Ed Jones, Third Rock’s Chief Compliance Officer, keeps this presentation updated to help your stay current on HIPAA and cyber-security.  We offer the course to professional associations and local healthcare societies, board of directors and executives and as a Continuing Education (CE) course.  Contact us if you’re interested in a private webinar with Q&A.

Please join Ed Jones, Chief Compliance Officer and Robert Felps, CEO of Third Rock for a recording of our interactive webinar, from April 28th, that will help you understand:

• How to reduce the burden of HIPAA Compliance
• The reality of cyber-breaches.
• Why reducing discovery time of a breach is critical.
• Why recent HIPAA regulation changes are important to understand.
• How to reduce potential fines for HIPAA non-compliance.
• Protecting the equity you’ve built into your business!

Protect your Patients. Protect your Practice. Protect Yourself.

You may visit our videos page on our web site or our YouTube channel for other videos.

The post Reduce the Burden of HIPAA While Increasing Your Protection appeared first on Third Rock.

1. 1. 1. Training provides the basis for a “human firewall” against PHI loss.
         Healthcare staff members interact with patients’ protected health information (PHI) dozens of times per shift. Every interaction is an opportunity to either protect or expose patients’ PHI. Ensuring that every member of a healthcare organization understands the practices necessary to protect both the privacy and security of patients’ PHI creates a ‘human firewall’ against a data breach.
      2. Training increases awareness of risks to patients’ well-being.
         A surprising number of well-meaning healthcare staff members are naïve about the risks posed to patients through careless handling of PHI. Training increases their awareness and provides specific instruction about how to keep their patients’ records safe.
      3. HIPAA Training reinforces initiatives to develop a “patient safety” culture.
         If designed and delivered well, a HIPAA Privacy and Security course will teach staff that protecting patients’ PHI is just another aspect of keeping patients safe – as important as infection control, fall-prevention, and medication safety measures. Training fosters a common understanding of “the right way” to handle patient information so that an error or misconduct by one staff member is more likely to be noticed and corrected before any patients’ records are compromised.
      4. Careful handling of PHI improves patient and family satisfaction.
         Security breaches in the headlines have members of the public paying more attention to staff handling of their personal information. In fact, approximately 25-30% of the HIPAA Audits conducted annually by the OCR each year are triggered by a patient or family member complaint. Patients and families are now more likely to notice – and appreciate – careful handling of their PHI.
      5. CYA – HIPAA Training reduces executive and organizational liability.
         In addition to protecting your patients’ PHI, staff training is also essential for protecting yourself and your organization. Staff training is required by law. If a breach occurs and you are the executive responsible for information security, you could be found personally negligent if you have not ensured your staff is properly trained. Alternatively, if your staff has been trained, your personal liability will be minimized, and the penalty levied by the OCR will be less severe.

Protect yourself, your organization, and your patients by making staff training a high priority.

 Julie Rennecker, PhD, BSN, is the founder of The Management Doc, LLC, and Chair of Third Rock’s Clinical

Contact us at compliance@thirdrock.com to learn more about Third Rock’s Worry-free Training Solution:

✔   Comprehensive – Covers Privacy, Security, and Breach Notification Rules
✔   Fast and Easy-to-use – Entire course can be completed in about an hour
✔   Self-paced – Participants can log in and out as time permits
✔   Convenient and Flexible – Can be completed from a PC, smartphone, or tablet
✔   Easy to Manage – Issues reminders to staff and automatically tracks course completion
✔   Executive Reporting – Dashboard readily tracks each individual’s training status
✔   Individual Transcripts – Downloadable transcripts document personal training history

Promotional pricing available until February 19, 2016.

The post 5 Benefits of HIPAA Privacy and Security Training appeared first on Third Rock.

“IT security starts with people.”

While your IT staff and advanced technologies play a significant role in protecting your organization and patients from cyber threats, it is often the day-to-day actions of staff that put an organization at risk. Here’s a sampling of breaches traced to “human error” from the Identity Theft Resource Center’s 2015 Breach Report:

• Improperly disposed patient records were found in open dumpsters, along roadsides, and other insecure locations. (multiple incidents)
• Billing staff mailed statements containing PHI to the wrong addresses.
• Clinical staff lost possession of laptop computers containing unencrypted PHI. (multiple)
• Clerical staff intending to attach a survey to an email sent to all patients attached a spreadsheet containing patient information instead.
• Multiple staff members fall victim to “phishing” messages, giving hackers access to the organization’s electronic systems.

A breach can result from an error or misconduct by a team member in any function or department. To the poor soul who learns his identity has been stolen from a bill collector or when his credit application is denied, it doesn’t matter whether it was a sophisticated cyber-attack or a careless worker tossing medical records into an unsecured dumpster – the end result is the same. A person whose records have been compromised will spend months – if not years! – putting his or her financial life back in order. Thus it’s critical that every staff member receives Privacy and Security training.

It’s also the law – HIPAA requires all workforce members to receive training on information privacy and security. “Workforce” includes all employees, contractor workers, and “business associates,” or vendors.”

Don’t delay!

Each employee accesses PHI dozens of times daily, and cyber criminals work 24/7. Protect yourself, your organization, and your patients by taking the first step to create a human firewall.

Julie Rennecker, PhD, BSN, is the founder of The Management Doc, LLC, and
Chair of Third Rock’s Clinical Advisory Board.

Contact us at compliance@thirdrock.com to learn more about Third Rock’s Worry-free Training Solution:

✔   Comprehensive – Covers Privacy, Security, and Breach Notification Rules
✔   Fast and Easy-to-use – Entire course can be completed in about an hour
✔   Self-paced – Participants can log in and out as time permits
✔   Convenient and Flexible – Can be completed from a PC, smartphone or tablet
✔   Easy to Manage – Issues reminders to staff and automatically tracks course completion
✔   Executive Reporting – Dashboard readily tracks each individual’s training status
✔   Individual Transcripts – Downloadable transcripts document personal training history
Promotional pricing available until February 19th, 2016.

The post Create a Human Firewall – HIPAA Training appeared first on Third Rock.

I’ve been credited with saving “lost” projects, turning around massively behind schedule and over budget projects and actually launching and completing “mission impossible” projects.  Most of them required some severe bleeding on my part, but working closely with people, being honest with the sponsors and stakeholders and forcing communications among all involved righted the ships and improved the sailing.  And I was able to do those things because I have been a programmer, developer, systems analyst, business analyst, system administrator, network administration/architect, application architect, solution architect, team lead, integration lead/officer, disaster recovery manager & consultant, vCIO and held various other jobs.  I basically knew when a person wasn’t understanding the requirements or able to deliver the “goods”.  I was willing to force issues out on the table and have them resolved no matter how difficult the discussion.  More importantly, I was willing to tell the stake holders, customer and sponsors the project was not on schedule or within budget.  And often I told them changing the scope was the problem.

I’ve never been a big believer of certifications.  They are too heavily based on academic learning and not near enough on experiential knowledge.  Although, there is one certification I keep thinking I should pursue, the PMP.  I definitely agree with the benefits of standard terminology, processes and procedures to help a team function and perform better.  I have to assume the PMI is trying to remove some of the issues of projects such as the politics and lack of communications by creating a process that works in many cases.

However, I was in a meeting the other day with many project managers who were asking me questions and I was asking them questions.  After leaving the meeting it dawned on me the struggles they were having were not because of the management of the project itself, but the lack of management or handling of the politics driving the business through the projects.  The stakeholders were not willingly on board, they were being forced down the path by sponsors and external forces.  That has to be brought out and resolved are the project will struggle at best, but more likely fail.

I also realized, most of the project managers did not have experiential knowledge of the actual work they were managing.  That is, the project manager over the network enhancements and new build-out had never been a network architect, network engineer or network administrator.  He simply had no clue if the network staff was actually doing the right things in the right order with the right equipment.  How could he possibly know if the project was truly on track.

Of course, the reality is, the PMP is a great “tool” to have on your tool belt, but the best tool does not make a master carpenter.  I might add, it appears the PMP has become much more real world over the years making it an even better tool and learning experience for project managers.

For more information on the PMP visit the PMI web site at http://www.pmi.org/Certification/Project-Management-Professional-PMP.aspx

The post PMP or Not – Two key observations appeared first on Third Rock.