Sigmund Software, LLC is part of the VSS Medical Group
This unprecedented, unsanctioned and unscheduled charity fund raiser somehow went viral overnight. Nobody knows exactly where or how it began. There are many versions of that story around. Whatever started the avalanche, it was the feel-good story of the summer.
The rules were simple: Within 24 hours of being challenged, participants must record and post to the Internet a video of themselves having (at a minimum) an ice bucket full of ice and water over their heads. They then say why they are doing it, then nominate three others of their choice to take the challenge.
And so it grew...
This diverse world in which we live has many cultures, and many religions. Many do not celebrate Christmas. With this in mind, we at Sigmund Software would like to wish each and every one of you a non-denominational Happy Holiday!
This is also traditionally one of the hardest times of the year for those struggling with mental health issues and addiction problems. Sigmund Software grew from a team of experienced healthcare practitioners that specialized in Behavioral Healthcare, and so we know from experience that anxiety and depression are rife, and that what is the Season of Goodwill for some is far from that for many others.
Regular readers will know that we have written many times of the Human Factor in regards to security, and the importance of double- or triple-checking for potential loopholes. The “What if?” question. The recent news story of an Alabama health organization employee using paper records and PHI to defraud the IRS sadly highlights the need for such thinking. One bad apple, as the saying goes, spoils the whole barrel.
It is important to realise that good security not only protects patients, but also the organization and the individuals within it. We are all in that barrel together. When a security issue is identified, until a clear culprit is identified everyone is under suspicion. Everyone. If a culprit is not found, that cloud continues to loom. Workers start watching each other. Friendships and working relationships are lost. Tension builds and factions form. The whole thing can escalate to the point where an organization falls apart from the inside. Cue angry villagers with pitchforks.
Every week this year has seen more security breaches of technology companies. The latest story to hit the news shows you don't always need a computer to breach security.
A respected Alabama institution was on the receiving end of bad news this week when the U.S. Department of Justice sentenced their ex-employee to a two year prison sentence and ordered him to pay $19,000 restitution after pleading guilty to aggravated theft of medical records. Physical, paper records.
Federal prosecutors testified that Kamarian D. Millender (and several others) used this personally identifiable health information to falsify around 100 tax returns, affecting over 70 individuals. The false tax returns would have defrauded the IRS by an estimated $536,000. Although the IRS successfully stopped many of the claims, some got through, to a value of $18,915. Bad though this is, it is only the tip of the iceberg.
The Federal Information Security Management Act (FISMA) is the law under which Federal agencies and their departments are held accountable for the security of their IT. Under the current system, every three years agencies are required by FISMA to reconfirm the status and security of their IT systems and processes using what is effectively a rubber-stamp check-the-box process to attest that all due diligence was performed, without any monitoring or verification.
On December 10-11, Congress enacted reforms to FISMA which would see this process change from a tri-annual event to one of continuous authorization and ongoing monitoring. Those changes are heading up Capitol Hill to the White House and will be the first major change to cybersecurity legislation since FISMA was originally enacted in 2002, twelve years ago.
On Monday December 1st, the Centers for Medicare and Medicaid (CMS) Services released a 429 page proposal which if adopted will restructure the Medicare Shared Savings Program (MSSP) to give program participants up to an extra three years of grace before incurring performance penalties. This delay, in conjunction with the offering of an alternate model, is hoped to encourage Accountable Care Organizations (ACO's) to come on board and sign up for the Medicare financial incentive program for ACO’s.
An ACO is basically a collective, where all stakeholder participants (doctors, hospitals, other healthcare practitioners) coordinate purchases within their group, with the objective of reduced healthcare costs and associated improvement of patient outcomes. Cost benefits are shared among the members of the ACO, as are penalties. Both are based on whether performance benchmarks for quality of care are met, or missed.
This is the story of Alex Momont, a design engineer at the Technical University of Delft in the Netherlands. He recently graduated by presenting his Master Thesis, a research project that we will come to later. You should know that Alex is one of only five people ever to achieve a maximum grade during the fifty years that this University has been open. What he worked on is spectacular. No other word does it justice.
Background: In the European Union, around 800,000 people per year suffer a cardiac arrest. Ambulance response times vary, but average at ten minutes from first call. Irreversible brain death occurs at around 4 to 6 minutes after the heart stops beating. First responders know before they even turn on the ambulance siren that 8% of cardiac arrest victims will need to be pronounced dead on arrival. Enter Alex.
A growing number of apps are available on all platforms for self-help, personal fitness and medical monitoring. Practitioners are increasingly getting into the app market, with apps for patient management. Some of these may compromise data security, maybe even HIPAA. Here's how.
First, I want to avoid litigation. I am not therefore naming any specific app or vendor. Generically, then, this article is about broad strokes. To take one non-specific scenario to demonstrate the point: Medication reminders.
Some provider-provided apps contain medication calendars that not only remind patients when meds are due, but also allow them to confirm when those meds have been taken. Practitioners can monitor, and even send out alerts if doses are missed. They can also update dosages and frequencies via push notifications. This functionality allows practitioners to eliminate unnecessary appointments, and patients taking up seats in waiting rooms. That sounds fantastic, and is in fact really useful, but it could hold a sting in the tail.
Practitioners have no way to know who is holding the receiving device.
If you find yourself at a loose end in Hartford, CT, on Thursday December 14, please take the opportunity to come over to the Hartford Marriott Downtown (next to the Connecticut Convention Center) to take in the 45th Annual Connecticut Community Providers Association (CCPA) meeting.
The CCPA represents organizations that provide services and supports for individuals with significant challenges including children and adults with substance use disorders, mental illness, developmental and physical disabilities.
Sigmund Software ran another Reward A Colleague contest recently, in which we again encouraged entrants to nominate someone from within their team for outstanding contributions.
The contest proved very popular with the OPEN MINDS 2014 conference attendees that came over to talk with Sigmund about some of the cutting-edge developments that we have introduced during the year. Yes indeed, we have been working hard to stay ahead of the field and maintain our reputation for ongoing development. We are always raising the bar. It's what we do. But enough about Sigmund. This is about you...
One of the many enjoyable moments from the 2014 OPEN MINDS conference was being able to participate in the Raffle in the Exhibit Hall. 16 Prizes were provided by various vendors, including Sigmund Software. There were really wonderful prizes ranging from gift cards to technology gifts which included Sigmund’s contribution of a UWatch, a universal Bluetooth Smart Watch.
Conference attendees were provided with a raffle card, on which were written many of the exhibitors names and booth numbers. Participants were required to visit each booth and obtain a signature on their card, then turn it in to participate in the raffle. It was a great networking opportunity and I enjoyed the sheer fun of the meet and greet!
In the week following the OPEN MINDS conference, which focused on medical technology and all things EHR, this next item seems highly relevant. It is a story about data security and breach protection. It is a story which shows how easy it can be to be the unwitting source of a data breach.
I have worked in various sectors of the computer industry for many years. So has my lovely and talented wife. This is her story, one she shared with me about an event earlier this week. With her kind permission, I now share it with you. It goes like this...
A local wholesaler regularly purchases consignments of returned electrical equipment from a well-known outlet chain. Now, like any consignment purchase, some things are good and some are not, and you don’t know which is which until you unpack the skid. My good lady wife is on a retainer to go through anything computerish (a technical term curiously absent from most spell checkers) and see what still works, and whether it can be fixed. She restores computers to default, resets routers, tests printers, leaps tall buildings in a single bound, that kind of thing. Did I mention, she is talented?
In this particular consignment was a 1Tb hard drive, returned because it was apparently no longer working. Dead. Using her years of experience and trusty suite of diagnostic tools, the problem was identified and the drive fixed within minutes, ready for resale. Job, as they say, done. Or so you would think. But of course, that's where the story really starts...
Announced on Friday November 1, the Centers for Medicare and Medicaid (CMS) final regulations for the Medicare Physician Fee Schedule contain changes which will take effect on January 1, 2015.
Those changes include an increase in coverage for wellness and behavioral health, one of which will permit physicians to invoice $40 per month for patients suffering more than one chronic condition, that they have not seen physically.
A notable amendment to the final rule sees CMS easing the EHR requirement for eligibility to now permit submissions from both 2011 AND 2014 certified EHR's. Either certification will be allowed when claiming chronic care management payments during the 2015 fiscal year. This is in response to some provider concerns about the overall interoperability of their current EHR system, which may not prove flexible enough to support chronic care management services effectively.
Also, the CMS rules address the Affordable Care Sunshine Act in several key ways, particularly exemptions. Payments associated with accredited continuing medical education are no longer exempt and must be declared. CMS advises that group purchasing organizations and affected manufacturers will now be required to report any compensation given to physician speakers at educational events, in the majority of cases. The stated intent is to clarify the indirect payments which must now be reported to CMS when medical education is underwritten by stakeholders.