TrueVault Launches Complete Backend Solution for HIPAA Compliance

Everyone who handles protected health information (PHI) must be HIPAA compliant by Monday, September 23rd. TrueVault’s beta launch on Wednesday, September 18th, provides a complete backend solution for HIPAA compliance. This launch is good news for ecommerce sites that collect PHI, makers of wearable health tech devices, and healthcare app developers struggling with HIPAA compliance requirements.

TrueVault can help existing healthcare sites and apps become HIPAA compliant without going through a costly rebuild of their technology stack.

See the full story at PRWeb.com

Privacy, Pharmacy Groups at Odds Over Refill Reminder Funding Rule

Should drugmakers and other third parties be able to fund refill reminder programs?  The World Privacy Forum — a privacy rights group — doesn’t think so and is is challenging an effort by the Specialty Pharmacy Association of America (SPAARx) to convince HHS to change a privacy rule that would limit funding for prescription refill reminder programs, Modern Healthcare reports.

The battle between privacy advocates and the pharmaceutical industry highlights the debate over the use of data in patients’ health records without patient consent (Conn, Modern Healthcare, 8/16).

Read more of this story at IHealthbeat.org and find out which major drug store chain has said that it would no longer offer refill reminder programs that are funded by the pharmaceutical industry.

 

Highmark Partners with Navigenics for a New Generation of Personalized Wellness Powered by Genetic Knowledge

April 14, 2011 | Foster City, Calif., and Pittsburgh, Pa. — A new generation of personalized wellness powered by genetic knowledge will be offered to Highmark members and individuals through a partnership between Highmark and Navigenics, the two companies announced today. The first partnership of its kind in the nation between Highmark, one of the country’s largest Blue Cross and Blue Shield plans, and Navigenics, a pioneer in the application of genetic knowledge to improve individual health, aims to apply an integrated approach to health and wellness that is personalized for individuals based upon their genetic risks.

“If we can help our members understand their specific, individual genetic risk factors together with personal health factors such as family history and lifestyle, then we can help them take the right steps to stay healthy and well,” said Steven Nelson, senior vice president of health services strategy, product and marketing at Highmark. “Our hope is that individuals use this program as a preventive, proactive health planning tool to understand their risks and then change their lifestyle or take the necessary medical steps with their doctor to prevent long-term disease.”

Better health lies in delaying or preventing conditions before they develop. The Navigenics program identifies the genetic risk factors of an individual — through DNA analysis using a saliva sample — for health conditions such as cancers, cardiac diseases and Type 2 diabetes. The service also includes a panel on pharmaceutical responses, which reviews 12 medications for potential side effects or dosing considerations. Examples include Plavix, Warfarin and statin medications.

Navigenics selects only health conditions where genetic insight can guide an individual to an informed plan of action. Results are coupled with access to a board-certified genetic counselor, the ability to coordinate with personal physicians and the tools and resources to understand steps to address the identified health risks in conjunction with an individual’s overall health profile.

Highmark will offer the personalized wellness program through its group customer relationships in order for employers to provide a personalized option of health and wellness to their employees.

“The Navigenics personalized approach is particularly meaningful to employers who strive to infuse a ‘culture of health’ across their employee population,” said Vance Vanier, M.D., president and CEO of Navigenics. “Our goal is to heighten the impact of employer-sponsored wellness and prevention programs by giving individuals unprecedented access to knowledge about their unique health risks. We know that this information can be a catalyst for healthier decisions leading to higher quality, longer lives that are free of preventable disease.”

One Highmark employer group, Pittsburgh Technical Institute, has already become a participant in the new program.

“We see this as an exciting opportunity to improve health engagement,” said Nancy Sheppard, director of human resources at the educational institution. “Our organization has a long history of supporting our employees with innovative wellness programs, and we believe that through the introduction of genetic information and a session with a genetic counselor, our employees will not only have the option to gain greater insight into their health, but will be empowered to be more engaged in prevention.”

To help support testing participants who are also Highmark members, Navigenics genetic counselors may refer participants to Highmark-specific resources such as health coaching or online lifestyle improvement programs.

“Highmark offers our members a variety of programs to help them better manage their health,” said Nelson. “From health coaches to comprehensive lifestyle improvement programs to preventive screenings, Highmark understands the value of health prevention and maintenance. Having one more piece of valuable information — your personal genetic makeup — through a personalized health program powered by genomics gives individuals even more information and power to make the right lifestyle and health choices.”

Highmark will not have access to any results of any test purchased through Navigenics. Genetic testing results are also protected under federal law. The Genetic Information Nondiscrimination Act (GINA) of 2008 protects Americans from being treated unfairly because of differences in DNA that may affect health. The law prevents DNA information from being used against individuals in health insurance or the workplace.

Also starting today, the program will be offered to individuals through an educational conversation with a trained specialist at six Highmark Direct locations in Pennsylvania.

About Navigenics
Navigenics, Inc. develops and commercializes genetics-based products and services to improve individual health and wellness. Navigenics educates and empowers individuals and their physicians by providing clinically actionable, personalized genetic insights about disease risk and medication response to catalyze behavior change and inform clinical decision-making. The company was founded by leading scientists and clinicians, and continues to advance genomic knowledge and adoption of molecular medicine through studies with leading academic centers. Navigenics’ services are available through employer wellness programs and health plans, as well as through physicians and medical centers. Among Navigenics’ investors are Kleiner Perkins Caulfield and Byers, Mohr Davidow Ventures and The Procter & Gamble Company. For more information, visit www.navigenics.com.

About Highmark Inc.
Highmark Inc., based in Pittsburgh, is an independent licensee of the Blue Cross and Blue Shield Association, an association of independent Blue Cross and Blue Shield plans. Highmark serves 4.8 million members in Pennsylvania and West Virginia through the company’s health care benefits business and is one of the largest Blue plans in the nation. Highmark has 19,500 employees across the country. For more than 70 years, Highmark’s commitment to the community has consistently been among the company’s highest priorities as it strives to positively impact the communities where we do business. For more information, visit www.highmark.com.

Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009.

SecureWorks, Inc., a global provider of information security services , reported today that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009. Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

In the Fall of 2009, SecureWorks and the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware, according to King. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim’s browser (including passwords), launch Distributed Denial of Service attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

Factors Contributing to Healthcare Attacks

SecureWorks noted that there are tow mini reasons that Heathcare entities are targeted:

1. Valuable Data Stores – Healthcare organizations often store valuabledata such as a patient’s Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.

2. Large Attack Landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

“In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” said Jon Ramsey, CTO for SecureWorks.

SecureWorks has outlined a set of information security guidelines to assist the healthcare industry in protecting their patient data from cyber attacks and other data breaches. Adopting these security measures will also assist organizations in demonstrating their adherence to the HIPAA regulations and the requirements outlined in the new Health Information Technology for Economic and Clinical Health (HITECH) Act.

About SecureWorks

SecureWorks is a market leading provider of world-class information security services with over 2,700 clients worldwide spanning North America, Latin America, Europe, the Middle East and the Pacific Rim. Organizations of all sizes, including more than ten percent of the Fortune 500, rely on SecureWorks to protect their assets, improve compliance and reduce costs. The combination of strong client service, award-winning security technology and experienced security professionals makes SecureWorks the premier provider of information security services for any organization. Positioned in the Leader’s Quadrant of Gartner’s Magic Quadrant for MSSPs, SecureWorks has also won SC Magazine’s “Best Managed Security Service” award for 2006, 2007, 2008 & 2009. www.secureworks.com

Source: SecureWorks, Inc.

Health Plans That Use Member Enrollment Data to Push Their Political Agenda Might Violate HIPAA.

HEALTH PLAN WEEK is reporting is this weeks issue that health plans could face stiff penalties under HIPAA if they use enrollment information to contact members without their permission and urge them to join grassroots advocacy campaigns or take a stance on a political issue.

As a case in point the article cites a September incident where Humana Inc. pulled 900,000 names and addresses from its Medicare Advantage database and sent those beneficiaries letters recommending that they fight against proposed significant cuts to the MA program. CMS ordered Humana to cease all such mailings, which it says violated the health insurers Medicare contract. CMS also says the letters might have violated HIPAA, and asked the HHS Office for Civil Rights (OCR) to investigate

However, Jeff Drummond, apartner Dallas-based law firm, says Humana could defend the use of its enrollment data as falling into the HIPAA exemption for operations, contending this was an effort to communicate benefits information to its members, much like describing changes in a drug formulary, he tells HPW.

For more information visit the original article here.