Health

HIPAA Requires Access to Health Records

Posted on by

Healthcare providers may not be aware that HIPAA requires access to health records, in addition to protecting data from breaches. Remember that the HIPAA Security Rule is designed to protect the Confidentiality, Integrity, and Availability (CIA) of health information. When we think of HIPAA, we usually think about confidentiality and pay little attention to access. This oversight could be costly for providers.

Unfortunately, healthcare is a perfect target for ransomware, which is designed to deny access to data. Ransomware works by secretly encrypting data, making it unreadable by the provider. To regain access to the data, the provider must pay hackers for a password to unlock the data.

It’s a bit like coming home to discover that thieves have changed all the locks on your house. The thieves taunt you from your roof: If you want the new keys, you’ve got to give them all your cash.

Of course, in the real world, you would simply call the police, or possibly throw rocks. But in the world of cybercrime, the thieves are somewhere in Ukraine or Nigeria, and instead of cash, they demand Bitcoin, which cannot be traced.

Sadly, for healthcare providers, the situation is even worse, because losing access to health records is a HIPAA violation. It does not matter that the provider was the victim of a cybercriminal. The provider has the responsibility to maintain access to those records, and federal regulations allow no excuses for failure.

So it’s like the thieves change your locks and run off with your cash, but when the police show up, they arrest you!

The bad news is that ransomware attacks are only increasing, and many new forms of ransomware are appearing. A couple of years ago, a nasty bit of ransomware called CryptoLocker made international news. Now that CryptoLocker has been tamed, new ransomware such as CryptoWall is proliferating through cyberspace.

So what can be done? The good news is that the best defense against ransomware is not sophisticated software or IT support. Rather, your best defense is HIPAA training and awareness. Ransomware usually infects computers through phishing email attacks. In other words, a staff member receives a deceptive email that tricks them into clicking on a link or attachment, and ransomware infects the network.

Basic training on data security can thwart most phishing attacks, because savvy computer users do not click on links or attachments in emails from sources they do not recognize and trust. Considering that regular training on health privacy is a core HIPAA requirement anyway, ensuring that all staff have completed training on at least an annual schedule is a no-brainer–it is important for compliance, and it protects your practice.

Good cyber-defenses also play a role. To be sure, every practice should have a robust firewall and anti-malware protection in place. These are also HIPAA requirements. Strong security software can detect and quarantine malware before it corrupts every computer on the network.

Many providers would also benefit by moving to the cloud. The cloud allows for economies of scale, so dedicated security experts that would never otherwise be available to help an individual practice can intervene when malware strikes. Moreover, cloud services can close the window on mischief by simply dumping the data of local computers that have been corrupted. And the cloud can be strict about applications, allowing only authorized programs to run, rather than trying to play catch-up after the damage has begun.

Many providers remain easy targets for ransomware attacks, and they may not realize that falling prey could expose them to the double-whammy of cybercrime and government penalties. But training and diligence can prevent disaster before it strikes.

Built By A Parkinson’s Sufferer, MyHealthPal Tracks Symptoms, Creates Research Data

Posted on by

The development and availability of wearables is running hand in hand with the exploding interest in the digital health space. Managing our health via apps and devices is slowly becoming the norm. And patients that need to monitor their condition day-to-day have even more to benefit from this powerful combination. Startups are of course entering this space in droves.

The latest is a startup which launches out of stealth today: MyHealthPal, an iOS app and analytics platform that enables people with long-term health conditions to manage their condition, is initially focusing on Parkinson’s Disease, but could be applied similar diseases.

It’s now secured an initial seed funding of £500,000, and launched a trial with the highly respected Mount Sinai Hospital in New York.

The investors include a mix of private and institutional investors. Venture Capital firm Proxy Ventures is participating. But the lead investors are Andrew MacKay, chairman of Yapp Brothers and previously director of IG Group Holdings, and angel investor Will Armitage. They are joined by health and medical business expert Terence Bradley.

It’s often the case that the best startups are created by entrepreneurs who want to address problem they’ve encountered personally. In founder Mike Barlow’s case, it couldn’t be more personal. The tech entrepreneur founded the company after being diagnosed with Parkinson’s at age 41, two years ago. He discovered there was no effective way to manage and measure the effectiveness of his medication, track symptoms, log mood, diet, exercise and other metrics and their impact on his quality of life.

So MyHealthPal aggregates patients’ day-to-day data points into a dashboard for the patient.

Now, the space is already well populated by mpower, Gluko and GlucoSuccess. Not to mention the launch of Apples HealthKit and ResearchKit. NEA is also a significant investor in this space, amongst others.

However, myHealthPal thinks it has a better solution because it’s been designed by an actual patient for other patients.

The clever move with this startup is that is also allows users to donate their anonimized data in return for a share of the revenues that data generates to scientific research institutions and charities supporting research and care. Boom. This is like the ‘share economy for patients’.

To achieve this, MyHealthPal says it complies with EU and US data privacy requirements and uses HIPAA certified technology.

Mary Keane-Dawson, Group CEO, MyHealthPal, says ultimately, MyHealthPal analytics platform will enable research and data scientists “to query large volumes of data, which is why MyHealthPal is such an interesting business for both investors and medical research institutions.”

The startup says it’s now in “advanced discussions” with other institutions and charities both in the UK and US.

The ‘market’ if you can call it that, is, unfortunately big. There are over 421 million people living with long-term chronic conditions such as Parkinson’s Disease, Diabetes, Chronic Obstructive Pulmonary Disease, Irritable Bowel Disease, HIV/AIDS and Alzheimer’s according to the World Health Organisation.