Live Chat | Login | Blog | Careers

emPower eLearning: January 2010

emPower eLearning

Tuesday, January 26, 2010

HIPAA Security Standard: Selecting the Right E-mail Service.

Internet has taken a center stage in fulfilling the communication needs of the people. The speed, ease and wide reach it provides, makes it the most favored media for communication. An email is a great communication tool of the internet and is widely used by people to communicate with their doctors or medical insurers. To make this exchange of information on the net, safe and secure, it is necessary to follow HIPAA security standard while selecting the right email service.

The prime objective is to select the email service that safely carries the health information of the patient through the net. A safe transit and storage is a basic requirement of the HIPAA security standard. There are some essential features that an email service should have and they are:

  • The email service should meet or exceed the HIPAA standards
  • It should have the ability to encrypt and decrypt the health data transmitted. This feature protects the confidential health information from unauthorized access as it passes through the public network. During the transit through net the emails are stored on server and the chances of unwanted intercept increase considerably. To counter this threat it is necessary to encrypt the message before transmitting it.
  • The service should provide a secure back up plan to safely recover the data in case of a natural or manmade calamity.
  • Provide unlimited document or email transfer and at same time protect the data integrity.
  • It should have an inbuilt security feature that automatically logs off the system after some time of inactivity.
  • Personal or entity authentication is required as it confirms the identity of the person or the entity that access the personal health information, an important requirement of HIPAA security standard.
  • The software used should be user friendly and there should be no third party involved in any form. The email service should have security provisions that inhibit unauthorized exchange of information with the third party.
  • The service should have security feature that provides feedback to the auditors about the time, place and IP nos through which the protected health information had been accessed. This helps the auditor to keep track of the health information and ensure that it is accessed only, by authorized people and the safety of information has not been compromised at any stage of storage or transmission.
  • Assign unique tracking number or username that is protected by strong password to control the access of the patient health information in a safe and secure manner.

The main objective of adopting HIPAA security standard while selecting an email service, is to protect the patient health information. This prevents patient identity theft and saves the State and people from financial losses incurred due to insurance frauds.

E-mail security ensures safe exchange of patient health information through public network.

Jason Gaya

Read more on computer network security at, www.empowerbpo.com


Saturday, January 16, 2010

HIPAA Compliance: Using Encryption for Safe and Secure Management of Patient Health information.

The rapid rise in use of computer networks to process, store and exchange the patient health information has made it easy for the health providers to speed up and improve the quality standards of their services. The seamless connectivity that internet provides, makes it easy for patients to access their medical information and process it as per, their own convenience, without wasting their precious time.

But there are risks associated with this form of electronic exchange of protected health information. Once the information is transmitted out of the private domain like a laboratory, hospital, clinic, insurance provider, billing service and patient network, into public network, it becomes vulnerable to theft and unauthorized intercept.

To protect the loss of crucial patient health data it is necessary to adopt the right encryption procedure before the sensitive data is sent out to the receiver, through the public network. The purpose of encryption is assure the sender that he or she is sending the information to the receiver in foolproof manner and the information safely reaches the receiver without getting intercepted during its journey.

To achieve HIPAA compliance it is necessary to maintain complete secrecy of the information whether it stored, processed or exchanged between two or more, different health entities. Any lapse can invite strict regulatory fines and convictions. Hence it necessary to protect the information as it travels through the internet between the sender and the receiver, by adopting the right encryption procedure. This can be done by adopting the Secure Socket Layer(SSL) technology that uses both, symmetric and asymmetric forms of encryption.

The patient health information is ciphered into a meaningless or senseless statement, which is of no use to any body who steals it. This is again converted back into original form by the receiver with the help of a secret key that has been provided by the sender. In this way the information routed is safe and secure, and there is no possibility of identity theft, which is in line with HIPAA compliance.

Enryption ensures safe passage of confindential patient health information through public network.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Labels: ,

Tuesday, January 12, 2010

OSHA Compliance- Protects Workers from Mesothelioma

Asbestosis or Mesothelioma is a highly dangerous disease that causes cancerous growth in the lungs of the victims who are exposed to asbestos dust. Asbestos has some good properties, like hardness and heat resistance, which makes it very useful for automotive, insulation and construction industry. But at same time it is highly hazardous to human life because of the fine fibrous strands, which can easily find their way into the human body, through nose and mouth. The fine dust settles into the lung cavity and slowly gives rise to lung cancer, known as mesothelioma that has very high morality rates.
Exposure Classification
To fight this growing malaise, the Department of Labor enforces strict OSHA compliance norms, which regulate the workers who work in industries that use asbestos. OSHA classifies the exposure levels in four broad categories, depending upon the degree of exposure and they are:

  • Class I- This is the most hazardous class of asbestos exposure and is meant for workers who work on removing insulations and asbestos that is sprayed on the surface.

  • Class II- This is meant for workers who remove asbestos floor tiles and ceilings.

  • Class III- Regulates repair and maintenance crew, who work with asbestos related products.

  • Class IV- Regulates workers who clear asbestos waste and debris.

Safety Regulations:
OSHA has framed safety regulations to protect the workers from asbestos exposure. The aim is to reduce or eliminate the health hazards that asbestos inhalation poses to human life. Some important rules that need to be followed o achieve the OSHA compliance in asbestos protection, are mentioned below:

  • The permissible asbestos exposure limit should not be more that 0.1 air-borne asbestos fiber per cubic centimeter, in an 8- hour shift.

  • Protective clothing and mask should be provided to workers to protect them from lethal effects of asbestos exposure. OSHA approved High Efficiency Particulate AIR (HEPA) filter should be used because it can trap 99.97 percent of particles of 0.3 micrometer diameter particle.

  • Vacuum should be used to clean up the asbestos dust and use of compressed air is prohibited.

  • A licensed contractor should be hired to clean up the asbestos contaminated areas because this will reduce risk of contamination, considerably.

  • The employer should educate the workers on the risks of exposure and train them on how to work in a safe and secure manner.

  • Contaminated areas should be clearly marked with warning signs so that workers are aware of the danger zones in the facility.

  • Special decontamination areas in the facility should be set up so that workers can safely remove the contaminated clothing and safety gears without inhaling the dust.

  • The contaminated belongings of the workers should be safely disposed off in a safe container, marked with asbestos hazard warning.

  • Thorough medical examination of the workers is necessary and all the records should be kept by the employer for thirty years as Mesothelioma take many years to show its symptoms in the victims.

The objective of the OSHA is to create awareness about asbestosis and train workers, and employers to adopt safety standards that minimize or eliminate exposure to this disease. Proper OSHA compliance ensures protection from exposure to the carcinogenic asbestos fiber.
OSHA compliance protects workers from Mesothelioma.

Jason Gaya

Read more on OSHA norms at,http://www.empowerbpo.com/


Saturday, January 9, 2010

HIPAA Security Compliance: Protects Confidential Patient Health Information

The stringent HIPAA security compliance norms make it mandatory for the all the entities like hospitals, insurance providers, payers, billing services, insurance plans and medical personnel to strictly adhere to the laws relating to the safe transfer and storage of confidential patient health information. To achieve HIPAA security compliance it is necessary to implement few steps that have been categorized below:
Establish Physical Safeguards:
Computer networks play a crucial role in processing, storage and exchange of health records of patients between different health care entities. The physical access to crucial information can be safely managed by following these steps:
  • Creating and implementing a policy that authorizes only limited and trusted people to access the confidential patient health data.

  • Installing workstations and computers in safe areas of the facility, which is accessed by authorized personnel. Devices like computers, fax, printers and copiers should be placed in such a manner so that unwanted people view data inside them.

  • All the computer programs should be protected by passwords and user ids to prevent, unauthorized access. The passwords should be securely managed so that unwanted people cannot access them.

  • A security system should be in place so that it manages passwords efficiently and guarantees the safety of patient health information when the staff members change positions or somebody leaves the organization.

  • All the storage devices, backup tapes and computer equipment should be accounted for by maintaining a proper log book that keeps track on them.

  • All paper documents that contain critical information, but not needed in the office should be shredded so that no body else can lay hand on it.

Enhance Computer Network Security
It is necessary to maintain a proper record of the hardware and software employed in the facility, and understand their role in processing the patient health information, safely. Risk analysis should be done by creating a flow diagram of the work process so that loopholes in the system can be identified and removed. The computer network should be protected from virus attack or hacking by adopting some security measures mentioned below:
  • Appropriate gateway security with capacity to deeply inspect the web content and filter out unwanted elements like debilitating software and virus should be, placed.

  • Anti virus solutions, digital signatures, firewalls should be in place to negate any debilitating online threat.

  • Proper encryption procedure should be followed, while sending out crucial health data from the organization network to the public network. The information should be strongly encrypted to protect it from unauthorized access or intercept.

  • The network security system should continuously monitor the network for any suspicious activity that indicates an unexplained deviation from the standard procedure and raise an alarm.

Educate Staff on HIPAA Security Compliance
A well trained staff forms the backbone of the successful organization. It is of utmost importance for an organization to increase the awareness about the importance of safe handling the patient health information. It protects the healthcare facility from lawsuits due to non compliance of HIPAA norms by an employee or employees. The organization should:
  • Provide staff access to HIPAA compliant training courses and seminars to increase awareness about importance of compliance norms.

  • Provide training in password management and virus protection.

  • Train on how to efficiently maintain logs and audits.

  • Carry out periodic review of employees' HIPAA security compliance and update their training to hone their skills in managing safely, the patient health information.

  • Provide training on operating the backup system as per contingency plan in case of natural or manmade disaster with the aim to protect the health data and keep crucial operations running.

Hence for an organization to achieve the requisite HIPAA security compliance, it is necessary to integrate smoothly the software, hardware and personnel so all of them work in a cohesive manner, ably guided by an administration that continuously monitors, provides feedback and places safeguards to ensure safe handling of the crucial health information of the patient.

HIPAA security compliance ensures protection of patient health information.

Jason Gaya

Read more on HIPAA security compliance at,www.empowerbpo.com


Tuesday, January 5, 2010

Enhancing Computer Network Security to Achieve HIPAA Compliance

Secure Computer networks are intrinsic part of the HIPAA strategy to completely convert the national patent health records into an electronic format that can be easily exchanged between different agencies like health care providers, insurance providers, and administrators. As a result the health care organizations can manage documentation process efficiently in minimal time and provide better service to the patients. But the present day computer system is prone to hacking and virus attacks, which steal or destroy the crucial data. To protect the patient health information there are network security rules that need to be followed so that the organization is able to achieve HIPAA compliance.
There are two main sections of HIPAA that relate to computer network security and
they are:

Administrative Safeguards:

To achieve HIPAA compliance, it necessary for the provider to identify, guard and report against malicious software program in the system. The infected email carry with them worms, virus and Trojans and there should be a security system in place that checks for such unwanted entry. To manage the computer networks smoothly, it is necessary to maintain a vigil by installing special safeguards mentioned below:
  • Gateway and desktop anti–virus products should be used.

  • The security gateway should be able carry out, deep-packet-penetration, inspection and provide appropriate web filtering capabilities to the network.

  • Signature files that update at every 30 minutes should be used, as they are best form of defense against the fast moving worms.

  • All the security services and subsystem should be proactive with IPS (Intrusion Protection System) instead of IDS (Intrusion Detection System). This is necessary to protect the network from being infected with virus.

  • The installed firewall should provide protection from the top 50 Dos and DDos well known attacks and at same time maintain a proper record of them.

Security Safeguards:

For a computer network to attain HIPAA compliance it is necessary for the organization to frame security policy that make it mandatory for only the authorized personnel or software programs to have the access rights to protected health information.
  • The security device should support native form of authentication. For web related applications, Transparent Authentication should be used so that a same user who moves to different secure applications does not have to sign-in, his or her, username and password, every time he or she makes a jump.

  • The security system should support email content filtration process with keywords and regular expression string features.

  • To prevent, unauthorized access or intercept, of the patient health information when it on journey between sender and receiver, proper encryption techniques should be used. The transport of the PHI to public network should be done in strong encryption mode and received by authenticated users, who should have the requisite deciphering codes.

  • The security system should continuously monitor for any unwanted or suspicious deviation from the standard procedure and report anomalous activity immediately to IT manager.

  • Special security features like email content filtering application and digital signatures should be added in the system to prohibit dispatch of safe data to unverified receivers.

In the end it is necessary for all the entities that are involved in health care system like, health service providers, insurance companies, transcription service providers, payers, labs, internet service providers, hospitals and billing services to build a chain of trust so that any patient health information routed between them is kept high confidential. This can be done through a network of computer systems that strictly adhere to HIPAA compliance norms to facilitate a safe and secure transmission of confidential health information on public network.
A highly secure computer network is essential for exchange and storage of patient health information as per HIPAA norms.

Read more on HIPAA compliance at,www.empowerbpo.com


Saturday, January 2, 2010

JCAHO- Ensuring Highest Patient Safety Standards

JCAHO stands for Joint Commission for Accreditation of Healthcare Organizations and is a non-profit and non government organization that provides accreditation to hospitals and healthcare organizations. The commission has health care surveyors who visit hospital and healthcare facilities to check for the compliance of healthcare norms that have been framed by the Joint Commission.

Patient safety is one of the priorities of the Joint commission and it has framed safety policies for the hospitals and healthcare facilities so that deaths due human error are completely eliminated. Keeping in mind the safety of the patients undergoing treatment at various facilities, JCAHO has set standards that must be implemented by the hospitals. The organization at the same time evaluates its own standards with the aim to make them even better by setting up higher goals. The purpose is to maintain high level patient care and remove the existing deficiencies in the healthcare system. To do this effectively Joint commission adopts following policies:

Reporting Sentinel Events:

The term, Sentinel event, is used for an unexpected event like death or loss of limb or function due to some unattended risk in the healthcare premises. It is mandatory for the healthcare facilities and the hospitals to report such events so that root cause analysis of the event can be done with aim to know the true reasons behind it. Appropriate counter measures can be taken to prevent the reoccurrence in the future. To spread the awareness about the sentinel events the Joint Commission performs following duties

  • Provides aggregate data and analysis of sentinel events on the website.

  • It provides information on the errors and their frequency.

  • Sheds light on the outcomes and the methods of review.

National Patient Safety Goals:

The organization every year reviews the safety requirement of the patients so that they can be provided the treatment in safe environment without exposing them to the risks, associated with the treatment process and healthcare premises. While creating the goals for the coming year some of the existing goals are dropped and replaced with new emerging priorities. This approach provides flexibility to find effective solutions for the emerging patient safety problems. For the year 2010 the new set of goals are:

  • Ambulatory Health care

  • Behavioral Health Care

  • Critical Access Hospital

  • Home Care

  • Hospital

  • Laboratory

  • Long term care

  • Office- based surgery

Creating an Environment of Care:
JCAHO patient care initiative make is necessary for the hospital to implement a caring environment for the patient by establishing proper communication procedures to prevent adverse effects on the health care workers, patients and visitors. The implementation of a proper, information collection and evaluation system makes it easy to avoid adverse and unexpected events like patient fall or other injuries during intervention and improvement phase of the treatment.
Recommending Risk Reduction Strategies:
The Joint Commission recommends certain risk reduction strategies to the health care facilities. It is not necessary to follow them completely; rather they should analyze which of the practices are most suitable for their organization and adopt those. Below are the mostly likely risk reduction steps that are recommended by JCAHO and also reflect in the sentinel alerts on the website.
  • Eliminating wrong- site surgery.

  • Manage high alert medications.

  • Eliminate use of usage and inappropriate patient restraints.

  • Eliminate intravenous infusion pump errors.

  • Reduce risks of fatal falls.

  • Reduce risks of adverse transfusion events.

  • Reduce pre/post operative complications.

  • Reduce inpatient suicide.

  • Reduce infant abduction.

Thus JCAHO strives to improve the patient safety during the treatment by initiating guidelines to hospitals on the safe practices that they should adopt and reviews their working on timely basis. Once the compliance is confirmed, the Joint Commission issues the accreditation certificate to the concerned health care facility.
JCAHO strives to create a safe environment for patients in hospitals.

Jason Gaya

Read more on JCAHO,at www.empowerbpo.com

Labels: ,

E-learning- Delivering Knowledge beyond Barriers of Time and Distance

In the present times internet plays a significant role in daily lives of people. The global reach it provides to the users has made it possible to educate people living far and wide. This has made it feasible to provide e-learning to people in a very cost-effective manner. The students are no longer at a disadvantage due to time and distance. The web world has made is possible for students to override these drawbacks easily and connect with instructors electronically.

The online learning is a highly flexible process that can be divided into four broad categories. They are:
  • Individualized online
  • Individualized offline
  • Synchronous group based
  • Asynchronous group based
The individual or group of people can easily pace their learning process according to their own convenience as it gives them flexibility of time and place. They can easily fit into their distance learning schedule in their daily lives. This is an internet or intranet based, mode of education and provides many advantages that are mentioned below.

  • E-learning cuts cost and time.
  • It provides a vast customer base on a global level.
  • It provides a common delivery platform for the same content that is presented to different people in a same way.
  • The content is highly accurate as it is updated on a regular basis. This feature also helps in quick distribution of new information to all people.
  • As more and more people are using web, distance education is becoming highly acceptable mode of education, today.
  • It helps the student to gauge his or her progress, maintain a record of what is achieved and carry out self analysis of knowledge gained.
E-learning is a boon to the students has it allows them to overcome the barriers of time and distance, easily. Educational institutions can also reach wide audience without spending on and maintaining costly infrastructure. In the end online learning is beneficial to both providers and receivers.

E-Learning helps instructors to train people online beyond different time zones and geographic boundaries.

Jason Gaya,

Read more on E-learning courses at,http://www.empowerbpo.com/

Labels: , ,