kpama journal - starchapter · 2016-08-30 · 2 kpama journal august 2016 3 hello keystone! what an...

UPCOMING MEETINGS9/20/2016 EducationalMeeting@ DesmondGreatValley-Malvern,PA10/5/2016 AAHAMANI-LasVegas,NV11/2/2016 BoardMeeting@WellSpan/Philhaven (9am-12pm)12/7/2016 EducationalMeeting@ HolidayInn-Grantville,PA

2016 BOARD OFFICERS

Roger Poremsky, CRCE-IChapter Board Chairperson PATHS,LLC [email protected]

Bill Major, CRCE-I, CRCS-IChapter PresidentWellspanHealth [email protected]

Lisa Laudeman, CRCE-I, CRCE-PChapter Vice PresidentPennsylvaniaPsychiatricInstitute [email protected]

Mary WallaceChapter TreasurerHRSI [email protected]

Kim RafteryChapter SecretaryHRSI [email protected]

Irene ParksElected Board MemberFinancialRecoveries [email protected]

Mary Beth McMenamin, CRCS-IElected Board Member LehighValleyHealthNetwork [email protected]

KPAMA JournalKeystone Chapter of AAHAM

AuguSt 2016

INSIDETHIS ISSUE

PageUpcomingMeetings . . . . . . . . . . .1

2016BoardOfficers. . . . . . . . . . . .1

President’sLetter. . . . . . . . . . . . . .2

RenewYourMembership . . . . . . . 3

AAHAMContacts. . . . . . . . . . . . . . 3

KPAMAJournalEditorialPolicy andObjective. . . . . . . . . . . . . . . 3

MissionStatement. . . . . . . . . . . . . 3

MeetaKeystoneAAHAMOfficer. . 4

NewMembers. . . . . . . . . . . . . . . .5

RegionalMeeting &ExhibitorFair . . . . . . . . .6,7,8

AAHAMBoardofDirectors. . . . . .9

PreventHealthcarePhishingby StrengtheningEmployee Training. . . . . . . . . . . . . . . . .10,11

At20,isHIPAAhittingitsstride, orisitoverthehill?. . . . . .12,13

KeystoneCorporatePartners . .14,15

12thAnnualLegislativeDay . . . .16

Topics . . . . . . . . . . . . . . . . . . . . . .17

Follow us

2 KPAMA JOURNAL AUGUST 2016 3

Hello Keystone!

Whatanexcitingyear2016hasbeen.AsournationalofficeisRaisingtheLevel,weatKeystoneareapartofthatrisingtide.AAHAMcontinuestogrowandwehavebigplansfortherestof2016.JohnCurrier,AAHAMnationalpresident,hassetloftygoalsforourorganization.PartofRaisingtheLevelcentersaroundcertification,thelifebloodofAAHAM.ThisyearAAHAMwantstoseeanincreaseof20%certificationinthetwotoplevels,CRCEandCRCP.Previously,CRCEwasthehighestmanagementlevelofcertifica-tionbutwiththeintroductionofCRCP,moremangersareoptingfortheintroductoryCRCPlevel.WhileCRCPhasbeenanoverwhelmingsuccess,CRCEhastendedtoremainflateventhoughthatisourhighestlevel.ThisistheyeartojumptoCRCEandpumpupyourresume!Andforthosewhoarenotcertified,CRCPisalsoagreatresumebooster.Ifyou’reavendorandwanttostandoutinthecrowd,providersarealwayslookingforvendorswithAAHAMcertification.MaybeyouhaveaCRCSemployeewhowouldmakeagreatpotentialmanager;CRCPwouldhelpgivethemtheskillsneededforadvance-ment.CRCS,thetechnicalcertification,hasalwaysbeenthelargestcertificationinAA-HAMandwillcontinuetobein2015.Wearelookingata30%increasefromlastyearbecausethefutureofAAHAMhasalwaysrestedinCRCS.Anothergreattechnicalcerti-ficationisCCT,whichhasjuststartedearningCEUs.Withnolongerneedingrecertifica-tioneverythreeyears,CCTisprojectedtojump15%.Andournewestcertification,CRIPwillbetakinga40%jumpincertification.Sonowisthetimetobecomecertifiedbe-causewhenyouraisethelevelofAAHAM,yourprofessionalopportunitiesareendless.

Sincerely,

Bill Major KeystoneChapterPresident

President’s Letter

REnEWYouR MEMBERSHIP!

IfyouhavenotrenewedyourmembershipwiththeKeystoneChapterorwithNationalAAHAM,pleasetakeafewminuestorenew.Byupdatingyourmembership,youwillcontinuetokeepyourpulseofwhatishappeningnowinthiseverchangingenvironment.

Don’t BE LEFt out!Gotowww.keystoneaaham.org

torenew!Thanks for your continued support!

Dale Brumbach Chapter Membership Chairperson

ContACt KEYStonE AAHAMwww.keystoneaaham.org

gEnERAL [email protected]

[email protected]

[email protected]

CoRPoRAtE [email protected]

MEEtIng [email protected]

[email protected]

KPAMA JOURNAl EDITORIAl POlICy

& OBJECTIvETheKPAMAJournalMagazineispublishedbytheKeystoneChapterofAAHAMtoupdatethemember-shipregardingchapterandnationalactivitiesaswellastoprovideinfomationusefultohealthcareadmin-istrativeprofessionals.

Opinionsexpressedinarticlesorfeaturesarethoseoftheauthor(s)anddonotnecessarilyreflecttheviewsoftheKeystoneChapterofAAHAM,TheNa-tionalAAHAMorganization,ortheeditor.

Reproductionand/oruseoftheformatorcontentofthispublicationwithouttheexpresspermissionoftheauthor(s)oreditorisprohibited.

AAHAM Mission StatementAAHAM’smissionistobethepremierprofessionalorganizationinhealthcareadministrativemanagement.Throughanationalorganizationandlocalchapters,AAHAMprovidesqualitymemberservicesandleadershipintheareasofeducation,communication,representation,professionalstandardsandcertification.

AUGUST 2016 5 4 KPAMA JOURNAL

LoCALCathyArchuletaPatrickBlewittMaryJoFiesWilburJohnsonSteveMachemerAngelaMillerDellaMurdockAunRazaCarmenRomanKathyTylerLoriWamplerMichaelWatkinsRonWatkinsChristinaYoungNenaZeiders

NEW MEMBERSnAtIonALAimeeBruff

SarahBush

KarenDruck

BethFranzak

BarbaraLingg

BreannMeadows

RichardOlmstead

• Name? William H. Major

• Certifications?CRCR, CRCS

• How many years have you been a national member? Since January 2008

• How did you get where you are today professionally? Hard work and great mentoring by Chris Stottlemyer

• What made you decide to become certified? I wanted to become a member of the board and some pushing from Chris Stottlemyer.

• What advice do you have for members that want to move up in their current healthcare careers? Look for every opportunity to improve yourself personally and professionally. Always look for something new to learn and add to your professional workload even when you don’t think that you can possibly take on one more role.

• What is your spouse’s name and occupation (if applicable)? Wade A. Markel…though we’re not legally married we have been together for over 35 years. He is an Executive Director with the American Heart Association.

• What are your children(s) names, ages and occupations (if applicable)? No children…just nieces and nephews (Melissa, Michelle, Sean and Scott)

• What was the last book you read? The Lost Symbol by Dan Brown.... I’m I huge history buff so I tend to read either nonfiction or novels that have lots of historical data.

• What is your favorite movie? I’m a big science fiction fan (Star Wars, Star Trek, Stargate) but there are certain movies that I always have to watch when they’re on TV…My Best Friend’s Wedding, The Shawshank Redemption, The Parent Trap, The Notebook, Meet Me in St Louis, Singing in the Rain.

Meet a Keystone AAHAM Officer• What is your indulgence?

A weekend in New York.

• What was your first job?Busboy for a restaurant called 7 Cousins.

• What did you have for breakfast today? Normally I have something like a hardboiled egg, coffee and maybe an English muffin but today I had a slice of cherry pie.

• Where did you spend your last vacation?

Rehoboth Beach, Delaware

• What do you never leave home without when you travel? Alka Seltzer…I know if I get sick or don’t feel good, it will always pick me up.

• I still can’t quite get the hang of....Excel spreadsheets

• What is your favorite way to celebrate after you’ve

completed a demanding project? A good meal and a great Martini.

• Name something about you that most people don’t know.I met one of my best friends, Marti over 52 years ago on the boat to the Statue of Liberty. She was visiting with her family from California and I was with my grandfather from New Jersey. We have remained friends for all these years and have traveled all over the country together.

• What do you know now that you wish you’d known when you were younger? Invest in your retirement because you will eventually get old.

• The world would be a better place if only.... People would try to see the other side of the story. It doesn’t mean you have to agree, you just have to understand that there is another side.


REgIonAL AAHAM MEEtIng & ExHIBItoR FAIRSponsored by the Keystone and Philadelphia Chapters of AAHAM

tuesday, September 20, 2016DESMonD HotEL

1 Liberty Blvd., Malvern, PA 19355

COST: $90/Member $115/Non-Member $90/HFMA/NAHAMMember**4.50EducationalHours=9.00AAHAMCEUs**

The Keystone and Philadelphia Chapters of AAHAM are pleased to present this year’s Regional AAHAM meeting and Exhibitor Fair.

Come join us for a day of education and networking with peers and vendor partners.

AgEnDA08:00AM—08:45AM Registration&ExhibitorFair ContinentalBreakfast

08:45AM—09:00AM Welcome/Announcements StevenHoneywell WilliamMajor

9:00AM—10:00AM Keynote Speaker Decide: Work Smarter, Reduce Your Stress & Lead By Example SteveMcClatchy,AlleerTraining

10:00AM—10:30AM BreakExhibitorFair ExhibitorHall

10:30AM—11:15AM Lehigh Valley Hospital’s Epic Journey JeffHinkle,LehighValleyHospital

11:15AM–12:00PM HAP update on Changes Within PA JoleneCalla,HAP

12:00PM—01:00PM Lunch/NetworkwithExhibitors ExhibitorHall

01:00PM–02:00PM Cyber Fraud – Avoid Being Scammed HowardForman,PNC-PINACLE®

02:00PM–02:15PM AfternoonBreak

02:15PM–03:15PM Leading Relationships: Communicate Effectively, Build Trust, Resolve Conflict SteveMcClatchy,AlleerTraining & Lead Your Relationships

03:15PM–04:00PM ExhibitorRaffles/Drawings

Included in your registration is the opportunity to have a complimentary professional head shot taken by our photographer, Steve Aaron (Regional Sales Executive at HBCS).

Steve will be available 9am to 2pm during the seminar. No pre-registration is required! Remember to bring your professional attire to take advantage of this generous offer.

REgIonAL AAHAM MEEtIng & ExHIBItoR FAIR— REgISTRATIoN FoRM —

Please register the following individuals for the September 20, 2016 Regional AAHAM Meeting and Exhibitor Fair:

NameofOrganization/Facility ____________________________________________________________________________

nAME oF AttEnDEE _____________________________________________E-Mail______________________________

ChapterAffiliation: Keystone NE Phila AAHAM HFMA NAHAM Non-Member







Cost:AAHAMMember $ 90 MakecheckpayabletoKPAMAHFMA/NAHAMMember $ 90 Checkfor$_____________enclosedNon-Member $115

It’s easy to register and pay online. Just visit the “NEW” Keystone Chapter website at:http://www.keystoneaaham.org/

or, send your registration form and check (payable to KPAMA) to:

MARY WALLACE3KeatsRoad,Yardley,PA19067

[email protected]—Phone#215-630-6990

AUGUST 2016 9 8 KPAMA JOURNAL

REgIonAL AAHAM MEEtIng & ExHIBItoR FAIRFeatured Speakers

StEVE McCLAtCHY, PresidentAlleerTraining&ConsultingSteveMcClatchyisakeynotespeaker,workshopleaderandauthoroftheNewYorkTimesBestsellerDecide:WorkSmarter,ReduceYourStress&LeadbyExample.Stevehasspokenbeforethousandsofaudiencesonthetopicsofleadership,performance,personalgrowth,andwork/lifeengagement.HisclientlistincludestheNFL,Google,Pfizer,Microsoft,Disney,NBCUniversal,Accenture,HP,DiscoveryChannel,UnderArmour,Tiffany’s,WellsFargoandCampbell’sSoup.HeisafrequentguestlecturerinmanyofAmerica’stopbusinessgraduateschoolsincludingHarvardandWharton.HehasappearedonABC,CBS,FoxNews,NBC’sTodayShowandhasbeenquotedinTheWallStreetJournal,WebMDMagazine,FastCompany,OprahMagazine,EntrepreneurandInvestor’sBusi-nessDaily.Steve’spassionisforcontinualimprovementandbelievesthatwhenwestopgrowing,learning,gainingexperienceandachievinggoalswestopliving.Steveisbestknownforhispassion,senseofhumorandenergeticpersonality.Youwillbecaptivated,motivatedandtrulyinspiredbyhisuniqueandpracticalapproachtoeffectivenessandsuccess.

JoLEnE H. CALLA, EsquireVice President of Health Care Finance and InsuranceTheHospitalandHealthsystemAssociationofPennsylvania,(HAP)Ms.CallacurrentlyservesastheVicePresidentofHealthCareFinanceandInsurancefortheHospitalandHealthsystemAssociationofPennsylvania(HAP).Inthisrole,Ms.Calladirectsallactivitiesrelatedtohealthcarefinance,includingMedicare,Medicaid,andothergovernmentreimbursementforhealthcareproviders.Herresponsibilitiesincludedetailedunderstandingandanalysisofstateandfederalbudgets,aswellasacomprehensiveknowledgeoflegislationandregulationimpactinghospitalandhealthsystemfi-nances,reimbursement,taxexemptionofnot-for-profithospitals,andhospitalcharitycareandbillingpracticesacrossthecontinuumofcare.Ms.CallafrequentlyparticipatesinnegotiationswithgovernmentagenciesandrepresentativesofoutsideorganizationsonbehalfofHAP.PriortojoiningHAP,Ms.CallaservedtheCommonwealthofPennsylvaniaforseveralyearsasBureauDirectorfortheOfficeofMedicalAssistanceProgramswhereshedirectedalloperationsandimplementedmultiplefederalandstateinitiatives.Ms.CallawastheonlypersontoleadboththeFee-for-ServiceandtheManagedCaredeliverysystems.Ms.Calla’spriorpositionsaffordherextensiveexpertiseinthehealthcareandinsuranceindustry,withaconcentrationinmanagedcare.SheworkedasaSpecialProjectsConsultantforCapitalBlueCross,astheDirectorofGroupAdministration,StrategyandProcessforCoventryHealthCareandasDirectorofMarketingandCorporateCommunicationsforKeystoneHealthPlanCentral.Ms.CallareceivedherJurisDoctoratefromtheWidenerUniversitySchoolofLaw,herMasterofArtsinCommunicationArtsfromtheNewYorkInstituteofTechnology,andherBachelorofArtsinEnglishandBachelorofArtsinCommunicationArtsfromVillanovaUniversity.

HoWARD n. FoRMAn, AAPSenior Vice PresidentPINACLE®ProductGroupManagerPNCAsoneofthenation’stoptreasurymanagementproviders,PNCoffersacomprehensivearrayofproductsandservicestobusinessesofallsizes.HowardNForman,AAPisheretosupportPNC’streasurymanagementteamindeliveringthecapabilitiesthathelpbusinessesthrive.HeisaSeniorVicePresidentandisresponsiblefortheproductmanagement,productdevelopment,security,andsalessupportfunctionsforPINACLE®–PNC’scorporateonlineandmobilebankingportal.Heisafrequentspeakeronavarietyoftopicsrelatingtotreasuryandpayments,andhasheldleadershippositionswithnationalindustryassociations,suchasNACHA–theElectronicPaymentsAssociation,andtheAssociationforFinancialProfessionals(AFP).HowardisthepastchairoftheNACHABlueRibbonPanel,isapastmemberofthePaymentsInstituteBoardofRegentsandpreviouslyservedontheAFPPaymentsAdvisoryGroup.HowardjoinedPNCin2012.HeearnedhisBachelorofSciencedegreefromtheUniversityofPittsburgh.

JEFF HInKLEAdministrator of Patient Financial Services LehighValleyHospitalJeffHinkle,CRCE-IistheAdministratorofPatientFinancialServicesatLehighValleyHospital,an1,100+acutecarebedfacilityinEast-ernPennsylvania.HehasworkedforLehighValleyHospitalfor13yearsandpreviouslyworkedfortheAARPcontractfor16years.HehasaBachelor’sdegreeinFinanceandanAssociatedegreeincomputerprograming.JeffisamemberofAAHAMandHFMA.

RogER PoREMSKY, CRCE-IChapter Board ChairpersonPATHS,LLC2010BevinDriveAllentown,PA18103 Phone:610-437-7144 Mobile:484-614-4880 Email:[email protected]

BILL MAJoR, CRCE-I, CRCS-IChapter PresidentWellspanHealth1001S.GeorgeSt.York,PA17405 Phone:717-812-3907 Mobile:717-586-1523 Email:[email protected]

LISA LAudEMAN, CRCE-I/CRCE-PChapter Vice PresidentEducationCommitteeChairpersonPennsylvaniaPsychiatricInstitute2501NorthThirdStreetHarrisburg,PA17110-2098 Phone:717-782-4783 Mobile:570-449-0560 Email:[email protected]

MARY WALLACEChapter TreasurerHRSIFederalReserveBankBuilding100N.IndependenceMallW.Suite5NWPhiladelphia,PA19106 Mobile:215-630-6990 Email:[email protected]

KIM RAFtERYChapter SecretaryHRSIFederalReserveBankBuilding100N.IndependenceMallW.Suite5NWPhiladelphia,PA19106 Phone:215-391-4834 Mobile:610-715-1523 Email:[email protected]

IREnE PARKSElected Board MemberChapterCorporatePartnersChairpersonFinancialRecoveries200EastParkDriveMt.Laurel,NJ08054 Phone:856-669-2270 Mobile:267-334-5018 Email:[email protected] MARY BETH MCMENAMIN, CRCS-IElected Board MemberLegislative Committee Chairperson LehighValleyHealthNetwork2100MackBlvd,4thFloorAllentown,PA18103-5622 Phone:484-884-2671 Mobile:484-225-7213 Email:[email protected]

DALE BRuMBACHChapter Membership ChairpersonGolf / Social Committee ChairpersonPennCreditCorporation916S.14thStreet,POBox988Harrisburg,PA17108-0988 Phone:800-720-7293,Ext.3433 Mobile:717-329-8695 Email:[email protected]

CARoLYN BRoWN, CRCE-IChapter Certification Committee Chairperson Philhaven283S.ButlerRoad,POBox550Mt.Gretna,PA17064-0550 Phone:717-270-2460 Mobile:717-926-3570 Email:[email protected]

KRISTY PIPHER-RICHMoNdChapter Ways and Means ChairpersonCommercialAcceptanceCompany2WestMainStreetShiremanstown,PA17011 Phone:717-901-4557,Ext.214 Mobile:717-503-2821 Email:Kprichmond@ commercialacceptance.net

KIM SuMMERLotChapter Journal EditorNRAGroup,LLC2491PaxtonSt.Harrisburg,PA17111 Phone:1-800-360-9953,opt.1,ext.3071 Mobile:717-571-2726 Email:[email protected]

SuE FASNACHT, CRCP-I, CRCS-IBoard Member WellspanEphrataCommunityHospital446N.ReadingRoadEphrata,PA17522 Phone:717-733-5902 Mobile:717-490-2386 Email:[email protected]

REBECCA HARTRANFT, CRCP-I, CRCS-I/CRCS-PBoard MemberWellspanEphrataCommunityHospital446N.ReadingRoadEphrata,PA17522 Phone:717-733-5928 Mobile:610-960-7017 Email:[email protected]

dEB STERLINg, CRCE-IBoard MemberNRAGroup;EBOSolutions,LLC2491PaxtonSt.Harrisburg,PA17111 Phone:800-360-2998,Ext.3902 Mobile:717-512-5322 Email:[email protected]

RICHARD oLMStEADEducation Committee MemberMedClaimsInternational700TurnerIndustrialWay,Suite210Aston,PA19014 Phone:610-494-7505,Ext.100 Mobile:302-562-5256 Email:[email protected]

SHARon tAuBEEducation Committee MemberKeyMedPartners/BAM3607RosemontAvenue,Suite401CampHill,PA17011 Phone:717-000-0000 Mobile:717-712-5296 Email:[email protected]

Keystone AAHAMBoard of Directors 2016


Please follow/join our social media pages!www.keystoneaaham.org

Prevent Healthcare Phishingby Strengthening Employee Training

By Dylan Sachs of BrandProtect

Healthcare phishing attacks have increased in frequency, but there are several ways organizations can take control and improve their data security measures. Cybercriminalsviewthehealthcareindustryasaprimetar-get.Justthisyear,wehavewitnessedhospitalslikeHollywoodPresbyterianMedicalCenter,MedStarHealth’sUnionMemo-rialHospital,inBaltimore,Maryland,andMethodistHospitalinHenderson,Kentuckymakeheadlines,astheyfellvictimtocyberattacks.

TherecentVerizonDataBreachInvestigationsReport(DBIR)sawransomwareattacksrise16percentoverallthisyear.Andac-cordingtoanewstudybytheBrookingsCenterforTechnologyInnovation,23percentofalldatabreachesoccurinhealthcare,triplingoverthelasttwoyearsalone.

RecentresearchbythePonemonInstituteandBrandProtectpolledsecurityteamsandleadingenterprisesonexternal(Inter-net-based)threats,suchasphishingandmobile-basedschemes,andemployeeorexecutivemasquerades.Thesethreatsarepervasiveandserious.Onaverage,the505enterprisessurveyedwerevictimizedmorethanonceamonth,andspentanaverageof$3.5millionannuallytorecoverandremediatetheseattacks.

PREVEntIng MoDERn HEALtHCARE PHISHIng AttACKSItisclearthatthecriminalsareimprovingtheirtechnique,soitisessentialthathealthcareCISOsuptheirgame,too.What’sneededtosucceedinthisbattleagainstcybercriminals?Threesimplethings:

Search out cyber threats beyond the perimeterWhilenetworkandendpointmonitoringshouldneverbene-glected,thereisanopportunityforCISOstogetaheadofmanycyberattacksbyproactivelysearchingforandmitigatingonlineactivitythattargetstheinstitution.Thelistofmalevolentactivi-tiesisalongone–forexample,thecriminalsmaybeimperson-atinghospitalorinsuranceexecutivesthroughduplicateonlineprofilesatLinkedIn,FacebookorTwitter.Thesemasqueradingprofilesareusedtogatherlinksandconnectiontorealpeoplewithintheinstitution,allowingthecriminalstonotonlybuildadatabaseofinternalcontacts,butgivingthema“legitimate”meanstoreachout.Theremaybeunauthorizedusergroupsthatfalselyappeartorepresenttheinstitution.Theremaybedomainsthatmimictheactualdomainofthehospitalorinstitu-tion.Completeexternalcybermonitoringwillalsoprovideyouwithevidencethatyouhave(orhavenot)beenbreached.Bymonitoringblackmarketactivity,youwillbeabletoseeifyourpatientrecordsarebeingofferedforsale.

Monitor domain registrations and MX recordsBymonitoringnotonlycopycatandsimilardomains,butbyalsotrackingtheMXrecordstatusofthosedomains,CISOs

canproactivelyblockpotentialspearphishingorBECattacks.Cybercriminalsplayacatandmousegamewithdomains–theyregisteroractivateanemail-capabledomainjustbeforetheylaunchtheirattack,anddiscardthedomainaftertheystrike.Inthemostsophisticatedcases,theseattackdomainsareonlyon-linefor24to72hours.Toemail-enableadomain,thecriminalssimplyactivatethedomain’sMXrecord,whichidentifiesthatdomainasemailcapable.WhentheMX-recordofacopycatorsimilardomainisactivated,thatdomainbecomesapotentiallaunchplatformforaBECortargetedemailattack.Tostopanattackbeforeitbegins,CISOsshouldimplementfull-scaledo-mainmonitoringwithintegratedMX-recordmonitoring.Whenapotentialattackingdomaincomesonline,CISOscanblockemailsfromthatIPaddressorplacethatdomainontheirlistofuntrusteddomains.

Educate employees and membersCISOsshouldtakestepstomakesurethatcyberthreataware-nessandsecuritybestpracticesaretopofmindforallem-ployees,doctors,andnetworkmembers.Aninformeduserismuchlesslikelytobevictimizedbyaroguemessage.Quarterlyreminders,orbetter,monthly,aboutphishingandspearphish-ingdangers,ortheperilsofdownloadingmobileapps,cangoalongwaytoprovidingonelastlineofdefensefororganizations.Theseremindersshouldalsooffersomeclarityonwhatthere-cipientsshouldexpectfromtheorganization,inthewayofdatarequests–anythingout-of-the-ordinaryshouldbequestionedimmediately.SomeofthemostpopularwaysCISOstrytohelptheirconstituenciesbecomethreat-hardenedincludenewslet-ters,webinars,lunchtimesessions,andactualinboundphishingtests.Inaddition,newemployeeonboardingprogramsshouldincludeamoduleoncyberthreatawareness.Inthebestcases,theseeducationalprogramsbecomeaninstitutionalpriority,withexecutivesuitesponsorshipandparticipation.

WHY HEALTHCARE?Healthcareorganizationsarealargetargetformanyreasons.EHRsincludethepersonal,family,andbillinginformationoftheirpatients.TheyarevirtuallycompletepersonalidentityportfolioswithSocialSecuritynumberslinkedtonamesanddatesofbirth,parents’names,maidennames,physicalandemailaddresses,children’snames,and,insomecases,completeinformationofclosefriends.

Ontheblackmarketforstolenrecords,healthrecordscom-mandthehighestpremium,becausecybercriminals,armedwiththecontentsofEHRs,haveeverythingtheyneedtoapplyforcreditcardsormortgages,submitstateandlocaltaxreturnsandmore,devastatingthelivesoftheindividualswhoseidenti-tieswerestolen.

Additionally,theavailableattacksurfaceinthehealthcarein-dustryisverycomplex,andnotuniformlysecure.Twotrendsinthehealthcareindustry-themovetoEHRsandtheevolutionof

subspecialiststhatfunctionasindependentcontractors-havecombinedtocreateanelectroniclandscapethatdefiesdescrip-tion.

Atypicalhealthcareeventcaninvolvedozensofinstitutionsandservicessubcontractors,eachoneusingitsownbillingandrecord-keepingsystem,whilestillrequiringfullaccesstotheEHR.Ofcourse,thisamalgamatednetworkischallengingtomaintain,andnotsurprisingly,itcreatesmassiveopportunitiesforcompromise.

Finally,healthcareenterprises,hospitalsandcaregivingorgani-zationsespecially,dependonuninterruptedoperations.Hospi-talsandregionalmedicalcentersarecriticalresources.

Whenahospitalorregionalmedicalcenterfindsthattheiroperationsareinterrupted,gettingtheirsystemsbackonlineinstantlybecomesthetoppriority.Itcanliterallybeamatteroflifeanddeath.Andtoanindividualorafamily,accesstohealthcareisoneofthemostimportantassetstheycanhave.Itgoeswithoutsayingthatwhensomeonegetsamessagethatsuggeststheirhealthcarecoverageisatrisk,itgetstheirfullattention.

Fundamentally,thecybercriminalshaveonesimplegoal.Theyonlyhavetoconvinceonepersonthattheirfakeemailmessage,theircopycatwebsite,ortheirbogustweetisreal.Theyonlyneedonepersontofallfortheirscaminordertoprofit.

Andcybercriminalsaregoodatthat.Theyareincreasinglyorga-nized,andtheirschemingmessagesarenearperfectduplicatesoftherealthing.Theyhaveincorporatedsocialengineeringtotargettheirmessagesmoreaccurately.Today,thebadguyshaveevolvedtheirgamefarbeyondsimplephishing.

Moderncybercriminalsnowemploysocialengineeringtotargettheirattackscarefully,leveragingpubliclyavailabledataaboutprofessionalnetworks,usingLinkedIn,Spokeo,Hoovers,Dis-coverORG.comandotherpubliclyavailableresources,tocreateplausibleemails.

Theseemailsaredesignedtocomefromexecutiveswhoareknowntotherecipientsandsometimescovercurrentbusinessorindustryissues,withaneeriefamiliarity.Thisgreatlyraisesthelikelihoodthatrecipientsoftheseemailsclickonthelink,oropentheattachment,springingthetrap.Accordingtothelatest

VerizonDBIR,30percentofallphishingemailsareopenedbytheirtargetsand12percentactuallyclickonthedangerouslinkorattachment.

StRong LEADERSHIP IS nEEDEDAccordingtothePonemonsurvey,HealthCare/Pharmasecurityprofessionalsreportedthattheywerethesecond-mostoftenattackedindustry(justbehindfinancialservices)andtheiran-nualspendingwaswellabovetheaverage,equalingalmost$3.9millionperyear.Despitethisattackvolume,healthcare/pharmasecurityteamstrailedallotherindustriesintermsoftheen-gagementoftheirseniorsecurityleadershiparoundexternalthreatsandcreatingaprocessfordealingwithexternalthreatmonitoring,analysisandmitigation.

Cyberattacksagainstthehealthcareindustryareontherise.Theurgencyaroundtheoperationalintegrityofhealthcareinfra-structure,plustheuniquevalueofEHRsandotherhealthdatameansthatthereisnoendinsightfortheseattacks.

Ransomwareisgainingnotoriousheadlines,butmalwareattacksandotherincursionsthatleadtobreachesarealsoincreasinginfrequency.CISOshaveopportunitiestostayastepahead.Educationalprogramsfordoctorsandstaffmembersarecritical,buttheyarenotenough.

Proactivecybermonitoring,particularlyaroundMX-recordacti-vation,canhelptoslowthemostdangeroussociallyengineeredattacksfromeverreachingtheirintendedtarget.

Dylan Sachs directs Identity Theft and Anti-Phishing efforts at BrandProtect. He works directly with leading financial institu-tions, healthcare providers and Fortune 500 enterprises to help CISOs and security teams deploy better defenses against modern email and identity theft attacks, including BEC attacks socially-engineered exploits. Sachs also leads the BrandProtect Incident Response Team.

Prevent Healthcare PhishingContinued from Page 10

~ PASS IT ON! ~DoyouknowsomeonewhowouldliketoreceivetheKPAMAJournal?Emailinfo@KeystoneAAHAM.orgwiththeindividual’sname,companyandcontactinformationorvisitourwebsiteatwww.keystoneaaham.organdfollowthelinktoJoin Keystone AAHAM’s Email List.

GET PubLiSHEd!Wearealwayslookingforarticlesfromourmembers.Doyouhaveanarticleonacurrentfinancialhealthcaretopic?Pleasesendtowmajor3@wellspan.org.Articlesshouldbelessthan800wordsandsubmittedinaWorddocument.

Continued on Page 11


NYUmedicalstudentsareexposedtode-identifiedinforma-tionsotheycanlearnhowtoanalyzedataandcomeupwithhypotheticaltreatmentsforpatientsbeforetheyhithospitalfloors.Theyalsogenerallyfollowtwotothreespecificpatientsatanypointduringrotations,buttheycan’tcontinuetomoni-torpatientsandseehowtheirtreatmentsplayoutovertime.

Dr.FritzFrancois,NYULangoneMedicalCenter’schiefmedi-calofficer,wouldliketoseeNewYorkUniversitySchoolofMedicineusemorereal-timedatatobetterpreparestudentsfortherealworldofpopulationhealthmanagementthey’reabouttoenter.

HIPAA,thelawthefederalgovernmentusestopolicetheprivacyandsecurityofthenation’shealthinformation,isstandingintheway,hesaid.

Thatlaw—theHealthInsurancePortabilityandAccountabilityAct—isturning20,andsomepeoplemaywonderifit’suptothejobin2016andbeyond.

ThefrustrationFrancoisexpressedillustratesoneofthemanyconundrumsposedbyHIPAAanditsregulationsinanagewhenthehealthcareindustryiscountingonthefreeflowofdatatorevolutionizehowcareisdeliveredandpaidfor.

PresidentBillClintonsignedthelawAug.21,1996—aroundthesametimetheWorldWideWebandemailwerestartingtotakeholdinAmericanlife.HHSandCongresshaveworkedtotransformandupdatethelaw—initiallycreatedtomakeit

easierforAmericanstokeephealthinsurancecoverage.Inthedecadessinceitwasenacted,electronichealthrecordshaveeclipsedpaper,andhealthinformationisbeingcollectedandtransmittedinwaysthelawdoesn’treach.

Andinspiteofthelaw,healthcarehasseenadrumbeatofmassivedatabreaches.AcyberattackdisclosedjustweeksagobyBannerHealthcompromisedtherecordsof3.7millionpeople.Inaddition,therehavebeenrecentepisodesofcrimi-nalsseizinghospitalEHRsystemswithmalwareanddemand-ingransomtounlockvitalmedicaldata.

Hundredsofthefts,lossesandothermishapswithpaperandelectronicpatientinformationhavebeendisclosedtoHHSeachyearsincemandatoryreportingtookeffectin2009,andthebreachesofteninvolveasprawlingarrayofvendorsthatdobusinesswithhealthcareprovidersandinsurers.

HHS’OfficeforCivilRightshasbeenquiteactivelatelyinHIPAAenforcement,reachingadozensettlementsinthecur-rentfiscalyearcomparedwiththreeinfiscal2015.

Theapparentcrackdownhasledtoalotofanxietyamonghealthcareproviders,especiallysmallentitiesthatdon’thavethestaffingortechnologycapabilitiestokeepupwithanever-changingworldofcybersecuritywhereeveryoneisworriedaboutthenextattack.

“Ithinktofightoffthosekindsofattacksrequiresanincreas-ingsophisticationthatisn’tnecessarilyaffordableforallproviders,”saidMarkSwearingen,anattorneyatHallRenderKillianHeath&Lyman.“Theydowhattheycantogetasecuresystemsetup.”

CoveredentitiesandbusinessassociatesalsomaynotbeawareoftherequirementstheymustmeettobeHIPAA-com-pliant.AlthoughHHSproducesguidanceforthecomplexwebofregulations,manybusinesses’HIPAAriskanalysisprogramsaren’tbroadenough,Swearingensaid.

MostcompanieshaveconductedriskanalysisoftheirEHRsystemsaspartofthefederalincentiveprogramforusingthetechnology,butHIPAAactuallyrequiresa“comprehensiveenterprise-wideriskanalysis”thatlooksintoallsystemsthattouchprotectedhealthinformation,includingbillingsystemsandemail.

DevenMcGraw,wholeadsthehealthinformationprivacydivisionattheOfficeforCivilRights,saysthehighervolumeinHIPAAsettlementsdoesn’tnecessarilyshowanupwardtrendinHIPAAenforcementactions.

“Eachcaseisexamined,andtheinvestigationsdevelopbasedonthefacts,”McGrawsaid.“Theultimatepenaltythatcouldbepursuedthatisthebasisofthesettlementdiscussionde-pendsontheconductinvolved.”

Evenwithrecordsettlements,therearegrowinggapsinthelaw’sprotections.Forexample,wearablemobiledevices,consumer-facingmobileappsandsocialmediaaren’tgener-allycoveredbyHIPAA’sprivacyandsecurityprotections,saidJodiDaniel,apartnerinthelawfirmCrowell&Moring.AndtheapplicationofHIPAAisambiguous,shesaid,forservicesthataren’tbilledtohealthplansorotherpayers,includingmanytelehealthservicesandcareprovidedbyso-calledcon-ciergepractices.Theseswathsofthehealthcarelandscapearesuretogrow.

“Ithinkthatgapposessignificantproblems,”saidDaniel,previouslywaspolicydirectorinHHS’OfficeoftheNationalCoordinatorforHealthInformationTechnology.“Eventhesameinformationheldindifferentplacesmayhaveprotec-tionsinoneplaceandnotanother.”

McGraw,however,praisedHIPAAforcoveringtheenviron-mentitwascreatedtoaddress20yearsagowhilebeingflexibleenoughtoadapttodramaticchangesintheindustry.“Ithinkitgoestoshowthatwe’reopenandwillingtoaddressthequestionsthatarearisingoutthereinthefield,nomatterhowsmallorhowbigtheyseem,”shesaid.

TheOfficeforCivilRightsisjuststartingitssecondwaveofauditsofcoveredentities,andthefirst-everauditoftheirbusinessassociates,whichbecamedirectlyliableunderHIPAAin2013.“WhatI’mhopingwe’llseeismoreexamplesofcom-pliantorganizationsthaninphaseone,”McGrawsaid.

Ultimately,accordingtosome,theOfficeforCivilRightsdoesnothavethebudget,stafforpowertobroadlyenforceHIPAA’s

At 20, is HIPAA hitting its stride, or is it over the hill?By Erica Teichert

privacyandsecurityprovisions,leadingmanyprovidersandbusinesspartnerstoinstallinadequatesystemsandproto-cols.“HIPAAisafalsepromise.Itgivesustheillusionthatourprivacyisprotected,butwithoutanyenforcementmecha-nismthatprotectionislargelyhollow,”saidNealEggeson,anIndianapolis-basedattorneywhospecializesinprivacylaw.“Theemperorhasnoclothes.”

ButdramaticallyincreasingtheOfficeforCivilRights’budgetwouldn’tdriveproviderstotakedatasecuritymoreseriously,Eggesonsaid.Congressneedstocreateaprivatecauseofac-tiontoallowvictimstosuewhentheirdataiscompromised,hesaid.“Overnightyouwouldseecoveredentitiesstarttotakerealstridestowardsimprovingpatientprivacyprotec-tion.”

Victimsofbreacheshavepursuedclass-actionlawsuits—onewasfiledlastweekagainstBanner—butjudgeshavegener-allybeendubiousoftheargumentthattheheightenedriskofidentitytheftconstitutesdamages.

Nevertheless,justthefearofrunningafouloftheregulationsisoftenblamedforstiflinginnovation,suchasNYU’sattemptstoinfusemedicaleducationwithdata-drivenhealthcaredeliv-ery.

Whilehestillwantspatientstoretaintheirprivacy,Francoissaidrelaxingsomerestrictionsonthesharingofpatientdatawithstudentscouldsubmergetheminmanagingpopulationhealthfromthebeginningoftheirtraining.“That’sreallyhowweshouldbemovingintermsoftrainingthenextgeneration,”hesaid.

Continued Next Page

HIPAA Continued from Previous Page


Keystone Corporate partners

Your participation in the Corporate Partner Program enables the Keystone Chapter to continue providing a forum

for the education of our members as well as opportunities to meet and network with our friends and associates

throughout the Chapter!

pLatInUM pLUs — $1,500

HRSIBureauofAccountManagement

KeyMedPartners

NationalRecoveryAgencyEBOSolutions

pLatInUM — $1,000

CapioPartnersCommercialAcceptanceCompany

ArcadiaRecoveryBureauFinancialRecoveries

ProCoPennCredit

CreditManagementCompany

Thank You!

GoLD — $750

CreditBureauofLancasterTheROICompanies

sILVer — $500

SunStoneConsultingMedClaimsInternational

PATHSEMCSoft

BreaK — $250

FirstCredit,Inc.CentralCreditAudit


NationalAAHAMLegislativeDayswereMonday,April25thandTuesday,April26thinWashingtonDC.PennsylvaniahadthelargestnumberofAAHAMmemberspresentagainthisyear!ThereweretwoscholarshipsawardedthisyearfromourKeystoneChapter.NancyEsterlyandLaurieSteffyweretheluckywinners.Togetheralongwith100otherAAHAMmembersfromacrosstheUnitedStateswewereabletovisitournationsSenatorandRepresentative’soffices.NationalAAHAMarrangespersonalmeetingswithmembersoftheUSSenateandourHouseofRepresentativestoshareourconcernsaboutissuesthatcouldimpactus.Thisyear,PennsylvaniaAAHAMmembersmetwithSenatorToomeyandSenatorCasey’soffice.TherewereseveralRepresentativeofficesavailableformemberstomeetwith.Theseofficesincluded;TimMurphy,CharlesDent,MichaelFitzpatrick,PatrickMeehan,RyanCostello,ScottPerryandRobertBrady.

What a learning opportunity…… thanks AAHAM for making it possible!A great time with great people!

the topics that we brought to the table this year were, the HIP Act (Hospital Improvements for Payment) and HR2156 - the Medicare Audit Improvement Act.TheimplementationoftheAffordableCareAct(ACA)changedmanyoftheprocessesregardinghealthcare,creatingalargerdebateonhealthcaresystemsandtheirefficiency.Throughthisdebate,manyissueshavebeenuncoveredwithvariousaspectsofMedicare,especiallyaboutpayment.TheHIP ActwascreatedinresponsetopaymentissuesthatexistwiththecurrentMedicarepaymentsystems,suchastheissuesbetweenpaymentsystems,thecurrentdefinitionsofashortstay,theproblemsassociatedwiththetwo-midnightpolicy,andreformtotheRecoveryAuditContractors(RAC)program.ThesecondtopicwasHR 2156- The Medicare Audit Improvement Act.TheRACprogramwascreatedtoidentifyandrecoverimproperMedicareoverpaymentsandunderpaymentstohealthcareproviders.Hospitalshaveseenalargeincreaseintheamountofdocumentsbeingrequested.

IsthereatopicthatyouwantcoveredattheKey-stonemeetings?Isthereaspecificspeakerthatyouwouldliketohear?Letusknow!

Theseareyourmeetingsandwewanttoknowwhatpresentationsyouwanttosee.Isthereafavoritespeakerfromthepastthatyouwouldliketohearfromagain?

[email protected](BillMajor)[email protected](ChristineIfft)andletusknowpotentialtopics,speakers,orrepeatper-formances.

TOPiCS

~ ABOUT US ~The purpose of the Keystone Chapter

shall be to:A. Promoteandencouragetherecognitionof

healthcareadministrativemanagementasanintegralpartofthefinancialmanagementwithinhealthcareproviderorganizationsandthroughoutthehealthcareindustry.

B. Encouragetheimplementationofeffectiveandefficientbusinessandreceivablesmanagementpoliciesandproceduresinalltypesofhealthcareproviderorganizationsandthroughoutthehealthcareindustry.

C. Stimulateandencourageanexchangeofinformationamongthemembership.

D. Developandencouragetheimplementationofprogramsforthepurposeoffurtheringtheeducationandincreasingtheknowledgeofthemembershipinthehealthcareindustry.

E. Developandimplementsuchprogramsasmayaddtotheknowledgeandencouragethedevelopmentofpersonsnewtothehealthcareindustry.

F. Establishnon-discriminatorystandardsofperformanceandprofessionalconductforpersonswhoparticipateorareinvolvedinhealthcareadministrativemanagement,includingthemanagementofpatientaccountsofanyhealthcareproviderorganizationorrelatedfieldconductingbusinessinthehealthcareindustry.

g. Promotethehealthcareprofessionbycooperatingwithotherhealthcareorganizations,institutionsandrelatedagencies,thirdpartypayers,andthegeneralpublic.

kpama journal - starchapter · 2016-08-30 · 2 kpama journal august 2016 3 hello keystone! what an...

Documents