIH told federal authorities it had lost unencrypted backup tapes containing ultrasounds of 14,004 women, including patient names, dates of birth, dates of exams, physician names and, in some cases, Social Security numbers.

Continue reading

Athens Orthopedic won’t pay for credit monitoring in data breach

Athens Orthopedic won’t pay for credit monitoring in data breach

Data breaches are happening on a frequent basis.  You can’t read the news or watch TV without hearing about another data breach. While a company may give out some details of a data breach, the financial details of what the data breach will cost a company usually are not disclosed.  This is especially true with non-public companies. Regardless of whether a company states how much the breach will cost them, one thing is true:

Breaches are expensive!

The data breach at Athens Orthopedic is a clear example of some of the costs that are associated with data breaches.  The details of the data breach, which affected nearly 200,000 patients, can be found here.

A company usually offers credit monitoring to affected individuals of a data breach. They do this to minimize the harm to those individuals. In a surprising announcement, Athens Orthopedic said that they would not offer credit monitoring because the costs were too expensive.

Continue reading

Updated HIPAA Training

Updated HIPAA Training

If you go back in time, to 2004, and look at Facebook it looks a lot different than it does today. The same can be said for applications like Microsoft Word or Excel. As these services or products mature they evolve – offering improved functionality, performance, stability and features.

New HSN HIPAA Training

Li

Continue reading

New ransomware is bad news for healthcare organizations

New ransomware is bad news for healthcare organizations

Well that didn’t take long. In a recent article I made the case that newer variations of ransomware could result in a reportable HIPAA breach.  I argued that if ransomware not only encrypted the victim’s files but also copied the files off of a computer or allowed access to the files, then the result could be a reportable breach.

CryptXXX Ransomware

A relatively new variation of ransomware called CryptXXX has been identified. Like older variations, the malware encrypts a victims files and demands a ransom to release the files. The ransom averages about $500.

Continue reading

Latest Blog

A.I. is one of those technologies that captivates the imagination with endless possibilities. You can’t turn your head these days without using something integrated with early artificial intelligence. Machine learning platforms, which are v...

Contact Us

Learn more about what Altex Business Solutions
can do for your business.

Altex Business Solutions
10223 Broadway P231
Pearland, Texas 77584

Account Login