Free EHR, EHR and Healthcare IT Newsletter Want to receive the latest updates on EHR, EMR and Healthcare IT news sent straight to your email? Get all the latest EHR News for FREE!

Annual DataMotion Survey Reveals Shortfalls in Healthcare Security & Compliance Policy and Major Mobile Vulnerabilities

Email and File Transfer Poll Exposes Widespread Risks Still Taken By Employees;

Lack of Encryption for Email and Mobile Devices; Growth in Policy Development Undermined by Implementation Failure

FLORHAM PARK, N.J. – March 4, 2015 DataMotion™, an experienced email encryption and health information service provider (HISP), today announced results of its third annual survey on corporate email and file transfer habits, revealing significant security risks. While companies in all industries increasingly have put security and compliance policies in place – nearly 90 percent of all respondents affirming that in 2014 (compared to 81 percent in 2013) – the growth is largely from healthcare entities. More than 97 percent from the industry report their organizations as having policies in place, compared to 90.4 percent in 2013. However, challenges remain for healthcare when it comes to implementing these, ranging from low employee comprehension to policy violations. Additionally, a lack of encryption, risks in mobile device usage and low awareness of Direct Secure Messaging (Direct) pose serious issues for the highly regulated industry.

DataMotion polled more than 780 IT and business decision-makers across the U.S. and Canada. In particular, the survey focused on individuals who routinely work with sensitive data and compliance regulations in a variety of industries including healthcare, financial services, education and government.

More than 300 respondents were from healthcare. Key insights/comparisons on the industry include:

  • Security & Compliance Policy: Gains Undermined by Implementation Failure

o    36 percent of healthcare respondents said within their entity, security and compliance policies are at most only moderately enforced.

o    81 percent of all respondents said employees/co-workers either occasionally or routinely violate these policies. While healthcare fared better, nearly 73 percent admitted the same.

o    Key to making policies work is ensuring employee comprehension. When asked if they thought employees fully understood these types of policies, more than a third in healthcare said no, just a slight improvement over those from other industries.

o    When asked about common reasons why policies are violated, 52.7 percent from healthcare said it was because employees were not aware of the policy or that they were in violation. Another 29.1 percent said employees didn’t understand policies. Most troubling,18.2 percent said policies were intentionally violated by employees to get their job done.

o    These healthcare findings raise a “red flag” whereas key to passing an HHS/OCR HIPAA audit is demonstrating implementation of policies.

  • Lack of Email Encryption, Mobile Dangers and the Direct Problem

o    Nearly a third of respondents across other industries reported they don’t have the capability to encrypt email. Healthcare posted only a slightly lower response; nearly a quarter of respondents saying the same.

o    80.8 percent of healthcare respondents affirmed they’re permitted to use mobile devices for email. Yet, of those that permit email on a mobile device and have encryption at their organization, 31.3% cannot send and receive encrypted email from their mobile client.

o    Direct – the secure, email-like protocol developed for healthcare – garnered news coverage throughout 2014. Nearly 42 percent of healthcare respondents said they’re unaware of Direct. And of those who are aware of Direct, 42 percent say their organization is not using the alternative to email encryption.

o    The widespread use of mobile devices in healthcare, coupled with a lack of encryption, creates a “perfect storm” for exposing sensitive data.

  • Business Associates and the Long Tail of HIPAA/HITECH

o    Almost 70 percent of respondents whose organizations have a business relationship with a healthcare entity process their protected health information (PHI). Yet, 28 percent said they were either not a Business Associate (BA) or were unsure if they were.

o    Of those processing a healthcare entity’s PHI, 40.5 percent had either not been asked to sign a Business Associate Agreement or were unsure if they had.

o    HIPAA regulations redefined BAs to include downstream entities. Many not previously impacted by HIPAA/HITECH now fall under its long tail. The above numbers show a lack of awareness, placing BAs and the healthcare entities they represent at risk for non-compliance.

“Though the survey shows year-over-year growth in the number of companies putting security and compliance measures in place, the widespread security risks occurring are of great concern,” said Bob Janacek, chief technology officer at DataMotion. “Particularly at a time when organizations have experienced serious data breaches, it’s essential for companies to have strong policies and ensure employees fully understand and follow these. While healthcare has made gains in policy development, it’s all for naught if implementation fails, especially in such a highly regulated industry.”

“These measures should be across the board, as the data shows a gaping hole in security when it comes to mobile devices – with many companies permitting their use but not taking into account their lack of email encryption capabilities,” added Janacek. “Hopefully, this data will provide organizations with a better understanding of what steps need to be taken to ensure security and compliance.”

To view the healthcare survey report, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-healthcare-secure-email-file-transfer-practices/.

For survey results across all industries, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-secure-email-file-transfer-corporate-practices/.

About DataMotion

Since 1999, DataMotion™ SaaS technology has enabled organizations of all sizes to reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. Ideal for highly regulated industries, the DataMotion SecureMail portfolio offers easy-to-use encryption solutions for email, file transfer, forms processing and customer-initiated contact. In the healthcare sector, DataMotion is an accredited HISP (health information service provider) of Direct Secure Messaging. TheDataMotion Direct service enables efficient interoperability and sharing of patient data across the continuum of care. DataMotion is privately held and based in Florham Park, N.J. For the latest news and updates, visit www.datamotion.com, follow DataMotion on LinkedIn or Twitter® @datamotion.

March 4, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

DigiCert and DataMotion Partnership Advances Healthcare Through Secure Health Information Exchange

DataMotion Leads in Deploying Certification from DigiCert’s Common Dual-mode Direct Med CA, Enabling Direct Secure Messaging Among Government and Private Sector Healthcare Providers

 

LINDON, Utah and MORRISTOWN, N.J. – June 12, 2013 – DigiCert, the leading high-assurance digital certificate provider, and DataMotion, an innovative health information service provider (HISP) with more than 14 years of experience in secure data delivery services, today announced a groundbreaking partnership to expand common dual-mode certification for commercial and federal use for the healthcare industry. The partnership promises to improve patient care by making it much simpler for federal and non-federal organizations to engage in the secure electronic exchange of healthcare information.

 

The DigiCert/DataMotion partnership is a major step forward in fulfilling the vision of DirectTrust, an independent non-profit trade association tasked with overcoming secure data transfer challenges related to the Direct Project. Overseen by the Office of the National Coordinator for Health Information Technology, the Direct Project is a federal healthcare initiative fostering a standard method to securely exchange electronic healthcare information. It is aimed at ensuring compliance with federal privacy requirements and improving patient outcomes.

 

The partnership makes DataMotion the first HISP to use DigiCert’s dual-mode Direct Med Certificate Authority (Direct Med CA) in the DirectTrust Transitional Trust Anchor Bundle. The Bundle is a collection of trust anchor certificates from HISPs that meet common policies and practices for transmitting healthcare data across geographies and technologies. It eliminates the need for HISPs to manually exchange trust anchors, avoiding complex legal hurdles and one-off contracts. Direct secure messaging leverages the Internet and is far more efficient and secure than fax-based communication. As a result, participating HISPs can quickly help healthcare organizations, providers and patients to communicate in a way that is Direct-compliant and with an expanding community of trusted partners.

 

“The DigiCert Direct Med CA leverages policy processing capabilities to make the Direct protocol much more efficient to implement. This breakthrough eases certification difficulties that have threatened to stall adoption of the Direct Project,” said DigiCert’s Vice President of Government/Education Relations and Senior PKI Architect, Scott Rea, also a member of the Board of Directors for DirectTrust. “We need a national security and trust framework with a foundation of standards-based accreditation, supported by technology to easily on-board healthcare providers. Because our Direct Med CA facilitates commercial and federal use for multiple trust assurance levels, more providers will now be able to quickly and safely exchange information more efficiently. By partnering with DataMotion – a leading HISP with a secure data delivery pedigree – we’re able to get this to market quickly and help build the DirectTrust community.”

 

DigiCert has been at the forefront of Direct-related innovation and was first to issue Direct-compliant Federal Bridge Certification Authority certificates for Federal agencies to interoperate with non-federal organizations. Combined with digital certificates for commercial entities, the Direct Med CA can now serve all of healthcare with basic and medium assurance levels. By incorporating this capability into its HISP services, DataMotion is now able to offer a turnkey solution that will enable electronic health record (EHR) vendors and their customers to easily meet real-world healthcare communications needs.

                                                            

“This takes a huge burden off of healthcare providers by greatly simplifying their use of Direct messaging,” said DataMotion Co-founder and Chief Technology Officer, Bob Janacek. “Through this partnership EHR vendors now have a comprehensive solution for Direct communications, resulting in an easier path for providers to achieve Meaningful Use Stage 2 attestation, and better healthcare outcomes for patients.”

                                                                                          

About DataMotion

DataMotion enables organizations to dramatically reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. The company’s core DataMotion Platform solves a broad range of business issues by providing a secure data delivery hub. Easy-to-use solutions are provided for secure email, file transfer, forms processing and customer contact that leverage the DataMotion Platform for unified data delivery. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. DataMotion is privately held and based in Morristown, N.J. For the latest news and updates on DataMotion, visit www.datamotion.com, like DataMotion on Facebook® or follow Twitter® handle @datamotion.

About DigiCert, Inc.

DigiCert is a premier online trust provider of enterprise security solutions with an emphasis on authentication, PKI and high-assurance digital certificates. Headquartered in Lindon, Utah, DigiCert is trusted by a continually growing clientele of more than 70,000 of the world’s leading government, finance, healthcare, education and Fortune 500® organizations. DigiCert has been recognized with dozens of awards for providing enhanced customer value, premium customer support and market growth leadership. For the latest news and updates on DigiCert, visit www.digicert.com, like DigiCert on Facebook® or follow Twitter® handle @digicert.

June 12, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Verizon, MEDfx Demonstrate Digital Conversion and Exchange of Health Care Records; Achievement Supports Two Key Federal Initiatives

Demonstrating that even small physician practices can overcome the long-standing obstacle of paper record keeping and incompatible health IT systems, Verizon today announced one of the first successful pilots highlighting the integration of the ‘Direct Project’ and ‘NwHIN Connect’ initiatives spearheaded by the Office of the National Coordinator for Health Information Technology.

Verizon, working with health information technology provider MEDfx, has implemented a pilot program for diabetes care management with MedVirginia/CenVaNet and Dominion Medical Associates, showing that secure digital data sharing is achievable for physician practices that have not yet migrated to an electronic health record-keeping system.

Diabetes Managed- Care Pilot With MedVirginia/CenVaNet, Dominion Medical Associates One of First to Demonstrate Integration of ‘Direct Project’ and ‘NwHIN Exchange’

NEW YORK – Verizon and MEDfx, a leading provider of health information technology, have successfully implemented a pilot program enabling health care providers that still use paper records to easily convert them to a digital format and share them with other authorized providers.

The program addresses long-standing issues that have blocked the widespread adoption of electronic health care records: the complexity and expense that health care providers – especially small practices and individual physicians – face in adopting an electronic system, and the incompatibility of many health IT systems.  In addition, the program is one of the first successful health information exchange-based demonstrations to integrate two key federal government health IT initiatives designed to improve care management through secure, two-way exchange of patient health information.

The participants in the pilot are Dominion Medical Associates, an independent minority-owned physician practice in Richmond, Va.; CenVaNet, a health care provider network with 900 physicians and 11 not-for-profit hospitals serving central Virginia; and MedVirginia, a community-based health information exchange.

Under the pilot, Dominion Medical Associates scans paper-based care-management documents of diabetes patients and sends the documents over the Internet to CenVaNet care managers, via a MEDfx-provided physician portal.  The portal uses a set of common standards and protocols to digitize and securely transfer the care-management documents, making them accessible on a wide variety of health IT systems.

The data is then tagged and stored in the MedVirginia Solution® health information exchange. As a result, care managers from Dominion Medical Associates-CenVaNet-MedVirginia are now able to share, store and retrieve encrypted patient data and better coordinate patient care for the treatment of diabetes and other chronic conditions.

Verizon is providing the essential certificate authority – digital identifiers that verify trusted senders and recipients – to help prevent data from being shared with unauthorized personnel.

In addition, the digitized records can be printed out and stored in Dominion Medical Associates’ current paper-based records system and  easily migrated to an electronic health record system once Dominion implements its platform.

“This pilot program has great significance because many health care providers still use paper records due to the time and expense involved in deploying electronic record-keeping platforms,” said Dr. Peter Tippett, vice president – security and industry solutions, Verizon.  “By demonstrating that federal guidelines for health IT adoption and secure electronic data exchange actually work, this pilot program is leading the way to the widespread adoption of electronic medical records and the transformation of the U.S. health care system.”

The pilot leverages two initiatives spearheaded by the Office of the National Coordinator for Health Information Technology:

  • The Direct Project, a set of standards, protocols and policies, specifies a simple, secure, scalable method for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet.
  • NwHIN Exchange, a suite of open-source, downloadable software packages, including a gateway and enterprise services platform that enables regional, state and federal health information exchanges to interconnect and securely share health information.

Shannon Lodge, director – program development, CenVaNet, said: “By working with Dominion Medical Associates on this trial, we are enabling the physician practice to deliver better care coordination for patients while maintaining current workflows and processes.  It is also providing tangible insights into the value of sharing health information digitally and is helping pave the way for Dominion Medical Associates’ migration to electronic health records.”

Verizon Connected Healthcare Solutions offers a comprehensive portfolio of managed, IT and consulting services for the health care industry to help transform patient care delivery, enhance access to care and better manage costs.

Verizon is a global leader in driving better business outcomes for enterprises and government agencies.  Verizon delivers integrated IT and communications solutions via its high-IQ global IP and mobility networks to enable businesses to securely access information, share content and communicate.  Verizon is rapidly transforming to a cloud-based “everything-as-a-service” delivery model that will put the power of enterprise-class solutions within the reach of every business.  Find out more at www.verizonbusiness.com.

Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to mass market, business, government and wholesale customers.  Verizon Wireless operates America’s most reliable wireless network, serving 94.1 million customers nationwide.  Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers innovative, seamless business solutions to customers around the world.  A Dow 30 company, Verizon employs a diverse workforce of more than 194,000 and last year generated consolidated revenues of $106.6 billion.  For more information, visit www.verizon.com.

April 17, 2011 I Written By

Quest Diagnostics Expands Interoperability of Care360 EHR with Direct Project Specifications

Enhancements to Care360™ EHR Provide Physicians with the Ability to Securely Share Patient Information Across Disparate Systems

MADISON, N.J. – February 22, 2011 – Quest Diagnostics (NYSE: DGX) announced the general availability of the next release of its Care360™ Electronic Health Record (EHR) solution designed to significantly enhance the interoperability of Care360 EHR by supporting the Direct Project specifications, which were established by the Direct Project under the coordination of the Office of the National Coordinator for Health IT (ONC). These protocols will enable physicians to more effectively exchange data with hospitals, patients, payers and other healthcare providers in a secure email format.

“Through our role leading the development workgroups and pilot projects, we are the only laboratory and EHR solution provider to date to integrate the Direct Project specifications into our product, affirming our commitment to proactively advancing greater HIT adoption among physicians,” said Richard A. Mahoney, vice president of healthcare information solutions for Quest Diagnostics and president of its healthcare IT subsidiary MedPlus. “The Direct Project is one of the most significant steps forward in accelerating EHR interoperability by improving the communication among physicians, hospitals, laboratories, health plans, health information exchanges and patients.”

The Direct Project is an initiative of the ONC for Health IT to extend the benefits of health information exchange to individual physicians and small practices who have limited resources and technology assets to meet requirements for Meaningful Use of EHRs. Since the ONC announced the formation of the Direct Project last year, MedPlus has played a significant role in the development of standards through its participation in workgroups and one of the eight pilots. In the pilot, Care360 EHR is demonstrating early use of the Direct Project specifications and has incorporated those capabilities into its generally-available Care360 EHR solution to improve overall coordination of care and assist with Meaningful Use objectives.

“For my patients, especially those who see multiple physicians, the addition of the Direct Project specifications into Care360 EHR is a tremendous leap forward for exchanging clinical data securely with their other healthcare providers,” said Paulo Andre, MD, neurologist at MetroWest Medical Center, and medical director of MetroWest Accountable Health Care. “I strongly believe that when you improve communication you improve care, and ultimately empower patients with the information they need to better manage their health.”

In addition, Care360 EHR now provides Clinical Decision Support (CDS), which analyzes data from a variety of clinical data sources, providing a comprehensive view of a patient’s current medical condition. The CDS engine, embedded with more than 29,000 evidence-based clinical rules — such as gaps in care, drug safety, lab rules, Meaningful Use, HEDIS, and HCC — will leverage clinical data from pharmacy claims and lab results, and combine this information with physician-entered data to generate gaps-in-care reports for Care360 users. The CDS engine will also provide data on all 44 clinical quality measures for eligible professionals for Stage 1 Meaningful Use, and provide a path to Stage 2 of Meaningful Use.

Adoption of the Care360 EHR solution continues to grow among small to medium-size physician practices across the nation. Approximately one third of U.S. physicians—and many of the country’s leading hospitals, health plans and regional health exchanges—currently rely on healthcare information solutions developed by MedPlus to document, analyze and monitor diagnostic, prescription and clinical data to provide better patient care. Because Care360 EHR is Web-based, there is no dedicated IT server hardware or infrastructure required, which shortens implementation time and reduces the Total Cost of Ownership (TCO). Physicians can access secure patient information anywhere, anytime, from any fixed or mobile Internet browser.

Additional Upgrades to Care360 EHR include:

* The ability to send basic reminders and share clinical histories with patients.
* The ability to refer and interoperate with care providers on other EHR systems, including support for CCD as the content standard and support for Direct Project specifications for transport standards.
* An electronic interface to community data sources allowing the physician to receive external documents and patient charts.
* Support for Meaningful Use quality and utilization measures reporting and submission to allow eligible providers to generate, track and report necessary measures to CMS to qualify for Meaningful Use incentives.
* The ability for providers to report to state immunization registries and syndromic surveillance registries.
* Support for flexible, template-based ways to address state regulations for prescription faxes.
* The ability to access patient-specific educational resources.

Visit www.Care360.com to learn more about the Care360 suite of solutions. To download Care360 Mobile for the iPad, iPhone or iPhone, visit the Medical Applications section of the Apple Apps Store. To learn more about the Direct Project, visit www.directproject.org.

About Quest Diagnostics
Quest Diagnostics is the world’s leading provider of diagnostic testing, information and services that patients and doctors need to make better healthcare decisions. The company offers the broadest access to diagnostic testing services through its network of laboratories and patient service centers, and provides interpretive consultation through its extensive medical and scientific staff. Quest Diagnostics is a pioneer in developing innovative diagnostic tests and advanced healthcare information technology solutions that help improve patient care. Additional company information is available at www.QuestDiagnostics.com.
About MedPlus
MedPlus, based in Cincinnati, Ohio, is the healthcare information technology subsidiary of Quest Diagnostics. MedPlus is a leading developer and integrator of clinical connectivity and healthcare information exchange solutions designed to foster better patient care and improve business performance for health care institutions, physicians and patients. The company’s Care360 platform is a Web-based solution that provides physicians with online laboratory test ordering, ePrescribing, clinical messaging and clinical documentation. Care360 is used by more than 165,000 enrolled physicians in more than 75,000 locations. In addition, Care360 Data Exchange and ChartMaxx® solutions efficiently and securely collect, store, manage and integrate clinical information within an organization, enterprise, practice or community. Care360 Data Exchange enables clinicians to access patient data in a centralized view aggregated from multiple care sites. ChartMaxx, the company’s award-winning DMI and electronic patient record system, has been implemented in more than 140 hospitals and integrated health care delivery networks and has more than 400,000 users. For more information, visit www.MedPlus.com.
About Care360 EHR
Care360 is certified as a Complete EHR by the Certification Commission for eligible Health Information Technology (CCHIT®). More than 165,000 enrolled physicians at more than 75,000 locations across the nation rely on the Care360 suite of products to help improve patient care and increase practice efficiencies. For those physicians using Care360 Labs & Meds for online lab ordering/results and ePrescribing, the transition to Care360 EHR is simple, building upon their existing Care360 interface.

February 19, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.