Mobile Device Security and HIPAA

Those that use personal devices such as tablets and smartphones know the freedom they offer for working on the move. With that flexibility comes some personal responsibility for security. Let me give you a personal example.

Yesterday I wanted to check something in my personal files, so I reached into my laptop bag for my iPad. I could not find it. Ah. No panic. Maybe I left it in my desk. Later, back at the office, no iPad. Oh. Must be at home, then? Of course. Back at home, I turned the place upside down. No iPad.

Ooh. What now?

“Reward A Colleague” Drawing To A Close.

The Sigmund Software prize drawing for a Dell Venue 11 Pro Windows tablet will run for only another ten days. On June 13th submissions will close and we move into the judging phase.

The tremendous response to this contest is clear evidence that the fields of Behavioral Health and Addiction treatment attract some of the most wonderful, dedicated and hard-working medical professionals.

Working with enterprise facilities and staff at every level, we see this every day. We are running this contest to highlight those amazing people. But you don’t have to take our word for it. Here are some extracts from the contest entries so far...

FTC Continues To Focus On De-identified Data

The Federal Trade Commission (FTC) is digging ever deeper into the lack of accountability regarding the use of de-identified data by large data brokerage companies.

FTC Commissioner Julie Brill delivered a statement to Congress on May 27th reiterating ongoing concerns over this issue, as well as the lack of transparency demonstrated by nine of the major data brokerages. In the statement, Brill urges some swift and major changes in legislation.

The reason for the growing concern of the FTC can be summed up in a single statistic from a May 2014 FTC report: Just one of the data brokers examined holds in excess of 3,000 data segments for (almost) every U.S. consumer, man woman and child. That's a lot of very detailed personal information, it must be agreed.

Now multiply that by the total number of data brokers, and remind yourself that data brokerage companies are exempt from HIPAA liabilities.

Webinar: Risk Analysis and Risk Management DO’s and DON’TS

Public Service Announcement: Put Thursday May 29, 2014 into your calendars. At 3:30PM CDT a group of healthcare industry experts will convene on-line to discuss lessons learned from actual OCR audits and enforcement actions. Post-analysis always provides valuable insights and we think this free webinar could really be worth the investment of your time.

Offering guidance on the big risk analysis and risk management do’s and don’ts, attendees can ask and have questions answered, and leave more informed than they arrived.

OCR Works with HIPAA Breached Entities on Risk Analysis Plans

On May 7, 2014, the Office of Civil Rights (OCR) reached a settlement agreement with two large healthcare providers in the amount of $4,800,000. This represents the largest HIPAA settlement to date.

The initial breach occurred in 2010 and was reported by the two entities on September 27. The data breach concerned an estimated 6,800 medical records and included stats, vitals, medication histories and lab results.

This ePHI became available over the public Internet when the shared secure network connecting the two collaborating providers was compromised, due, according to the HHS press office release, to the attempt by a physician to 'deactivate a personally owned server' (read: I unplugged my laptop and went home).

CMS Proposes Extention To Stage 1

The CMS proposed a rule this week which, if adopted, will allow those providers scheduled to move up to Stage 2 attestation another year of wiggle room.

2011 Edition EHR software will continue to be acceptable under this proposed modification. In a joint statement by CMS and ONC, the reason given for recommending this delay is the slow update and release of 2014 Edition software by vendors. This is a classic demonstration of the snowball effect: Providers cannot get 2014 Edition software, because vendors are slow obtaining the necessary certifications, because the criteria is a constantly changing minefield which some vendors (Not Sigmund Software) have said is effectively unattainable. Ironically this is due precisely to changes just like this one, from the people that manage the certification that the vendors need to provide to the facilities so they can attest... You see the problem? This snowball effect is unusual, in that it is entirely circular. Careful what you throw, it could hit you in the face. Yet it somehow still also manages to roll downhill.

Stage 2 Attestations Low, Says CMS

At the May 6 Health IT Policy Committee meeting, Beth Myers of the Centers for Medicare and Medicaid Services (CMS) reported that as of January 1, 2014 only fifty (50) physicians had attested to Stage 2.

Myers went on to say "We are encouraged by having people who have attested to Stage 2, given the anecdotal evidence that has said that no one will be ready. We have also received a number of hardship applications. I know that's been a big question."

This is something of an understatement. Six hundred (600) hardship exemptions have been filed. Without taking off my shoes to do the math, that's a factor of 1200% more exemption requests than attestations. And providers still have time to file, until July 1, 2014. Which may mean that many have simply not yet got around to filing their exemption request. So the final number could and probably will be higher still.

FTC concerned over security of aggregated medical data

33 States currently sell or share de-identified medical data to third parties including pharmaceutical and insurance companies. De-identification means that names, addresses and Social Security numbers have been scrubbed. As it is no longer personally identifiable, de-identified data is not protected by HIPAA. It is meant to be anonymous. So what use is it to the private companies that are buying it?

According to the Federal Trade Commission (FTC), private companies are by far the most eager purchasers of de-identified data. Let's look at why that may be.

Reward A Colleague Contest!

SigContestOurs is an inspirational industry! Behavioral healthcare and addiction treatment can be both challenging and rewarding. Sigmund wants to acknowledge this commitment and reward those that keep the wheels turning every day: Our colleagues.

We're running a contest, a simple prize drawing.

All we ask is you click through to our entry form and take one minute to tell us who among your colleagues inspires you, and how they make a difference in the lives of others, each and every day! The contest winner will receive a brand new Windows Tablet. And here's the twist: The contest winner gives the prize to their inspirational colleague.

Isn't that a nice thing to do?

One entry per colleague. Note: We don't gather colleague information, just yours, so we can get the prize to you. If you want to spread the word please do, and by doing so you give others a chance to nominate their own colleagues. You may even find yourself in the running if someone nominates you!

At Sigmund we believe that you are a key to the success of any treatment programs. This is our way of saying "Thanks!" and of creating a nicer place to work. We hope you think that it's a good idea.

So please, enter, and remember to tell your colleagues. And to all of you hard working and inspirational people out there, good luck!

From the National Conference - Day 1

On the first day of the 2014 National Conference the highlight speaker for us here at Sigmund was Hillary Rodham Clinton.

Speaking on the subject of Behavioral Health to a packed audience, former Secretary of State Clinton veered on to the loaded (pun intended) subject of gun control, citing as examples the recent shootings of one man for just sending a text message in a movie theatre, and of two teens for playing loud music and chewing gum.

However annoying those activities may be to many of us, I think it can be agreed that murder by bullet is quite an overreaction, indicative perhaps of mental health issues suffered by the shooters, which convoluted thread keeps us neatly within the topics that might be expected at a National conference on behavioral health.

The Human Factor

In the pages of this blog we have discussed many aspects of IT security, almost to the point of paranoia. One reason is simple: Some people are just not very nice.

Yesterday, New York Attorney General Eric T. Schneiderman sentenced Raheel Pervez to a prison term of 1 to 3 years for being the public face of a Medicaid scam which netted the perpetrators an estimated $16,000,000.

The Medicaid Fraud Control Unit determined that Mr. Pervez, one of six arrested, was guilty of felony Enterprise Corruption for his part in a coordinated and systematic fraud involving more than a dozen different pharmacies across the New York districts of Long Island, Bronx, Manhattan and Queens. Prior to this conviction, three of the thirteen pharmacies in the syndicate of crime had already been ordered to make restitution to Medicaid, to the order of $16.7 Million.

Sigmund Software at the National Council Conference 2014

May 5-7, in Washington DC, at the Gaylord National Resort and Convention Center. Come see us at Booth#239

"But I can't leave the practice, not even for a day!" What? Your practice has you so tied down to daily operations that you just can't break free? Shame. Then you won't see or hear Hillary Rhodam Clinton, Patrick Kennedy or Mariel Hemmingway! Featuring 300 speakers over three days, you'll also miss several Senators, Bruce Perry, Arthur Evans, Pamela Hyde and a host of other industry leaders. Including, dare we say it, us.

With Sigmund Software as a Service (SaaS) cloud based EHR your data is accessible 24/7 from any Internet connected device. So you wouldn't have to miss out on Hill Day 2014. Your voice could be heard loud on Capitol Hill and your practice would still be at your fingertips. Interested? Give us a call.

If you are going to attend, float on by booth #239 and we'll show you how you won't need to miss any more events, because with Sigmund SaaS, the Cloud truly is in your hand.

Apart from engaging conversation with our EHR experts, you can also enter our prize contest for the chance to win a brand new Windows tablet.

Our contest has a difference: You win the prize, then you give it away. Here's how it works.

New genetic disorder found. So...which ICD code covers this?

Today in the Baylor College of Medicine News an article announces the discovery of a neurological disorder affecting both peripheral and central nervous systems. The discovery centres on the CLP1 gene.

This find is the result of a joint effort between scientists from the Baylor College of Medicine and a team in Vienna, and is said to represent a significant step toward a clearer understanding of brain development. CLP1, which plays a part in RNA processing, may hold the key to the genomic treatments of several Mendelian diseases. There are many implications here.

The science behind the research is of great interest - to geneticists. Others may be less fascinated to learn how this research indicates that tRNA biogenesis is affected by CLP1 mutations, causing associated neural progenitor (brain stem) cells to become statistically more apoptotic (self-destructive), resulting in overall cumulative loss of brain cells and, long story short, that an affected human is likely to have a small head. Quite literally. One disease mentioned specifically in the article is ALS, commonly known as Lou Gehrig's. Researchers think that insights from their new research may ultimately bring hope to sufferers of this and many other genetic disorders. We really hope it does, and really soon.

What this article really highlights to me, though, is that the field of medicine continues to grow apace, and that research along many diverse frontiers is constantly revealing new and exciting fields of study. Growing exponentially, these new fields of study may bloom into new fields of specialty. That is the way of medicine, after all.

Patient Assessment and Progress Notes with AURA EHR from Sigmund Software


Leverage flexible Content Management Controls in AURA to develop organizationally defined instrumentation that has intelligence.

Click to find out more

Custom User Interfaces with Administrative Dashboards in the AURA EHR from Sigmund Software



Enjoy greater controls over the vital signs of your organization with personalized custom administrative Dashboards from AURA.

Click to find out more