Top News
GE will acquire API Healthcare, a provider of healthcare workforce management software and analytics solutions.
Reader Comments
From Brian: “Re: Advisory Panel ‘2014 will be the year of …’ patient relationship management. Spanning not only the clinical realm, but the financial realm as well. Every touch, clinical and financial, influences the patient’s attitude towards the health system, impacting satisfaction and their willingness to return for elective services or recommend to friends and family.”
From Keith: “Re: HHS. This issue needs Meaningful Use guidelines.” OIG finds that HHS paid $172 million in claims for 474,000 vacuum erection systems (penis pumps) from 2006 through 2011, paying twice as much per unit as the VA or online retail prices.
From Across the Pond: “Re: interesting article from Isala Hospital, Netherlands. It’s in Dutch, but explains the positive outcomes (reduced hospital mortality and others) realized from introducing an extra pre-procedure safety check beyond the usual time-outs before open heart surgery. Results are remarkable: 95 percent vs. 55 percent of professionals now feel the treatment is a team effort and the post-surgical hospital mortality rate was reduced from 15 percent to 1.7 percent. Doctors plan to share the results with US colleagues.”
From MDCIO: “Re: Windows XP computers after its retirement on April 8. Can you be HIPAA compliant and qualify for Meaningful Use if your system is not receiving security updates?” You could interpret that running an obsolete OS for which no security updates are available means you aren’t protecting PHI to the best of your ability. I’m interested to hear from readers, especially CIOs whose hospitals are still running some XP PCs. Hard and fast rules aside, I wouldn’t want to be deposed to provide post-breach XP justification to OIG or a plaintiff’s attorney. According to HHS:
The Security Rule was written to allow flexibility for covered entities to implement security measures that best fit their organizational needs. The Security Rule does not specify minimum requirements for personal computer operating systems, but it does mandate requirements for information systems that contain electronic protected health information (e-PHI). Therefore, as part of the information system, the security capabilities of the operating system may be used to comply with technical safeguards standards and implementation specifications such as audit controls, unique user identification, integrity, person or entity authentication, or transmission security. Additionally, any known security vulnerabilities of an operating system should be considered in the covered entity’s risk analysis (e.g., does an operating system include known vulnerabilities for which a security patch is unavailable, e.g., because the operating …read more
Leave a Reply
You must be logged in to post a comment.