Paubox is the easiest way to send and receive HIPAA compliant email. No portals. No plugins. No extra steps. Just secure email for both senders and recipients.
Christie Clinic invests in top of the line technology to provide their doctors with the best tools they need to diagnose and treat patients.
When their previous email encryption solution wasn’t measuring up to their other top tier technology, they began to look elsewhere for a more fitting solution.
Scott Segerstrom Customer Success
0:00 – 0:52 = What problems Christie Clinic solves
0:52 – 1:30 = Christie Clinic’s medical office project alongside a surgery center
Christie Clinic is a physician-owned, multi-specialty group medical practice headquartered in Illinois. They have over 40 departments and 35 specialties to take care of virtually every patient’s needs.
With core values such as integrity, commitment, sustainability and quality, their mission is to “provide medicine for your life!”
We held it at Covo and had catered food delivered from City Counter.
We used the event as a forcing function to launch our new JSON HIPAA Compliant Email API. We pushed hard this week to launch and we got it done. Proud of our team.
Enjoy the pics!
Tyler “Commish” Dornenburg (Leapcure) with a strong use of hand gestures. We launched our new JSON HIPAA Compliant Email API today. Stoked. Bill Growney from Goodwin Law. Mahalo for hosting the event with us, Bill! Renee Char and Evan Fitzgerald chillaxin after our API launch. Ari Tulla (BetterDoctor) and Rebecca Woodcock (500 Health) catching up. “Where do we put these banners?” Ari Tulla’s phone was on point last night. Most likely a preview of the Mix Tape of Happiness Rebecca Woodcock, Dale Beermann (Pacifica), Robert “Rogus1” Ogus, Suraj Mehta Evan “Senor Agave” Fitzgerald espousing the numerous health benefits of the Tequila Diet.
One of my key takeaways from that evening was Joe’s affinity for Base Plays.
Base Plays are the simple plays you learn early in the season. These are the same plays you go back to all the time.
I strongly felt we could incorporate Base Plays into Paubox, so we set about and compiled them.
For us, Base Plays are the simple tactics and habits that got us to where we are. If we get in a rut or hit a rough patch, we can go back to our Base Plays to get back on track.
For what it’s worth to startup founders out there, here are my base plays as CEO of Paubox.
Relevance. Always strive to be and remain relevant.
Arrive early. Do not be late.
Exercise. Paubox is gonna be a monster. Keep in shape, avoid burnout.
Holoholo. Don’t forget to get in the water! This is who you are.
Customer Feedback. Never forget, use customer feedback as a roadmap of what to build and when to build it.
Dance with the one that brought you. Take care of the folks that got you here.
Theft of medical records is so common that if it continues at its current rate, everyone’s healthcare data could be compromised by the year 2024. The problem is that employees are rarely as good at spotting phishing attacks as they think they are, and even the best anti-hacking measures can’t overcome human error.
Securing healthcare data has always been a priority, but it’s become much more of one over the past few years. In addition to the infamous WannaCry attack that crippled healthcare services around the world, 2017 also saw a spate of malware attacks aimed at providers.
Despite the increase in the frequency and visibility of attacks, healthcare providers continue to make a few mistakes that leave them vulnerable to phishing emails.
The Paubox Breach Report analyzed HIPAA breach reporting submitted to the U.S. Department of Health & Human Services (HHS) in March to analyze the types of breaches of unsecured protected health information (PHI) affecting 500 or more people.
HIPAA Breaches Ranked by People Affected
Top Three Breach Types
Email breaches ranked the highest with 89,180 people’s PHI hacked or stolen in March.
Electronic Medical Record breaches ranked second with PHI of 64,621 people breached.
Network Server breaches came in a distant third with 38,689 people having their PHI breached.
Bottom Three Breach Types
Desktop Computer ranked as the lowest number of people’s PHI being breached in March with 662 breaches.
Other Portable Electronic Device was the second lowest type of breach as ranked by people affected with 6,707.
Other was the third lowest type of breach as ranked by people affected with 10,793.
HIPAA Breaches Ranked by Occurrence
The Most Common
Email took the top spot as the most common breach type in March with 6 reported breaches.
Paper/Films came in as the second most common breach type with 5 incidents.
Other, Laptop, and Other Portable Electronic Device came in tied for third with 4 reported breaches each in March.
Takeaways
Email once again ranked first in both categories: Breaches Ranked by People Affected and Breaches Ranked by Occurrence. The last time email ranked first in both categories was in November 2017.
I believe we are seeing a correlation to the recent ransomware attacks across the nation and HIPAA Email Breaches.
We recently sat down with Ben Holber, Founder CEO of YoDerm, for another episode of HIPAA Center.
Here is a transcript of how Ben is simplifying the dermatology prescription process. You can watch the entire interview here.
Ben Holber: In Telemedicine, do you have to see a dermatologist in your state?
Hoala Greevy: Okay and then I was doing a little bit more homework. I saw you mentioning DTC. The only thing I could find on it was in the – some kind of street dictionary, “Down to Churro”, so, probably not that. So what the heck does DTC mean?
Ben Holber: No, I mean I’m always Down to Churro. Always down. Direct to Consumer.
Hoala Greevy: Ah. Geez, guess I didn’t do that much homework.
Ben Holber: No, we just nailed it with the DTC, but no that’s right, Direct to Consumer. Because we’re not relying on a third party to pay, we are working with and providing value directly to consumers.
You know, I think something that’s admirable about that is it is a much clearer kind of supply and demand curve, right? We have to make sure that we provide a great enough service that patients are willing to open their wallet and the value that we’re providing is equivalent to the value they’re giving us.
And that’s a much clearer supply and demand curve that shows more, I think, equity in both the outcome and the income.
About YoDerm
YoDerm is the easiest way to get prescription medications from a board certified dermatologist. Their mission is to expand the access to dermatology services by making them more convenient and affordable.
We recently sat down with Ben Holber, Founder CEO of YoDerm, for another episode of HIPAA Center.
Here is a transcript of how Ben is simplifying the dermatology prescription process. You can watch the entire interview here.
Ben Holber: In Telemedicine, do you have to see a dermatologist in your state?
Hoala Greevy: So if I need some help, do I have to see a dermatologist that’s certified in the state I live in? How does that work? I’m a total outsider.
Ben Holber: Yeah, yeah. You’re absolutely right. Typically the way the legal precedent has come to fruition was that medicine and treatment occurs where the patient is located, not where the physician is located.
A patient is located in, say, New York, the physician doesn’t necessarily have to be located in New York, but they have to be licensed to practice medicine in New York.
So anytime you come to YoDerm and you get a consultation in your state, you will be treated by a physician who is licensed in that state.
Hoala Greevy: Got it. And do you folks cover all 50 states?
Ben Holber: We don’t. We cover like 34, I believe 35 states. The reasons why we aren’t in all 50 states is because first off not all 50 states have as progressive laws and regulations around telemedicine, around establishing a patient-physician relationship without an in-person consultation. And then also we’re continually growing our physician base as well as our partner pharmacy base to go into all the states we can.
Hoala Greevy: So some states don’t allow telemedicine? Is that what I heard?
Ben Holber: Yeah, essentially there are some states that just straight up do not allow telemedicine.
Hoala Greevy: Oh wow.
Ben Holber: And then, along with that, there are some states who will only allow telemedicine, but it has to be live video, right? And with us, it’s asynchronous. So you take a photo, you send it off, you can live chat, or message, right?
Hoala Greevy: Yeah.
Ben Holber: However, Maryland, Idaho, D.C., you actually have to do a Skype or a FaceTime essentially with the Doc in order for that to be compliant.
Hoala Greevy: Interesting.
About YoDerm
YoDerm is the easiest way to get prescription medications from a board certified dermatologist. Their mission is to expand the access to dermatology services by making them more convenient and affordable.
We spoke to a prospect recently who asked us how Paubox integrates with 2-Factor Authentication methods for various email platforms.
One of the most popular business emails that Paubox integrates with is G Suite.
As we’ve written about before, G Suite can be made fully HIPAA compliant when integrated with Paubox. But how do you make sure your G Suite account itself is secure?
Two Factor Authentication (2FA) for the win
Choosing the right authentication type is one of the most important things healthcare organizations can do.
Single factor authentication is a process that uses one of the three factors (i.e. something you know, are, or have) to attain authentication. For example, password is something you know and is the only factor that would be required to authenticate a person or program. This would be considered a single factor authentication.
But multi-factor authentication (like 2FA) uses two or more factors to succeed authentication. For example, a private key on a smart card that is activated by a person fingerprint is considered a multi-factor token. The smart card is something you have, and something you are (the fingerprint) is necessary to activate the token (private key).
Obviously, 2FA is a better option if you can implement it.
Thankfully Google makes it easy to enable 2FA.
Enabling 2FA in G Suite and Paubox
Any admin of your G Suite setup can easily enable 2FA for your domain.
We recently sat down with Ben Holber, Founder CEO of YoDerm, for another episode of HIPAA Center.
Here is a transcript of how Ben is simplifying the dermatology prescription process. You can watch the entire interview here.
Ben Holber: How YoDerm is simplifying receiving dermatology prescriptions
Hoala Greevy: Now I understand you folks are also – and I think you alluded to it a few minutes ago – you’re also in the mix when it comes to the delivery of the treatments?
Ben Holber: Yeah, that’s right. Yeah, absolutely.
Hoala Greevy: That’s cool.
Ben Holber: Yeah we initially started off just doing the consultations and the prescriber would create your treatment plan for you and if there was a prescription, we’d send it off to say CVS and you’d go pick it up.
We found that regardless of how easy we made the consult, it’s actually still really difficult to obtain the meds. You’re dealing with navigating your maze of co-pay, co-insurance, max amount of pocket, all that stuff.
And ultimately, you still have to find time to go to the pharmacy. We can make getting the treatment plan as conveniently as possible but if medication is still difficult, the treatment plan doesn’t matter, right?
So for a handful of conditions, we’re doing the fulfillment as well with partner pharmacies so we can send it directly to patients. And we found that our retention and our patient compliance has shot through the roof because of it.
Hoala Greevy: Oh, that’s great.
Ben Holber: Yeah, yeah. It’s a win-win for everybody.
Hoala Greevy: The last mile.
Ben Holber: Exactly.
Hoala Greevy: That’s awesome.
About YoDerm
YoDerm is the easiest way to get prescription medications from a board certified dermatologist. Their mission is to expand the access to dermatology services by making them more convenient and affordable.
…there was a breach in personal information related to some Polk County social work assessments.
There are 2,042 individuals whose information was included in the breach, which happened during the assessment period of some child and dependent adult abuse cases. Letters were mailed this week notifying these Iowans of the breach.
This occurred when two workers used personal email accounts, personal online storage accounts and personal electronic devices for work purposes. That caused confidential data to be transmitted outside the DHS secure network. The incidents happened over a 5-year period starting in 2008.
“There are no reports that any of the information was misused before it was deleted,” said Pat Penning, service area manager for the region including Polk County. “We’ve sent notification to individuals whose information was transmitted outside the secure network.”
The types of information involved included name, mailing address, Social Security number, state identification number, date of birth, health information and incident information.
The department began an internal investigation on January 17, 2014, once the issue was identified by a social work supervisor. Officials found that the workers did not follow DHS policy, which prohibits use of personal devices and transmitting information outside of the agency’s network. Appropriate personnel action was taken.
“The chance that this information was accessed through these password-protected accounts and devices was small,” said Penning, “but we realize the Iowans involved in these cases may wish to take steps to be sure their information wasn’t misused.”
DHS is taking further action including blocking access to online file storage sites, providing updated materials to staff on the department’s information technology policy and standard operating procedures, and continuing to require yearly cyber-security training for all employees.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Millions of Americans suffer from some type of skin condition – whether it’s acne that affects 50 million Americans, or rosacea, or even male pattern baldness.
Wait times to see a dermatologist can be one to two months, and considering most conditions need ongoing treatment, the period between appointments can feel like forever.
Ben Holber was one dermatology patient who was tired of waiting, so he created YoDerm: an on-demand dermatology service that takes care of your skin on your time.
YoDerm is the easiest way to get prescription medications from a board certified dermatologist. Their mission is to expand the access to dermatology services by making them more convenient and affordable.
On April 5, 2018, Diagnostic Radiology & Imaging submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Greensboro, NC, Diagnostic Radiology & Imaging’s email breach affected 800 individuals’ protected health information.
Diagnostic Radiology & Imaging is classified as a Healthcare Provider.
According to Diagnostic Radiology & Imaging’s press release:
On January 31, 2018, DRI became aware of an impermissible disclosure of limited health information about approximately 800 patients. An investigation revealed that on November 11, 2017, an employee of DRI became the victim of a phishing attack. “Phishing” is a type of cybercrime in which individuals are targeted and tricked into revealing sensitive or confidential information. In this case, an attacker emailed DRI employees using an email address that appeared to be legitimate, and one DRI employee revealed information to the attacker that allowed the attacker to access the DRI employee’s work-related email account. Within that DRI employee’s email account, we found a limited amount of information about patients, including names, a general description of imaging services received (including date, type, and location of imaging service), medical record numbers, and in some cases, email addresses and phone numbers. In just a few cases, the patient’s date of birth was also included. As a result, the attacker gained access to that information.
Please note that the attacker did not have access to any of our patients’ Social Security Numbers or other financial information, and for that reason, we do not believe there is any risk of financial harm to our affected patients as a result of this phishing attack.
In accordance with DRI policy, and as required by federal law, DRI is notifying affected patients via first-class mail.
We take the confidentiality and secure handling of patients’ information seriously. Our investigation involved external forensic investigators as well as attorneys with experience in handling these types of incidents. We have policies and procedures in place regarding the confidentiality and security of patient information, and we train our employees on these policies and procedures on a regular basis. In response to this cybercrime, we have retrained our employees and contractors on our policies and procedures relating to privacy and security. We have also implemented more specific training on phishing and other types of cybercrimes to better educate our employees and contractors.
We are very sorry that this happened, and we are taking steps to try to prevent situations like this in the future.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Guardian Pharmacy of Jacksonville, LLC (“Guardian”) is notifying certain patients of the unauthorized access to certain limited pieces of patient information, including patient name, prescription medication information, treatment details, and diagnosis information.
For a small number of individuals, this information also included Social Security numbers and health insurance information. Although we are unaware of any actual or attempted misuse of protected health information, Guardian is providing its impacted patients with information about the event, steps taken since discovering the incident to mitigate the risk of misuse of the information, and what can be done to better protect against potential harm resulting from this event.
On October 3, 2017, Guardian identified unusual activity in an employee email account. As part of Guardian’s immediate and ongoing investigation into the event, on February 14, 2018, it was determined that certain pieces of patient information were accessible to an unauthorized individual(s).
“We take this event very seriously,” Khristy McCelland, President of Guardian Pharmacy of Jacksonville, stated. “Upon learning of the event, we immediately changed the credentials to the email account and launched an extensive internal investigation, which was supported by a third-party forensic investigation firm, into the nature and scope of the incident. Once we confirmed that protected health information was accessible to an unauthorized individual(s), we immediately took steps to mitigate the risk to our impacted patients and to notify them of the incident. In response to this incident, we have augmented our password security policies and provided additional training to employees.”
In addition to mailing letters to its impacted patients, Guardian disclosed this incident to the U.S. Department of Health and Human Services, the Florida Attorney General, and the major consumer reporting agencies on March 30, 2018.
Guardian is unaware of any actual or attempted misuse of its patients’ information and cannot confirm if their information was accessed without authorization.
Nevertheless, Guardian encourages its patients to review their Guardian account statements, health insurance account records, and explanation of benefits forms for suspicious activity. Any suspicious activity should be immediately reported to the institution that issued the record. Credit monitoring and identity restoration services are being offered to patients whose Social Security numbers were potentially impacted by this event.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Paubox Encrypted Email redefines the secure email experience. By eliminating portals, plug-ins and extra steps, Paubox is the only solution that enables zero-step encryption on all sent emails and eliminates frustration for your staff and recipients.
If you have Salesforce’s Lightning Experience, you can send Salesforce emails from your Gmail or Office 365 account. Emails sent in Lightning Experience look like they were sent from your Gmail or Office 365 inbox. You can also see the emails you’ve sent in your Gmail or Office 365 Sent Items folder.
If you enable this Salesforce feature and are a Paubox encrypted email user, you can inherently send HIPAA compliant emails from Salesforce.
Follow the tutorial below to activate this Paubox secret bonus in Salesforce.
How to send HIPAA compliant emails from Salesforce
To get started, enable two basic user permissions: permission to send email and permission to access to the record the email is sent from. Move on to the next step after enabling these permissions.
Salesforce still sends workflow emails and trigger emails. However, external email accounts do not support bounce management.
Also, email delivery information when sending emails through Gmail or Office 365 is not available in the Salesforce email logs. Obtain email logs from your Gmail or Office 365 instead.
To integrate Salesforce with your G Suite or Office 365 account:
From your personal settings, enter My Email Settings in the Quick Find box, and select My Email Settings.
Select how you’d like to send your email. Your Salesforce admin can enable either Gmail or Office 365 for your organization. You can’t choose between the two.
Click Save.
After completing these steps, you will have successfully configured your G Suite or Office 365 account to send email from your Salesforce account.
Your outbound mail flow will now look like this: Salesforce > GSuite/Office365 > Paubox > delivered securely to your end recipient.
Thank you for choosing Paubox to secure your emails. Happy emailing!
When you hear the phrase “medical home”, you might think of a nursing home, but actually, a medical home is a place where a patient can receive everything they need for primary care (such as behavioral health, community resources, etc.)
Laura Merrick, Operations Project Manager of Medical Home Network, shares how their work not only affects the primary care community, but also hospitals.
Hoala Greevy: Howzit, this is Hoala Greevy, Founder CEO of Paubox. We’re here at HIMSS18 in Las Vegas. I’m here with Laura Merrick and she’s with Medical Home Network. I just met her a few minutes ago, so let’s get started with another version of HIPAA Center. Laura, thanks for joining us.
Laura Merrick:Thank you for having me.
Hoala Greevy:Can you tell us more about the scope of your work at Medical Home Network?
Laura Merrick:Certainly, certainly. So Medical Home Network is a formal provider collaborative that was founded and funded in Chicago, Illinois. Our focus was improving healthcare delivery and innovation, focusing on reinforcing the centrality of the medical home.
So we began our work about 9 years ago, bringing providers together to share around a common vision to support the Medicaid patients that were so disparately separated across the southside of Chicago.
We had several opportunities along the way and one of those was that we formed a Medicaid ACO known as the MHN ACO.
So the Medical Home Network ACO, known as MHN ACO, supports 9 federally qualified health centers and 3 Hospital systems through an Innovative – through our Innovation and technology in healthcare delivery. We are connected with 25 hospitals around the county area and 180 unique medical homes to support the care for Medicaid recipients outside on the southside of Chicago.
Hoala Greevy:Medical home, is that a skilled nursing home? What exactly is that?
Laura Merrick:No, don’t let our name fool you. At the time, when we first started the work we were really focused on, reinforcing Primary Care – a term for a medical home is a term where a patient can receive everything that they need around primary care. That might be access to behavioral health or Community Resources, and it’s a place where they can not only seek the care that they need but also the help to get the care that they need by their care manager.
So the network that we created in the beginning of our work was really about bringing providers together both in that medical home setting to drive that primary care model. We were able to do that with not only the primary care community but also hospitals, and really drive communication and that was really key to really engaging and reaching patients.
Hoala Greevy:Healthcare is notorious for lack of. Definitely.
Laura Merrick:Right.
Hoala Greevy:So MHN has been around for 9 years if I heard you correctly. How long have you been with the company?
Laura Merrick:Since it was founded, I believe it was 2008. I was one of the second employees.
Hoala Greevy:Wow. So almost from the beginning.
Laura Merrick:Yes.
Hoala Greevy:Wow. So HIMSS18, what was your biggest takeaway from this year?
Laura Merrick:You know, I think for the work that we do, it’s validation that we’re on the right track: driving innovation across our area. That there are opportunities to share best practices with others that are doing the work that we’re doing across the nation, and that there is more that we can do around improving access to data, and ultimately the care for our patients.
Hoala Greevy:Laura, is HIMSS part of your annual conference schedule or is it your first time here?
Laura Merrick:It is my first time here.
Hoala Greevy:Oh wow. Well you picked the right location because last year it was Orlando, and I – this is more preferably for me. Closer and a bit more fun.
Laura Merrick:Yeah.
Hoala Greevy:Great, and last question – where do you see the future of your industry going?
Laura Merrick:I think it’s innovation, it’s healthcare innovation. And that is wrapped around not only technology but how we implement the technology and the meaning behind how we connect data to get access to care for these patients. So I really think it’s continued innovation to empower care management activities, to empower reaching beyond the healthcare ecosystem into the community, and to really think a little bit bigger about how we really provide care.
Hoala Greevy:Man, Laura, thanks for submitting time with us, we really appreciate it. Nice to meet you. Aloha!
Medical Home Network
Medical Home Network (MHN) is a not-for-profit collaborative that has fundamentally changed how care is delivered.
Their proven model of care unites provider communities and diverse healthcare entities around a common goal: to redesign healthcare delivery and transform the way care is managed at the practice level.
Medical Home Network provides the tools and processes to help care teams engage patients and help them become an accountable member of the team. By connecting providers and delivering real-time information, they enable coordinated care management, improve transitions of care, and promote timely follow-up.
Microsoft Teams is a cloud platform that combines workplace chat, meetings, notes, and attachments. First launched in 2017, Microsoft Teams is Microsoft’s competitive rebuttal to Slack and Google Hangouts Chat.
Microsoft Teams and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Microsoft’s site and found a page called:
[Microsoft] Teams is Tier C-compliant at launch. This includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC).
To get more information on what Tier C-compliance means, we tracked down a doc in the Microsoft Download Center called:
We recently sat down with Ari Tulla, CEO and Founder of BetterDoctor, at their office in San Francisco’s SOMA district.
Here is a transcript from why Ari thinks digital entrepreneurs should stop using the word “pilot”. You can watch the entire interview here.
Ari Tulla: Why Digital Health Entrepreneurs Shouldn’t Use the Word “Pilot”
Hoala Greevy: I understand that when it comes to healthcare and digital health startups, you don’t like the word “pilot”. Why is that and is there a better word for digital health entrepreneurs to focus in on?
Ari Tulla: I think this is specific for many of us who started healthcare companies in the B2C realm, going to consumers and trying to do something for them. And often many of them have been moving into B2B [or] B2E, working with the big enterprise companies.
In healthcare, the money is in three buckets: it’s in health plans, health insurance companies; it’s in the hospitals and the providers; and it is in the pharma.
Those are the ones that own 80% of the 3 trillion dollars today that we spend every year.
So you have to go there and shake those trees to make money. The money is not coming from the consumers because they don’t pay anything directly.
So you basically have to go to the big companies, and when you work with these big companies – we have experienced this a little bit and we have seen, and I have seen, many horror stories on the idea of “Hey, let’s do a pilot.”
Every big organization has an innovation team, and these innovation teams, they are there to work with the startups, with the new entrants and do small tests.
But very rarely those ideas and those early tests are leading into full implementations. So the “pilot”, it sounds like a doom interval from the beginning.
So you can do 100 pilots that might lead nothing in the end. So I try to just use the vocabulary and say, “Let’s go from pilot and talk about proof of concept.” If we already have something that works, let’s do a small implementation in some market. Let’s not do a pilot. Pilot means, “Let’s just do something little and try it, and it might not work.”
Hoala Greevy: Man, that’s a good takeaway. I’m sure people are going to want to hear about that.
BetterDoctor
BetterDoctor helps patients find the right doctors when they need them.
It starts with helping health plans, provider groups, health care systems and health start up companies get high quality data.
They build tools to bring trust, confidence, and transparency to the process of finding a doctor.
On March 26, 2018, Mississippi State Department of Health submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Jackson, MS, the Mississippi State Department of Health’s email breach affected 30799 individuals’ protected health information.
Mississippi State Department of Health is classified as a Healthcare Provider.
According to Mississippi State Department of Health press release:
Health information, including names, date of birth, Social Security number, or lab results, were released Jan. 25 to J Michael Consulting, a contractor for the Centers for Disease Control and Prevention.
“This could have resulted in an unauthorized disclosure, since the information was not meant to be shared,” MSDH officials said in a news release.
MSDH officials became aware Jan. 30 that an employee “unknowingly” emailed an Excel spreadsheet containing patients’ protected health information.
“Each person who mistakenly received the spreadsheet said they deleted all traces of the email from their inbox and did not share the email or what was in it. It is unlikely that the personal information was viewed by anyone,” MSDH officials added. “However, because this email was sent unprotected, there is a possibility that it was seen by someone who could misuse it. MSDH has taken steps to increase security and lessen any harm that could be caused to any individual patient.”
Officials ask that anyone who was treated at the Mississippi State Department of Health, or any of its clinics, in 2017 and is concerned about possible unauthorized disclosure of information contact Nicole Litton or Christin Williams at 601-576-7874.
The Mississippi State Department of Health will offer free credit monitoring protection for one year, for clients whose information was included in the spreadsheet.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.