Embed Size (px)
Citation preview
JUNE 2019
TAKE INFORMATION SECURITY HOMESafeguarding your patients’ protected health information (PHI) is a critical part of your everyday routine. What about when you leave the office? Your healthcare, financial, and other personal information require thoughtful handling, too.
As reported in the Becker’s Hospital Review in February, 2019, an individual’s healthcare record can sell for up to $1,000 on the dark web. However, a social security number is $1.00, and a credit card profile is a mere $110. The dark web is the internet’s version of the black market. Most of the time you see thousands or millions of records for sale in bulk for extraordinary prices. A record that contains healthcare information is much more valuable because it can contain or easily lead to the discovery of financial and other personal information about that individual or his/her family members. It is nearly a complete package of an individual’s life.
How can you protect your information? Here are a few tips that are easy to incorporate into your daily routine and only need to be set up once.
1. Avoid “dumpster divers” and shred this information instead of throwing them in the trash. • Prescription labels • Visit summaries from doctors’ visits • Credit card offers • Expired credit and debit cards • Old checks, invoices, and tax returns
Take Information Security Home PAGE 1 - 2
Protect YourselfPAGE 3
The Importance of Safe Injection Practices PAGE 4-5
Did You Know? PAGE 6
Getting to Know TMC Employees PAGE 7
It’s Your CallPAGE 7
Sign-in sheetPAGE 8
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO
TMC HIPAA COMPLIANCE
Continued from page 1
TAKE INFORMATION SECURITY HOME
2. File information like this in a locked drawer. • Check books, invoices, and current tax returns • Active credit and debit cards and PINs • Social security cards, insurance cards, passports, and birth
certificates
3. Never write down or keep passwords, account numbers or social security numbers in an electronic file like Word or Excel. Instead, use a password manager/generator. This will help you create long “passphrases” rather than short complex passwords.
• Never store sensitive information on a portable device like a USB drive or CD ROM. Use a password to protect your mobile devices
4. If you use your laptop or tablet at a coffee shop or other public place, be sure to sit where others cannot see your screen and “shoulder surf.” A shoulder surfer is a person who stands behind you and watches your screen hoping to see credit card information, passwords, and usernames you type on your keyboard.
5. Turn off the Bluetooth signal on your cell phone, tablet, and laptop when not in use. Check your wi-fi connection to ensure you are connected to a known network.
6. Ensure your cell phone, tablet, and laptop have the most current software update from the manufacturer. This can provide the best defense against current malware and other vulnerabilities.
7. Never leave laptops, tablets, or other electronics in your car or on a table in a public place. Many breaches occur because of laptop or device theft.
8. Use a trusted cloud provider system like iCloud, OneDrive, DropBox, etc., to store sensitive files. This can provide an extra layer of security. An alternative to this is to password protect folders and files.
• To password protect a folder, right-click on the folder, choose “Properties” and select the “Security” tab to apply access restrictions.
• To password protect a file (e.g. Word) choose the “Review” section on the ribbon and click on “Restrict Editing.” You can require a password to open the document as well as a password to edit the contents.
This all does sound like a lot but taking a few minutes for set up can save you a lot of headache and money in the future. Here are some resources to help you along the way:
• The National Institute of Standards and Technology (NIST), who has also provided the guidelines on safeguarding PHI in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, posted a blog that contains a guide to building a better password on its website.
• Find a location near you to shred documents and destroy old electronics like laptops, cell phones and USB drives. UPS, Staples, Office Depot and similar places offer this for a nominal fee.
• You can purchase your own shredder. Shredders can be purchased on Amazon for as little as $20. Be sure to choose a micro-cut or cross-cut model.
• To find a reputable password manager, you can visit PC Magazine’s website for a comparison The Best Password Managers for 2019
2
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO
TMC HIPAA COMPLIANCE
3
PROTECT YOURSELF
Risky BrandsNot many people would fall for a phishing attack from Bob’s Secondhand Socks Shop. If a fraudster sent out fake emails claiming to offer a lifetime supply of gently used socks, most people could resist the urge to click on any dangerous links hidden within. A phishing campaign where no one is enticed to click is a failed campaign.
However, an email offer of a lifetime subscription to Netflix might be more successful. An email claiming that your Facebook account has been hacked will likely catch your eye. An email from Bank of America asking you to confirm your request to shut down your personal checking account cannot easily be ignored.
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Vade Secure, a third-party firm specializing in email protection software issues a quarterly report of the most commonly spoofed brands. Fraudsters use these brand names to present themselves as more authentic and legitimate. Posing as brands where users have personal experience, the fraudsters are able to provide a more viable and enticing context. A lifetime of free movies will engage people more than a lifetime of second-hand socks. The top five most commonly spoofed brands are Microsoft, PayPal, Facebook, Netflix, and Wells Fargo. Other companies of note in the top 25 include Dropbox, LinkedIn, and AT&T.
Protect YourselfAs cyber criminals get better at presenting themselves as known brands, it’s important to remember that billions of bad emails are sent daily. Spoofing a brand can be as simple as copying a picture from the company’s website. An embedded picture from Amazon is an easy way to add instant credibility. Spoofed messages are regularly sent in emails but can also come via social media feeds, messaging or even phone calls. Each of these would be done a bit differently but all have the goal of convincing the user that the communication is from a legitimate company.
If you receive a message that seems a bit off, what can be done? Delete the email and congratulate yourself for avoiding the scam! If you think the message may be legitimate, simply contact the company via channels you know to be secure. That could be calling the bank via the phone number on your credit card or accessing the Amazon website via a known good bookmarked link.
The above content was brought to you by North Wonders (www.NorthWonders.com). They offer security awareness programs that significantly reduce the risk of ransomware, phishing, and compromised bank credentials – helping protect clinical data, patient personal information and your business assets.
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO4
TMC INFECTION CONTROL
Continued on page 5
Safe injection practices have been described by the CDC as part of Standard Precautions and are aimed at maintaining basic levels of patient safety and provider protections. The World Health Organization established that “a safe injection does not harm the recipient, does not expose the provider to any avoidable risks and does not result in waste that is dangerous for the community.” Unsafe injection practices have impacted thousands of patients and their families, either through a contracted illness or months of testing and uncertainty until learning they are free of disease.
Measures must be taken to perform injections in a safe manner for patients and providers to prevent transmission of infectious diseases from:
• Patient to Patient • Patient to Provider • Provider to Patient
There have been multiple investigations by health departments and the CDC which have shown that through the improper use of needles and syringes and misuse of medication vials the following have occurred:
• Transmission of bloodborne viruses, including hepatitis C virus to patients
• Notification of thousands of patients of possible exposure to bloodborne pathogens and recommendation that they be tested for HCV, HBV, and HIV
• Referral of providers to licensing boards for disciplinary action • Malpractice suits filed by patients
There are clearly outlined processes which will prevent the spread of infection through the injection process. Illness from unsafe injection practices should be a NEVER event in all healthcare environments. Hopefully each practice will review written policies to ensure patients are not at risk of contracting infections taking into consideration best practices recommended by the CDC.
• Never administer medications from the same syringe to more than one patient, even if the needle is changed.
• Do not enter a vial with a used syringe or needle. • Never use medications packaged as single-use vials for more
than one patient. • Assign medications packaged as multi-use vials to a single
patient whenever possible. • Do no use bags or bottles of intravenous solution as a common
source of supply for more than one patient. • Adhere to proper infection control practices during the
preparation and administration of injected medications.
THE IMPORTANCE OF SAFE INJECTION PRACTICES
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO
TMC INFECTION CONTROL
5
Continued from page 4
THE IMPORTANCE OF SAFE INJECTION PRACTICES
There are many organizations which are focused on eliminating outcomes caused by unsafe injection practices. They provide healthcare workers and patients a wealth or resources which are typically free of charge.
Click on the image to find resources on the CDC website.
Another resource is the One and Only Campaign, which provides education as well as posters which can remind workers of the importance of injection safety. Click the image to go to the homepage of this organization.
Injection safety must be a priority in each practice providing parenteral medications. It has been reported that in the last 10 years over 150,000 patients have been subjected to unsafe injection practices and the possibility of exposure to HIV, hepatitis, B and/or hepatitis C. Take the time now to learn how to protect your patients.
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO
TMC OSHA COMPLIANCE
Rubber gloves were developed in 1890 by William Stewart Halsted, a surgeon at Johns Hopkins Hospital.
Joseph Lister introduced carbolic acid and mercuric chloride as disinfectants to the surgical theatre. It worked. The death rate of Lister’s surgical patients went from close to 50% to only 15%. Halsted adopted the disinfectant process successfully, but his scrub nurse, Caroline Hampton, soon developed severe contact dermatitis on her hands from it. Halsted reached out to the Goodyear Rubber Company to create gloves for her to protect her hands. (Halsted and Hampton were married later that year.)
DID YOU KNOW?
6
IT’S YOUR CALL
OSHA Situation: HIPAA Situation: Our office has switched disinfectant wipes.
Do we need to retrain?What is the best way to know if our office needs a business associate agreement?
CLICK HERE FOR THE ANSWERS
HIPAA OSHA INFECTION CONTROL BUSINESS ASSOCIATESSTART YOUR TRAINING TODAY!
CLICK HERE TO
We would like to introduce you to one of our TMC Consultants, Amy Williams. Amy has more than 25 years of experience in the healthcare industry in both in-patient and out-patient settings. Her background includes long-term care, emergency medicine, and practice work. Just prior to joining TMC, Amy worked for a large private oncology practice in Virginia as a Medical Office Specialist and a Medical Assistant providing provider support and direct patient care. Before her transition to oncology, Amy was an Office Manager and Assistant for a busy podiatric surgical practice for 8 years. Her experience as an EMT, Fire and EMS President, CNA, Medical Assistant, Medical Office Specialist and Medical Office Manager makes her
an ideal consultant as she has a thorough understanding of a healthcare practice’s needs when it comes to compliance.
1. What is your must-have or go-to morning beverage? Coffee 2. What is the most fun or unusual item you keep on your desk?
Play-Doh 3. What is the strangest or most fun job you’ve ever had? Mom 4. How far away from home is the farthest away you’ve ever been?
3700 miles 5. What is your go-to item that you most often bring to potlucks?
Strawberry banana pudding 6. Where is your favorite place to listen to music? My carfice (car/
office) 7. What is the last movie you saw in a movie theatre? The Avengers
End Game
8. Do you have any phobias? Ticks 9. What is the most daring thing you’ve ever done? Got married for
a second time 10. Do you collect anything? Antique salt & pepper shakers 11. Do you (or would you) sing at Karaoke night? Yes 12. Are you related (even distantly) to anyone famous? Nope 13. What is your favorite holiday? Thanksgiving 14. What was the last non-work-related thing you read?
Autobiography of Marilyn Manson (I do not recommend it.) 15. Is your glass half-empty or half-full? It runneth over
GETTING TO KNOW TMC EMPLOYEES
TMC COMPLIANCE
7
888.862.6742www.totalmedicalcompliance.com
IN THIS ISSUE
1. _______________________________________________
2. _______________________________________________
3. _______________________________________________
4. _______________________________________________
5. _______________________________________________
6. _______________________________________________
7. _______________________________________________
8. _______________________________________________
9. _______________________________________________
10. ______________________________________________
11. ______________________________________________
12. ______________________________________________
13. ______________________________________________
14. ______________________________________________
15. ______________________________________________
16. ______________________________________________
17. ______________________________________________
18. ______________________________________________
19. ______________________________________________
20. ______________________________________________
21. ______________________________________________
22. ______________________________________________
23. ______________________________________________
24. ______________________________________________
25. ______________________________________________
SIGNATURE PRINT DATE
Print and post newsletter in office forstaff review. Each member should signthis form when completed. Keep on fileas proof of training on these topics.
INSTRUCTIONS
JUNE 2019
Take Information Security Home PAGE 1 - 2
Protect YourselfPAGE 3
The Importance of Safe Injection Practices PAGE 4-5
Did You Know? PAGE 6
Getting to Know TMC Employees PAGE 7
It’s Your CallPAGE 7
Sign-in sheetPAGE 8
