by Felicien | Jan 28, 2019 | Education
2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?
Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.
2018 Review of OCR Settlements
Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.
Fresenius Medical Care North America. $3,500,000 – Settlement. Risk analysis failure. Impermissible disclosure of ePHI. No policies covering electronic devices. Insufficient encryption; inadequate security policies; inadequate physical safeguards.
Filefax, Inc. $100,000 – Settlement. Unauthorized disclosure of PHI.
University of Texas MD Anderson Cancer Center. $4,348,000 – Civil monetary penalty. Impermissible disclosure of ePHI. No Encryption.
Massachusetts General Hospital. $515,000 – Settlement. Filming patients without consent.
Brigham and Women’s Hospital. $384,000 – Settlement. Filming patients without consent.
Boston Medical Center. $100,000 – Settlement. Filming patients without consent.
Anthem Inc. $16,000,000 – Settlement. Risk analysis failures. Inadequate review of system activity. Failure to respond to an identified breach. Lacking technical controls to thwart unlawful ePHI access.
Allergy Associates of Hartford. $125,000 – Settlement. PHI disclosure to a journalist. No sanctions against an employee.
Advanced Care Hospitalists. $500,000 – Settlement. Unauthorized PHI disclosure. No BAA (business associate agreement). Deficient security measures. No HIPAA fulfillment efforts before April 1, 2014.
Pagosa Springs Medical Center. $111,400 – Settlement. Failure to end employee access. No Business Associate Agreement (BAA).
Don’t forget about your State’s Attorney General’s Office
Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.
State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.
Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.
The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.
Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.
Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.
Business associate agreement. Ensure that BAA agreements with outside vendors are properly executed and that the vendor owner (or their authorized agent) knows of this agreement.
Terminated employees. Have a written policy regarding terminated employees so that their access to confidential patient information is terminated immediately. Your HR department and IT services vendor should work in unison to change passwords/deny access as soon as the employee leaves or is terminated.
Filming patients without consent. Don’t be lured into a major HIPAA violation by television and documentary filmmakers. While upper management and the CEO may feel that being featured in a TV series will bring prestige and goodwill to the facility, patients don’t feel that way and are protected by HIPAA.
Healthcare entities must be proactive in protecting data. Seemingly simple violations like insufficient encryption, no response to a breach or not providing HIPAA training to employees are not a viable excuse to OCR or state attorney generals.
Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.
by Felicien | Jan 28, 2019 | Education
Accidentally deleting a file or folder was once something that could ruin your entire day, week, or month even — maybe even your career. All that work put into it. Countless hours put into it. And then: gone. Fortunately for those of you using Microsoft OneDrive for professional, personal, or academic reasons, there may be a way to retrieve and restore files or folders that were deleted. The same is true if your files or folders were overwritten, corrupted, or infected by a virus or malware. Depending on your subscription, you may have two methods to recover files: (1) restore files from the Settings page; or (2) restore files from the Recycling bin.
Files or Folders Recovered Using Settings
From your OneDrive website, you will want to follow the next steps in order.
Select Settings, which is the gear symbol in the upper right corner of the page — usually between the bell indicating notifications and the question mark for help.
From the Settings sidebar, scroll down until you see Restore your OneDrive.
The Restore your OneDrive page will open. Under Select a date, use the dropdown menu to select your option: (1) One week ago; (2) Three weeks ago; or (3) Custom date and time. If you choose Custom date and time, you will be provided with a chart. Simply slide the bar to indicate the days.
Click the Restore button.
All your files and documents from that time period will be restored.
If this option does not seem to work, there is another way to recover deleted files or folders.
Files or Folders Recovered Using the Recycling Bin
From your OneDrive website, follow these steps.
In the navigation pane, select Recycle bin.
The Recycle bin will generate a list of files and folders. If you use a work account, you have only one option for file recovery, but if you use a personal account for work, you have two options.
For work and personal accounts, simply select the circle checkbox to the left of each entry you want to restore. When you select the circle check box, the header will change. Once all entries are selected, click on the Restore button in the new header.
For personal accounts, you can also restore all items at once by clicking on the Restore all items button in the original header.
Things to Consider about Recovery of Files or Folders
Keep in mind that you can only recover files or folders in the Recycle bin so long as the files or folders have not been permanently deleted. Typically, files only live in the Recycle bin for 30 days for personal accounts or 93 days for business accounts — unless the administrator for business accounts changed the setting for a shorter or longer period. Once the time limit is reached, the files are automatically deleted. Files can also be automatically deleted within three days if the Recycle bin is full, at which time the oldest items are deleted first.
It is also important to note that if you want to restore a file to a specific version, File Restore cannot do so if version history was turned off. It is a good idea to always keep version history on while you work.
In summary, when using OneDrive, you have the potential to restore a file or folder that has been accidentally (or in some cases, intentionally) lost. The key is knowing the functions of your Microsoft subscription. Need more tech tips? Return to this blog. New tips for your OneDrive subscriptions and other tech needs are posted regularly.
by Felicien | Jan 25, 2019 | Education
In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.
The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.
All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.
While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.
What Laws Are on the Books About Cybersecurity?
In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:
Appropriations
Computer crime
Election security
Energy and critical infrastructure security
Government and private-sector security practices
Incident response remediation
Workforce training
For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.
For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.
While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:
Half the states have laws addressing denial-of-service attacks.
Just five states explicitly cite ransomware in statutes.
Phishing laws are in place in 23 states and Guam.
Twenty states, Guam and Puerto Rico have laws regarding spyware.
While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.
What States Have Strong Data Privacy Laws?
Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:
Arkansas. Parental consent is required before student information can be shared with government agencies.
California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
Illinois. The state is the only one to protect biometric data.
Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.
What States Have Weak Data Security Laws?
Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:
Alabama. There are no laws on the books that protect the online privacy of K-12 students.
Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
South Dakota. Companies can retain personal information on employees indefinitely.
Wyoming. Employers can force employees to hand over passwords to social media accounts.
How Long Does a Company Need to Retain Personal Identifying Information?
Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.
Of those 35 states:
Only 14 require both businesses and government agencies to destroy or dispose of data.
Virginia requires government agencies only but excludes businesses.
Nineteen states do not require government agencies to dispose of or destroy personal information.
Where Is the Federal Government in Cybersecurity?
The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.
Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.
For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.
Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.
The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.
by Felicien | Jan 24, 2019 | Education
Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.
What is the Current Status of Windows 7?
Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7. Why would they stay with an outdated system? Here’s what Windows 7 offers:
A straightforward interface that is well-designed and laid out;
A start menu that combines the old with the new;
A clutter-free and clean look that is familiar to you;
Thumbnail previews that allow you to automatically open an item;
Jump lists that allow you to quickly access files or documents you frequently use;
Performance that allows the system to boot up comparatively quickly;
A new calculator to convert units, figure out fuel economy, etc.;
A new WordPad that offers more formatting features; and — among many other features —
Upgraded and improved media player and center.
These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment. In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.
Why is Microsoft ending support for Windows 7?
There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.
Windows 7 Lifecycle
October 22, 2009
Date of general availability for:
Windows 7 Professional
Home Basic
Home Premium
Ultimate
October 31, 2013
Retail software end of sales for:
Windows 7 Professional
Home Basic
Home Premium
Ultimate
October 31, 2014
End of sales for PCs with Windows preinstalled with:
Home Basic
Home Premium
Ultimate
October 31, 2016
End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015
End of mainstream support for Windows 7
January 14, 2020
End of extended support for Windows 7
As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.
What will happen after extended support for Windows 7 expires on January 14, 2020?
Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.
Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.
Who will be affected by Microsoft’s decision to end support for Windows 7?
It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.
In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.
What are your options after Microsoft Windows 7 support expires?
If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:
Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.
What does Windows 10 offer you?
Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:
The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.
That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:
Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.
How to determine what you should do about your Windows 7 come January 14, 2020?
If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:
Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?
If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.
So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.
But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.
by Felicien | Jan 24, 2019 | Education
Do you regularly send sensitive documents via email? If so, you are probably careful to double check that you have included the right recipient; you might even go one step further by adding a read receipt to the email. The next step that you could take when sending sensitive documents via email, is to use an encrypted email. However, if you truly want to protect sensitive documents that contain either personal or business assets, then you should consider the benefits of using Microsoft Word’s latest password protection feature.
Protect The Documents You Need To
The beauty of Microsoft Word’s password protection feature is that you can use it to protect the documents you need to. In other words, you don’t have to password protect the memo about days off or the daily office joke that brings a bit of cheer in the morning. Instead, you can pick and choose what documents you protect with a password. In this vein, it should go without saying that you need to send the password via a secure measure. In other words, it doesn’t do you any good to protect a document and then simply send the password via the same email as the document. Additionally, remember that passwords are case-sensitive and cannot be easily recovered if they are lost. With these tips in mind, there are three simply steps that you can take to add a password to any Microsoft Word document that contains sensitive information.
3 Steps To Add A Password To Microsoft Word Documents
To add a password to a Microsoft Word document you will need to complete the following three steps in order.
Select the File tab and scroll down to Info.
Once you have selected Info, click on the Protect Document button. You will then select the Encrypt with Password option, which can be found from the drop-down menu.
Click Encrypt It and type in the password that you want to use for the document. Keep in mind that each password will be case-sensitive, unique, and cannot be easily recovered if it is accidentally forgotten. Once you have selected the password that you want to use, click OK.
Through the above three easy to implement steps your Microsoft Word document will be securely locked behind your carefully chosen password. It is important to note that this process can be completed in Microsoft Office 365 and Microsoft Word 2016. Finally, you can always remove the password by simply following the above three steps and their prompts. Whether you need to protect your personal or business files, the Microsoft Word password protection feature is an easy way to bolster security as you write, edit, and send sensitive documents.
