Category: Quadax News

Discover the latest news and announcements from Quadax, including company updates, industry events, and thought leadership.

Thwart Cyber Threats – Employee Security Awareness & Training

Posted on

Healthcare is under cyber attack. As one of the top five most targeted industry sectors, healthcare organizations are finding that it is often an organization’s own employees who open the door to theft, malware, ransomware, and a host of other security issues. Enterprise-wide cybersecurity awareness training can strengthen your frontline defense.

The best defense is a good offense.

Employee security awareness has been cited as the source of greatest concern regarding threat exposure. The 2017 HIMSS Cybersecurity Survey found that 87% of respondents conduct security awareness training classes for their staff at least once a year. What is your organization’s security strategy and does it include employee security awareness and training?

Risk prevention starts with an informed workforce.

HIPAA’s Security Rule requires covered entities and business associates to “implement a security awareness and training program for all members of its workforce (including management)”. In the OCR July 2017 Cyber Awareness Newsletter, the U.S. Department of Health and Human Services (HHS) provides further guidance and interpretation on this topic. When structuring your employee security awareness strategy, consider a multi-communication approach—training, updates, and alerts.

  • Regularly scheduled training
    Educate workforce members on your security policies, practices, and protocols. As new cyber threats are identified, be sure your educational strategy is flexible enough to keep materials current and up-to-date. Select an annual, semi-annual, or quarterly training program based on the security needs of your organization as determined by your risks analyses. Given the size of your organization, computer-based training may provide the most flexible format and allow for online scoring techniques that can document ongoing enterprise-wide participation and level of engagement. Make sure all new hires receive security training as part of their initial onboarding.

 

  • Periodic security news updates
    Issue periodic security updates and reminders. For many companies, a monthly newsletter is emailed to all employees providing timely, relevant content about new, emerging threats and how employees should respond to them. Frequency and content is based on the security needs of your organization as determined by your risks analyses.

 

  • Immediate security alerts
    Quickly communicate immediate security threats to employees. Predetermine the alert messaging format and channel of distribution. Consider the security needs of your organization as determined by your risks analyses.

 

Your organization is as secure as your employees (and vendors) are aware. That is why at Quadax we engage in on-going, enterprise-wide security awareness training for all-employees, coupled with monthly security news updates and timely alerts. We make employee awareness and training an integral part of our security strategy.

For more information on cybersecurity, check out the 15th Annual Information Security Summit located in Cleveland, OH at the Cleveland I-X Center. Quadax Senior Manager, Information Security, Patrick Duffy, will be presenting Security Awareness Training for the Reluctant Many on Friday, November 3, 2017. If attending the Summit, add Patrick’s session to your agenda to learn more about security awareness training for your employees.

Business Continuity for Your Revenue Cycle – Are You Prepared?

Posted on

Witnessing the aftermath of Hurricane Harvey, businesses are reminded that disaster can strike at any time. Being prepared is critical. For healthcare organizations, the rigors of contingency planning are on-going. Whether a catastrophic event or a localized outage, an interruption in your organization’s operations can be costly, compromising performance, productivity, and cash flow.

Achieving a state of preparedness, business continuity planning considers contingencies to create the options and ensure their reliable availability during and after an event. Effective healthcare IT business continuity planning protects against the inability to access critical data, an interruption in communications, or technology downtime due to an infrastructure failure. Consider all possible risks—natural disaster, power outage, hardware or network failure—analyzing the likelihood of occurrence and its impact on your operations. Determine, document, and regularly test your mitigation strategy and recovery procedures.

To help you get started, The Office of the National Coordinator for Health Information Technology has published the Safety Assurance Factors for EHR Resilience (SAFER) guide complete with self-assessment contingency planning checklists, recommended practice worksheets, and additional resources and references.

Business continuity planning in healthcare is more than just good business, it’s the law. Mandatory under the Health Insurance Portability and Accountability Act (HIPAA), The Department of Health and Human Services (HHS) requires that organizations have a “comprehensive testing and monitoring strategy in place to prevent and manage downtime events.” This mandate, as part of HIPAA’s Security Rule, requires technology and protocols to back up data, be able to rapidly restore data and continue operating in “emergency mode” after an event. For more information, visit Summary of the HIPAA Security Rule and Guidance on Risk Analysis on the HHS website.

When developing and testing your business continuity plan, be sure to assess the preparedness of your service and software vendors, including RCM systems and support in your assessment. Your cash flow is critical to your organization and should not be overlooked.

At Quadax, we are committed to security, privacy and compliance; investing heavily to protect our clients’ data as well as our own, with infrastructure designed for optimal business continuity, risk mitigation, disaster recovery, and HIPAA and HITECH compliance. With robust data centers, we have the redundancy to supply our clients a high level of uptime. To further enhance our effectiveness, Quadax recently installed a 500-kilowatt, 850-gallon diesel-powered generator at our main office. The generator, capable of supplying full power to maintain 100% of our operations at Quadax’s main office, provides our staff with reliable uptime so they can deliver dependable service and support to our clients. Learn more about RCM solutions powered by Quadax.