January 28th: Data Privacy Day
Data Privacy Day commemorates the anniversary of the signing of the first international treaty focused on data protection. Here’s how you can get involved.
Ways to participate at home
Visit with your family about online privacy and safety. Discuss what information is private information and consider together the risks associated with sharing confidential information online. Take a look at the online accounts of any children in the home to identify breaches, risky behavior, and connections with strangers. Remedy any problems identified and use the opportunity to share information and teach.
Now is also a good time to go through old papers, files, and devices, and schedule safe destruction to protect your information before it lands in the wrong hands. Remember, never throw away bills, bank statements, check blanks, or devices without destroying them first.
How you can participate at work
There are a number of ways you can use this opportunity to promote data security at work:
- designate this as archive week, encouraging all staff to identify electronics that are no longer in use so they can be destroyed appropriately
- use games and activities to refresh staff knowledge of the risks of security breaches and internet best practices
- take a moment to ensure all corporate computers have the safest web browser, operating system, and security software installed and working as expected
- review your policies and procedures to ensure they’re still compliant with best practice; we learn and evolve every day so a periodic review is critical to achieving the best results
- share current news surrounding data breaches and lead a discussion exploring what went wrong and how similar crises can be avoided in your organization and industry
Involving your community
Data Privacy Day provides a great opportunity for community outreach and involvement. Include clients, stakeholders, and community members in your commitment to privacy. Host an open house, where you share materials encouraging safe internet practices at home and sharing what your organization is doing to protect client information. Send out client emails celebrating the occasion and summarizing all of the steps that go into maintaining their protected information (and the results of your hard work). You might even consider launching a survey to learn more about stakeholder satisfaction with your commitment to privacy and data protection program.
Cybersecurity and Infrastructure Security Agency (CISA) Releases Emergency Alert Regarding Microsoft Update
The Cybersecurity and Infrastructure Security Agency (CISA) released an Emergency Directive and Activity Alert to notify users of numerous vulnerabilities identified in Microsoft Windows operating systems due to a patch Microsoft released on Jan. 14th, 2020. Read More Here
BlueNovo Holiday Initiative 2019
This year, we participated in Operation Christmas Child with Samaritan’s Purse. We packed shoe boxes with various items for children and dropped them off at participating churches for donation to children in need around the world. You can learn more about this initiative HERE.
“The mission of Operation Christmas Child is to provide our partners around the world with shoebox gifts as a way to reach children in their communities. For many children, this is the first gift they will ever receive.”
We also donated locally to Comfort Cases through an office donation drive. Based in Rockville, Comfort Cases provides foster children with items necessary to transition into a foster home such as a duffle bag for their clothes, personal care items, and a backpack with comfort items.
We are very proud to have supported such amazing organizations and hope we made the holidays a little brighter for those in need.
HIPAA Compliance Basics
HIPAA Compliance Basics – IT HIPAA Compliance
If you are an organization subject to HIPAA, you need to understand and comply with all relevant requirements. Learn more about how this law applies to your company.
The Health Insurance Portability and Accountability Act of 1996 set standards for all organizations that handle protected health information. In the past, HIPAA standards for privacy and security mainly applied to the management of paper health records and verbal exchanges of patient health information. In today’s modern world, however, the majority of protected health information is in a digital format, and these standards must be applied differently.
HIPAA Basics
HIPAA sets guidelines organizations must follow when they collect and store private health information. The law provides patients with certain rights to access their own health information, as well as confidentiality protections. HIPAA also outlines the steps an organization must follow when private health information has been compromised.
The Health Information Technology for Economic and Clinical Health Act
To ensure that all organizations subject to HIPAA are in compliance in the digital age, the government passed an additional law: the Health Information Technology for Economic and Clinical Health Act. Essentially, this new law raises the penalties that apply when a health organization violates any of HIPAA’s standards for privacy and security of protected health information.
How to Protect Your Data
In light of the many restrictive standards that apply to protected health information, it is essential for every organization that handles this information to take the matter seriously. Below are some tips to help you protect your data from vulnerability.
1. Invest in security software.
2. Train personnel.
3. Partner with the right professionals.
4. Stay in the know.
Happy Thanksgiving
Thanksgiving wouldn’t be complete without sending a thank you to all of the local businesses in our community and a special thank you to those who put their trust in us to manage their technology.
As we spend the day reflecting on what we’re thankful for, we hope you’re doing the same (and enjoying some delicious pumpkin pie while you’re at it!)
Have a great Thanksgiving!
Document Management, Confidentiality Compliance, and HIPAA Adherence
HIPAA is an everyday stressor in the healthcare industry. A computer-based recordkeeping system can help keep records secure and HIPAA compliant.
For many in the health care industry, compliance with the Health Insurance Portability and Accountability Act (HIPAA) is an everyday stressor that dictates the actions and availability of information. However, HIPAA is necessary to protect the patients’ information and medical records. A violation of HIPAA could lead to lawsuits and large fees, which could cause a business or practice to close their doors.
The Challenge of Human Error
Unfortunately, even the perfect system is prone to human error, especially if you do not have integrated checks and balances that are part of a computer document management software.
Many facilities that are larger in size have already integrated their records into a computer-based record-keeping system. This type of software is especially helpful for the large volume of records that they keep on a daily basis. However, smaller healthcare facilities may want to consider a customized computer-based record-keeping system to stay HIPAA compliant.
Typically, most HIPAA violations happen without employees’ knowledge, or they are due to simple inexperience. Some of the most common HIPAA violations include:
- Accessing records for any reason other than to aid in treatment or payment
- Not using a secure encryption method for protecting health records
- Removing patient information from the facility, either physically or on an unauthorized device
- Sharing patient information via a personal email
- No control or lack of control of who accesses patient health information
- Not removing access of former employees
Digital Solution for Record Keeping
Physical paper documents have a higher chance of being compromised because their very nature requires that you physically secure them. Within HIPAA, health facilities not only have to worry about who has access to patient information but for what reason.
While some electronic solutions can help healthcare facilities step away from paper options, such as a common or shared network drives, these do not provide the security needed to remain HIPAA compliant. HIPAA requires that digital solutions for handling patients’ personal information have almost cutting-edge security tools. Due to the private nature of patients’ information within the system, health facilities’ data is considered a prime target for hackers looking for targets with blackmail or ransomware.
Benefits of Moving to Digital Record-Keeping
Even for small health care facilities, there is a digital document management system that could fit the needs of the business while still being HIPAA compliant. Some of the benefits of digital record keeping are:
- Tracking for Audit Purposes – A digital document management system can record everything that happens to a file. The record could include which user has accessed the file, when the file was accessed, if anything has changed since the last time it was accessed, and historical copies of the file.
- Control Over File Permissions – The records system administrators can control who has permission to view a file and the features they are available to use once they have access.
- Unique Security Options – Administrators can dictate which users have access to patient information. As an example, administrators can add a two-step authentication method to access sensitive patient information.
Privacy and HIPAA compliance can be challenging, but adding the right document management tools can help with the stress and pressure of protecting patients’ information.