Uncategorized

ICD-10: Is the Risk Worth the Reward?

ICD-10: Is the Risk Worth the Reward?

The Oct. 1 compliance date for ICD-10 has come and gone, but increased scrutiny is being placed on the transition with providers still questioning whether the benefits of the switch will outweigh the costs.

Why Update?

ICD-10 was originally implemented with the goal of increased coding specificity and billing standardization.

ICD-9 coding dates back to 1979; long enough to make medical professionals believe that the system no longer reflects the needs of an advancing medical community. The switch to ICD-10 will supposedly allow physicians to apply newer and more precise billing codes that are less burdensome to healthcare professionals.

Community Impact

Despite the supposed benefits of the transition, the backlash against ICD-10 is growing. Several industry experts have complained about the viability of the new coding system. John Halamka, CIO at Beth Israel Deaconess Medical Center, noted:

“A few years from now [people] will discover that the whole idea of ICD-10 wasn’t helpful to anyone … ICD-10 was never designed to be a billing vocabulary, it’s an epidemiological vocabulary. It’s the wrong tool for the wrong purpose.”CMS-ICD-10

Harsh Dhundia, director at consulting firm Pace Harmon, echoed these sentiments by describing how the increased number of codes would lead to worsened productivity and lost revenue:

“If a doctor sees a patient … and if there isn’t enough supporting documentation, you’re going to be forced into a lower value code, so you get compensated lower.”

Losing potential revenue is a common concern for ICD-10 critics. Robert Tennant of the Medical Group Management Association commented on how the switch would create more costs for independent clinics:

“The government is not defraying any of the cost; all the costs are being borne by physician practices … you’ve got a lot of skepticism regarding the value of moving to this code set,” he said.

An incoming Transition

While new coding procedures help clinics become more efficient, many practices are vocally opposing the transition. The switch to more coding may help standardize billing across the medical field, but the growing number of detractors indicates a disconnect between the priorities of governmental organizations and private healthcare practices.

The much-touted benefits of the transition may not be addressing actual needs faced by healthcare practitioners. But time will tell the full impact of more diverse coding on the medical industry.

Dean Van Dyke iBridge LLCWritten by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterWhat Healthcare Execs Need to Know About ICD-9 to ICD-10 iBridge LLC

The Middle Ground Between Security and Patient Care

The Middle Ground Between Security and Patient Care

While the goals of strong IT security and effective HIPAA compliance are necessary for the success of every healthcare clinic, some organizations find that stringently applying these initiatives comes at a cost.

Though strong security measures protect patient information, they correlate with decreased ease of use—and as IT security and privacy become bigger priorities for healthcare clinics, physicians find that overbearing security measures are preventing them from doing their jobs.

The Middle Ground Between Security and Patient Care

Image courtesy of Zirconicusso at FreeDigitalPhotos.net

However, better security doesn’t need to come at the cost of quality patient care. The goals of increased HIPAA compliance and network safety can be addressed with the needs of the workforce in mind to create a harmonious relationship between clinical practice and security.

Building Communication

The first step of designing security protocols in the healthcare field is to understand the environment and culture of each practice. The most effective security system for patient privacy may not be the most user-friendly to those who need it—creating infrastructure problems that prevent clinicians from meeting the needs of their patients.

To prevent security from interfering with patient care, CIOs should have an open dialogue with the physicians and employees who work within the system. These first-hand accounts can help security personnel determine what areas of the user interface should be left untouched, and what areas can be improved without interruption of service.

The key to balancing daily practice and security is the shared knowledge between those who design security standards and those who work around them.

Seamless Integration

When security personnel understand the challenges and needs of those who use their system, integrating security into daily operation becomes an easier feat.

While a balance must be struck between security compliance and user access, both goals can be accomplished with creative implementation of security practices that don’t interfere with daily practice.

For example, nurses are using touch access to gain admittance to privileged information located on mobile devices. Rather than remembering security codes for regularly accessed databases of patient information, security personnel created a system where fingerprint recognition is the only verification needed. This clinician-focused security is HIPAA compliant, keeps information safe, and doesn’t disrupt the daily flow of work.

Patient care and IT security is a constant tug of war. However, with open dialogue and information exchange, neither quality of care or patient privacy needs to be sacrificed to meet the clinic’s goals.

With the prevalence of IT breaches that occur in-house, proper training of staff is essential. This includes appointing a chief information security officer to oversee IT security, preferably an employee knowing security issues in healthcare and security auditing experience.

At iBridge, security is a serious topic and we continue to learn and provide information to the industry at-large. If you have a question about HIPAA assessments, compliance requirements and other security topics, feel free to contact us or call us at 888.490.3282.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

Privacy Management: Why IT Security Training Is Essential for All Personnel

Privacy Management: Why IT Security Training Is Essential for All Personnel

The lack of effective IT security in the healthcare field is the primary cause of unauthorized leaks of patient data. The “TrustScore” of healthcare providers ranks lower than any other industry, indicating a lack of faith in the reputation of healthcare-related communications. And with the number of IT-related security leaks growing constantly, the distrust is understandable.

Partners Healthcare recently announced a breach of information involving 3,300 patients that occurred in November. A phishing scam was responsible for the release of privileged patient data by trusted employees within the Partners network.

This breach highlights the weaknesses of IT and email communication in the healthcare field. Health industries have traditionally valued infrastructure that protects physical copies of patient information, but have lagged behind in electronic security practices. Though external forced breaches account for some data leaks, a more pressing concern is the internal mishandling of confidential information.Employee Training

Information Training to Prevent Self-Sabotage

Two recent breaches of patient data, including Seton Healthcare’s inadvertent data breach of nearly 39,000 patients and the aforementioned Partners Healthcare breach, both came from internal mishandling of information via email.

Both firms fell victim to phishing scams designed to gather privileged information though exploiting the employees of healthcare administrations. Without receiving the proper training of IT security practices, in-house personnel become a major liability for keeping confidential information safe. Training staff members to handle potential security leaks (such as phishing scams) is a necessary part of keeping information secure.

Security Strategies

Having IT security personnel on staff can help reduce the frequency of breaches. While proper security training is essential for all staff, IT security experts can identify potential threats to confidentiality and provide infrastructure for continual monitoring of security systems. They can also train non-IT staff in safety protocols that can prevent the loss of privileged information from internal sources.

While online security is difficult to manage for practices unfamiliar with the weaknesses of online technology, the bigger threat comes from within the organizations themselves. There is no security system in place to monitor the flow of information between healthcare employees, and a lack of staff education creates numerous opportunities for data loss. To prevent the exploitation of employees within the system, healthcare organizations must be prepared to train all staff effectively in IT security practices.

Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter-CTA1-1024x129Medical-ID-Theft-eBook-CTA-1024x444

The Role of Vendor Support in ICD Compliance

The Role of Vendor Support in ICD Compliance

The compliance date for the ICD-10 transition is October 1st, 2015, so clinicians have only a few months of preparation left before the switch to new medical coding takes effect. Clinics that have not adjusted their infrastructure to reflect these changes must rush to meet the compliance standards by the cutoff date, but including vendors in the transition can help ensure that new systems are implemented with little downtime.

Vendor Assessment

The switch to ICD-10 has implications beyond new codes for medical procedures. The shift will affect the medical equipment and systems used by hospitals and clinics, creating complications with vendors that have not accounted for the transition.

The Centers for Medicare and Medicaid Services (CMS) has provided an online Technology Vendor Assessment form created to help clinics communicate with their vendors regarding how compliant their products and services are. While the form is sent to vendors and should be returned upon completion, but clinicians have complained about the likelihood of vendor cooperation with this measure.

Source: cms.gov

Source: cms.gov

A better way to assess your vendors is to interact directly to determine how their services will be affected by the ICD-10 shift. There may be additional fees assessed by vendors for updating their products to reflect the new compatibility required by ICD-10, so it is in each clinic’s best interest to communicate with their vendors early when determining how the changing system will affect their infrastructure.

Improving Compliance

While every clinic becoming ICD-10 compliant would be ideal, the change is not practical for many clinics that cannot adapt their infrastructure due to budgetary concerns or lack of personnel. However, there are workarounds available for clinics that cannot become fully compliant in time:

  • Hire outsourced technology and billing services that are ICD-10 compliant
  • Use online software and claims filing services
  • Submit professional paper claims (CMS-1500) instead of online filing

Management of IT systems is critical in ensuring that the transition does not disrupt workflow for clinics trying to maintain their schedules. New systems and procedures must be implemented before the compliance date, which will require extensive testing for compatibility with existing software.

This can be a time-consuming process, but communication with vendors can ease the burden. With vendors adapting their services to the needs of ICD-10, the transition on the clinical side will be simpler with less downtime.

Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter-CTA1-1024x129CTA-ICD-10-eBook-1024x443

Is Mobile Technology a Benefit to the Medical Field?

Is Mobile Technology a Benefit to the Medical Field?

In theory, mobile devices can offer numerous advantages for care coordination by increasing the efficiency of communication between staff and better organization of patient data. However, reliance on mobile technology for communication can have drawbacks, meaning that clinics that consider utilizing mobile devices in their practice should carefully weigh the risks against the rewards.

Streamlining Communication

Interconnectedness is an essential factor in patient care coordination, and mobile devices excel in this department. With a centralized online medical record, all staff members can access and update patient information from any location in the hospital.

This can do wonders for efficiency when you consider the typical transit time of information by traditional methods. A typical prescription may need to travel from the physician to the nursing staff, then to the pharmacy, ending up at the billing department. While this flow on information has been limited in the past by how quickly staff could deliver it, with mobile technology, all departments can access the information instantly via handheld devices.REVDUWPH4K

Documentation

Monitoring and tracking of patient information is greatly enhanced with mobile devices. It’s difficult to monitor the flow of patient care when traditional documents and resources are handed from person to person, but mobile devices provide a platform for all communications to be logged electronically.

This offers many advantages to the practice, not all of which involve mere boosts to the organization. In a business where reliability is a top concern, digital documentation can ensure that there are records of all communications that occur for each patient. This is a big benefit to hospitals that have had information get lost in the shuffle. With easily-tracked, auditable records, clinics can ensure that all communication will be available for review if the need arises.

Using mobile devices can also provide safeguards for HIPAA and patient confidentiality, as communications will be more restricted to devices that only certified staff can access. Traditional methods of documentation can fall into the wrong hands or be viewed by unauthorized personnel, but handheld devices with built in security features guarantee that information is kept confidential.

Mobile Concerns

While there are arguments for including mobile devices in the medical field, the practice of having all staff members utilize handhelds can offer drawbacks.

Due to the private nature of mobile communication, it becomes harder to manage employee efficiency. There have been documented cases in the past of clinics that have had to sanction staff members for inappropriate communications via mobile devices, and while this problem also exists in workplaces without mobile technology, requiring all staff members to use mobile devices constantly will likely increase the frequency.

Reliance on mobile devices also creates the need for a reliable IT network, with software that is compatible across multiple platforms and employees with the knowledge to use it. While some clinics may provide devices for employees, cross-platform functionality can become an issue when staff members bring their own devices from home. Employees unfamiliar with technology may be slow to adapt to the practice, creating a steeper learning curve and more administrative errors.

Mobile technology in the medical field can provide new methods of communication and patient care coordination, though the practice may not be right for every clinic. Hospitals should assess their practices and decide whether the benefits offered by handheld device use outweigh the complication costs.

Dean Van Dyke

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter CTAMedical ID Theft eBook CTA

New Research Paper Excerpt – How Law Firms Are Affected By Cyber Threats

New Research Paper Excerpt – How Law Firms Are Affected By Cyber Threats

As corporations and governments are becoming more aware of the threat of cyber-attacks, they are taking more measures to increase the security of their sensitive data.

However, if the law firms that represent these clients do not similarly try to improve their cybersecurity, hackers will take the easy route and target the law firms to obtain the data. Eighty largest American law firms suffered a network breach in 2011.23 In 2012, Chinese hackers targeted Canadian law firms involved in the proposed takeover of the world’s largest potash producer by an Australian company to stop the takeover.24 One can easily imagine shoe designs being stolen from the patent lawyer for an apparel company or confidential emails being stolen from the defense lawyer for a white-collar criminal defendant.

Unfortunately, most law firms are woefully underprepared for defending against cyber-attacks. According to a survey by LexisNexis:

  • 77% of law firms use only a confidentiality statement
  • 22% of law firms use email encryption
  • 14% of law firms use password-protected documents
  • 13% of law firms use a secure file-sharing site
  • 4% of law firms take no measures to secure data. 25

However, the survey also revealed that 80% of law firms said a breach of privileged information would be consequential or very consequential. 26 The disconnection between the desire for security and the measures employed to provide security can be attributed to three factors: technological ignorance, a preference for simple sharing of information with clients, and a fear of substantial security costs.

25 PRWeb, “LexisNexis Survey Paints Problematic Picture of File Sharing in Law Firms,” May 28, 2014, http://www.prweb.com/releases/Law-firm/file-sharing/prweb11888131.htm (accessed August 16, 2014).
26 Id.

To read the rest of this research paper, click the download link below.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

CTA Newsletter

CTA Law Firms and Cyber Attacks eBook

Ripe for the Picking: Why Healthcare Security Needs a Partnered Approach

Ripe for the Picking: Why Healthcare Security Needs a Partnered Approach

Underestimating the threat of security and data breaches may leave patients more at peril after they’ve left the hospital than when they’re in the ICU. With the U.S. Department of Health and Human Services reporting in August that major breaches alone – that is, incidents affecting upwards of 500 people – now number nearly one thousand. That is 30.1 million Americans to date who have had their personal health information (PHI) severely compromised.

What’s being done to stop the flood of PHI being snatched, leaked or even willingly served to hackers and cybercriminals primed to do just about anything they want with it? Isn’t HIPAA privacy enough protection to prevent exactly these kinds of incidents?

Source: freedigitalphotos.net

HIPAA

It’s dangerous to underestimate the crucial importance of the HIPAA privacy law because it brought a new national awareness to the importance of protecting patient data. The legislation secured sensitive health information such as test results and to prevent unauthorized disclosures of pre-existing conditions and diagnoses. Now, patients see HIPAA-related paperwork at every office visit, at least they have investment in the privacy of their information.

For the medical community, HIPAA requires that practices and practitioners invest in reducing risk. They must think through some scary “what if” situations and create contingency plans to help reduce the impact of a breach. But is following HIPAA enough to keep PHI safe and secure?

Security Measures

It turns out just about any IT professional or security expert will say “No.” HIPAA is a good starting point, but it will not seal an already leaky dam. The onus is on hospitals and private practices to implement key security technologies designed to secure networks powered by the most personal details about every patient. Important steps include:

  • Firewalls
  • Spam and spyware protection
  • Improved sign-on requirements, including single sign-on authentication with stricter security standards
  • Encryption

In a recent article in the “New England Journal of Medicine,” the executive director of Harvard Medical School’s Center for Biomedical Informatics, Eric Perakslis, said healthcare is in the crosshairs and “is being aggressively and specifically targeted.”

The Outlook

The question of healthcare information security cannot be answered with only one tool. Taming this rather ferocious beast will require an entire platform of strategies for security success. Perhaps what will be most interesting is whether the public – the patients whose information is being so “aggressively targeted” – will rise to this challenge by demanding stronger action by both the government and industry. Without a singular commitment to this partnered approach, including both HIPAA provisions and purposed security actions, healthcare information will remain ripe for the hackers’ picking.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Debunking the Top 3 ICD-10 Myths

Debunking the Top 3 ICD-10 Myths

Despite the “stay of execution” recently granted to healthcare organizations regarding the ICD-10 conversion deadline, there’s still a fair amount of grumbling over the fact that moving from ICD-9 to ICD-10 must take place. A lot of this anti-ICD-10 logic revolves around arguments based entirely on myths and misconceptions. Here’s a look at the top three most persistent complaints and misassumptions, with the facts behind them.

1. ICD-10 Is Too Complicated

Source: rehabsoftware.com

The immediate presumption that ICD-10 will be complex because the number of codes involved will skyrocket is understandable, but ultimately inaccurate. It’s easy to forget after so many years of using ICD-9 just how vague the current codes are; there’s no differentiation between right side and left side of the body. Nearly half of the new codes are a simple designation between left and right, and the rest will offer more clarification and specificity for insurance billing and diagnostics, not more complexity.

2. We Should Just Use SNOMED CT. Or Skip Ahead to ICD-11.

First, SNOMED CT is a clinical terminology system rather than a classification system. While invaluable when implemented in software applications and in establishing a universal system with global—not just local—implications, SNOMED CT can’t do the same things that ICD-10 will help with.

The International Classification of Diseases (in any of its versions) is a system that organizes content into a standardized system of classification. This allows for a big-picture approach toward identifying and recording worldwide health trends. While ICD-10 and SNOMED CT are complementary, they’re not interchangeable.

In addition, as far as jumping directly to ICD-11 goes, the World Health Organization (WHO) predicts that it won’t be ready until 2017. As a frame of reference, WHO endorsed ICD-10 in 1990, however it was first used by WHO members in 1994. It’s taken a decade for the United States to get on board, and we still aren’t there yet. Fast-tracking ICD-11 is unrealistic.

3. ICD-9 Is Working Just Fine

Probably the most vocal complaint leveled against ICD-10 conversion—and arguably the least accurate as well—is the “if it ain’t broke, don’t fix it” mentality that everything about ICD-9 is perfectly adequate, and upgrading to ICD-10 is unnecessary. This couldn’t be further from the truth.

ICD-9 is woefully insufficient in meeting the needs of modern healthcare. Think just for a moment about how much medicine has changed, how many new diagnoses and recognized diseases there are and the tremendous technological medical advances accomplished since ICD-9 was first adopted by the U.S. in 1979. Common sense alone should tell detractors that the old classifications just aren’t applicable anymore.

ICD-9 isn’t just an older system; it’s obsolete. No amount of arguing will change this. It’s time to accept the truth about converting to ICD-10: this is a vital step healthcare organizations must take to join the rest of the 21st century and provide the best possible care for their patients.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Why Electronic Health Records Face Significant Security Risks

Why Electronic Health Records Face Significant Security Risks

The days of massive file stacks full of carefully coded health records are all but over. Today’s healthcare system is undergoing a somewhat rocky transition to more easily accessible electronic health records (EHRs) that put a wealth of patient healthcare history at physicians’ fingertips. There are so many positives to the digitalization of health records that it’s easy to get swept up in the fervor.

Beyond the significant financial investments required of individual practitioners and major healthcare systems alike, upgrading to EHRs may pose significant risks to the privacy and security of patients’ private health information. What can be done to stop the data leaks and breaches that tarnish the reputation of electronic health records?

Source: FreeDigitalPhotos.net/Stuart Miles

Counting the Costs

A recent report from POLITICO found a full identify profile of a single patient could fetch up to $500 on the black market. With medical data at a premium, individual patients face a significant risk each time practitioners enter private data into an online database. The cost for consumers goes beyond financial disaster:

  • Unlike credit card fraud or banking breaches, there’s no one-stop-shop where affected individuals can report medical identity theft.
  • What happens if your record contains falsified information about previous treatments or even a fictitious diagnosis? Just thinking about the possible real-world repercussions of such breaches is enough to raise your blood pressure.

If you think healthcare identity theft isn’t a significant issue, consider this statistic from the Identity Theft Resource Center: in 2013, the healthcare sector racked up 43.8 percent of total security breaches, outpacing the business sector by nearly 10 percent. It turns out the reason for growth in healthcare breaches is likely economic; these days even a stolen Social Security number garners only about a buck on the black market, while a full medical record fetches hundreds of times that amount.

How Is Healthcare Security Performing?

In the wake of recent data breaches at Target, Neiman Marcus and other retailers, many large companies are beefing up their data security in efforts to escape the wrath of angry consumers tipped off largely by renegade data security blogger Brian Krebs. While that’s a positive development, the same encouraging changes don’t seem to be catching traction in the healthcare industry, where profits should ideally take a backseat to patient care… and that should include care of private healthcare information security, too.

Misplaced Priorities

Perhaps it all comes down to a few misplaced priorities:

  • Healthcare providers must ramp up their privacy standards, requiring significantly increased spending on security measures.
  • Leaving EHRs vulnerable to data beaches comes at a great cost to patients, many of whom are already dealing with stressful situations such as chronic diseases like cancer.
  • The Healthcare Information and Management Systems Society (HIMSS) reports that half of survey respondents in a recent security study spent less than three percent of their overall IT budgets on healthcare information security.

This statistic points to a serious spending shortfall, leaving patient health information vulnerable to security breaches that come at great personal and security costs. In order to safely modernize U.S. healthcare, providers will need to refocus and redouble their efforts at securing patient information to keep Americans both healthy and safe from identity breaches.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

A Reminder of the Importance of Issuing a Litigation Hold Upon Receiving EEOC Notice of a Charge of Discrimination

Recently, we came across a very informative post regarding the importance of issuing a litigation hold upon receiving EEOC notice of a charge of discrimination. The post came from our friends over at Farleigh Wada Witt (FWW) in Portland, OR, and we found the content quite informative so we wanted to share it. Below is the original post by FWW.

The Western District of Washington Awards $25,000 Plus Attorney Fees in Sanctions Against an Employer for Failing to Issue a Litigation Hold and Preserve Evidence After Receipt of EEOC Notices of Charge of Discrimination A duty to preserve evidence is triggered when a company knows or reasonably should know that the evidence may be relevant to pending or future litigation. As all employers should be aware, a duty to preserve potentially relevant documents is triggered upon receipt–or even earlier notice of–an administrative charge of discrimination, such as a Notice of Charge of Discrimination from the Equal Employment Opportunity Commission (EEOC) or similar notice from a state agency such as Oregon’s Bureau of Labor and Industries (BOLI). Note that the courts view such administrative claims as “litigation” when dealing with discovery and the duty to preserve evidence. As one Washington employer recently discovered, a failure to issue a litigation hold and to preserve evidence can lead to severe consequences, including monetary sanctions. In Knickerbocker v. Corinthian Colleges, 2014 WL 1356205, __ F.R.D. __ (W.D. Wash. April 7, 2014), the Western District of Washington sanctioned an employer $25,000 plus attorney fees (and, separately, sanctioned its attorneys $10,000) for failing to issue a litigation hold after receipt of two EEOC Notices of Charge of Discrimination involving two terminated employees, as well as subsequent discovery misconduct.In that case, the employer allowed the former employees’ work email accounts to be deleted shortly after their termination, despite the fact that the employer received the EEOC notices, followed by a demand letter from the plaintiffs’ attorney, and service of a complaint. The employer should have issued a litigation hold to suspend its routine destruction of records upon receipt of the EEOC notices because, at that point, it knew or reasonably should have known that its former employees’ emails would be potentially relevant to future litigation. In another recent case, the same district court found that a duty to preserve evidence was triggered when a former employee responded to his suspension notice with reference to the EEOC–in other words, even a simple mention of the EEOC in this context put the employer on notice that a charge might be filed. See EEOC v. Fry’s Electronics, Inc.,874 F. Supp.2d 1042, 1044 (W.D. Wash. 2012).Once the duty is triggered, its scope is broad. It extends to any documents (whether paper or electronic) or tangible items that the company knows or should know are relevant or potentially relevant to the litigation, as well as to documents in the possession of employees who are key players in the case. If a company has a document retention policy, the company is obligated to suspend that policy and implement a litigation hold to ensure that relevant documents are preserved. Failing to preserve evidence is considered willful spoliation if the company has some notice that the documents were potentially relevant to the litigation before they were destroyed. For courts in the Ninth Circuit (including the federal courts in Oregon and Washington), spoliation of evidence raises a presumption that the destroyed evidence goes to the merits of the case, and that the evidence was adverse to the party who destroyed it.Employers should consult with counsel to ensure compliance with their duty to preserve evidence upon notice of any potential administrative action or litigation.