Issue link: https://beckershealthcare.uberflip.com/i/718038
48 CIO / HEALTH IT Catholic Health Care Services Agrees to $650,000 HIPAA Violation Settlement By Akanksha Jayanthi C atholic Health Care Services of the Archdiocese of Philadelphia agreed to settle potential HIPAA violations for $650,000 and implement a corrective action plan aer a the of a mobile device compro- mised the protected health information of 412 nursing home residents. HHS' Office for Civil Rights began inves- tigating CHCS in April 2014 aer learning a CHCS-issued employee iPhone had been stolen. e iPhone was neither encrypted nor password-protected and contained sensi- tive information, including Social Security numbers, diagnosis and treatment informa- tion, medical procedures, names of family members and legal guardians and mediation information. Additionally, at the time of the the, CHCS had not established any policies regarding removing devices containing PHI from the facility. e facility also had no risk analysis or risk management plan. "Business associates must implement the pro- tections of the HIPAA Security Rule for the electronic protected health information they create, receive, maintain or transmit from covered entities," said HHS OCR Director Jocelyn Samuels. "is includes an enter- prise-wide risk analysis and corresponding risk management plan, which are corner- stones of the HIPAA Security Rule." n Execs More Likely to Pay Ransom if They've Previously Been Hacked By Akanksha Jayanthi W hether an organization pays a ransom may depend on if it has faced a ransomware attack previously. The majority of IT executives (84 percent) whose orga- nizations had not faced a ransomware attack said they would never pay a ransom, but almost half of executives (43 percent) whose organizations had been attacked said they would, according to a survey from cybersecu- rity and application delivery solutions provider Radware. The survey polled more than 200 IT executives in the U.S. and U.K. It found U.S. companies appear more willing to say they would pay a ransom: 23 percent of U.S. executives said they were prepared to pay, compared to 9 percent of the U.K. executives. "This is a harbinger of the challenging decisions IT executives will face in the security arena," said Carl Herberger, vice president of security solutions at Radware. "It's easy to say you won't pay a ransom until your system is actu- ally locked down and inaccessible." n ONC's New Plan to Measure Interoperability: 5 Things to Know By Akanksha Jayanthi T he ONC outlined how it intends to measure interoperability, a require- ment detailed in the Medicare Access and CHIP Reauthorization Act. The agency plans to use existing national surveys of clinicians' EHR use so as not to add to their reporting burden. The ONC detailed its new measurement plan in a July 1 blog post. Here are five things to know about the agency's new plan to measure interoperability. 1. MACRA requires the ONC to measure the healthcare system's success in achieving "widespread interoperability," and the agency sought stakeholder input on how best to do that. A recurring theme of received comments was concern over the scope and burden for clinicians reporting measurements. 2. The ONC identified two key interoperability measures that address stakeholder feedback as well as MACRA's parameters: The proportion of healthcare providers electronically engaging in core domains of interopera- ble exchange, and the proportion of healthcare providers who report using the information they electronically receive from outside providers in their decision-making. 3. "Importantly, these measures do not add to providers' reporting burden as part of their participation in federal healthcare programs like Medicare and Medicaid, but rather come from existing national surveys of hospitals and office-based physicians," according to the ONC blog. The surveys from which the ONC will assess the measures are the American Hospital Associ- ation's Information Technology Supplement Survey and the CDC's National Center for Health Statistics' annual National Electronic Health Record Survey of office-based physicians. 4. These surveys have high response rates and are completed by providers nationwide, offering a broad perspective of exchange and interoperability, according to the ONC. 5. The MACRA requirement currently focuses on interoperability for "mean- ingful users," but the ONC plans to expand the measurement efforts across the care continuum. n