kpama journal - starchapter · 2016-08-30 · 2 kpama journal august 2016 3 hello keystone! what an...
TRANSCRIPT
![Page 1: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/1.jpg)
UPCOMING MEETINGS9/20/2016 EducationalMeeting@ DesmondGreatValley-Malvern,PA10/5/2016 AAHAMANI-LasVegas,NV11/2/2016 BoardMeeting@WellSpan/Philhaven (9am-12pm)12/7/2016 EducationalMeeting@ HolidayInn-Grantville,PA
2016 BOARD OFFICERS
Roger Poremsky, CRCE-IChapter Board Chairperson PATHS,LLC [email protected]
Bill Major, CRCE-I, CRCS-IChapter PresidentWellspanHealth [email protected]
Lisa Laudeman, CRCE-I, CRCE-PChapter Vice PresidentPennsylvaniaPsychiatricInstitute [email protected]
Mary WallaceChapter TreasurerHRSI [email protected]
Kim RafteryChapter SecretaryHRSI [email protected]
Irene ParksElected Board MemberFinancialRecoveries [email protected]
Mary Beth McMenamin, CRCS-IElected Board Member LehighValleyHealthNetwork [email protected]
KPAMA JournalKeystone Chapter of AAHAM
AuguSt 2016
INSIDETHIS ISSUE
PageUpcomingMeetings . . . . . . . . . . .1
2016BoardOfficers. . . . . . . . . . . .1
President’sLetter. . . . . . . . . . . . . .2
RenewYourMembership . . . . . . . 3
AAHAMContacts. . . . . . . . . . . . . . 3
KPAMAJournalEditorialPolicy andObjective. . . . . . . . . . . . . . . 3
MissionStatement. . . . . . . . . . . . . 3
MeetaKeystoneAAHAMOfficer. . 4
NewMembers. . . . . . . . . . . . . . . .5
RegionalMeeting &ExhibitorFair . . . . . . . . .6,7,8
AAHAMBoardofDirectors. . . . . .9
PreventHealthcarePhishingby StrengtheningEmployee Training. . . . . . . . . . . . . . . . .10,11
At20,isHIPAAhittingitsstride, orisitoverthehill?. . . . . .12,13
KeystoneCorporatePartners . .14,15
12thAnnualLegislativeDay . . . .16
Topics . . . . . . . . . . . . . . . . . . . . . .17
Follow us
![Page 2: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/2.jpg)
2 KPAMA JOURNAL AUGUST 2016 3
Hello Keystone!
Whatanexcitingyear2016hasbeen.AsournationalofficeisRaisingtheLevel,weatKeystoneareapartofthatrisingtide.AAHAMcontinuestogrowandwehavebigplansfortherestof2016.JohnCurrier,AAHAMnationalpresident,hassetloftygoalsforourorganization.PartofRaisingtheLevelcentersaroundcertification,thelifebloodofAAHAM.ThisyearAAHAMwantstoseeanincreaseof20%certificationinthetwotoplevels,CRCEandCRCP.Previously,CRCEwasthehighestmanagementlevelofcertifica-tionbutwiththeintroductionofCRCP,moremangersareoptingfortheintroductoryCRCPlevel.WhileCRCPhasbeenanoverwhelmingsuccess,CRCEhastendedtoremainflateventhoughthatisourhighestlevel.ThisistheyeartojumptoCRCEandpumpupyourresume!Andforthosewhoarenotcertified,CRCPisalsoagreatresumebooster.Ifyou’reavendorandwanttostandoutinthecrowd,providersarealwayslookingforvendorswithAAHAMcertification.MaybeyouhaveaCRCSemployeewhowouldmakeagreatpotentialmanager;CRCPwouldhelpgivethemtheskillsneededforadvance-ment.CRCS,thetechnicalcertification,hasalwaysbeenthelargestcertificationinAA-HAMandwillcontinuetobein2015.Wearelookingata30%increasefromlastyearbecausethefutureofAAHAMhasalwaysrestedinCRCS.Anothergreattechnicalcerti-ficationisCCT,whichhasjuststartedearningCEUs.Withnolongerneedingrecertifica-tioneverythreeyears,CCTisprojectedtojump15%.Andournewestcertification,CRIPwillbetakinga40%jumpincertification.Sonowisthetimetobecomecertifiedbe-causewhenyouraisethelevelofAAHAM,yourprofessionalopportunitiesareendless.
Sincerely,
Bill Major KeystoneChapterPresident
President’s Letter
REnEWYouR MEMBERSHIP!
IfyouhavenotrenewedyourmembershipwiththeKeystoneChapterorwithNationalAAHAM,pleasetakeafewminuestorenew.Byupdatingyourmembership,youwillcontinuetokeepyourpulseofwhatishappeningnowinthiseverchangingenvironment.
Don’t BE LEFt out!Gotowww.keystoneaaham.org
torenew!Thanks for your continued support!
Dale Brumbach Chapter Membership Chairperson
ContACt KEYStonE AAHAMwww.keystoneaaham.org
gEnERAL [email protected]
CoRPoRAtE [email protected]
MEEtIng [email protected]
KPAMA JOURNAl EDITORIAl POlICy
& OBJECTIvETheKPAMAJournalMagazineispublishedbytheKeystoneChapterofAAHAMtoupdatethemember-shipregardingchapterandnationalactivitiesaswellastoprovideinfomationusefultohealthcareadmin-istrativeprofessionals.
Opinionsexpressedinarticlesorfeaturesarethoseoftheauthor(s)anddonotnecessarilyreflecttheviewsoftheKeystoneChapterofAAHAM,TheNa-tionalAAHAMorganization,ortheeditor.
Reproductionand/oruseoftheformatorcontentofthispublicationwithouttheexpresspermissionoftheauthor(s)oreditorisprohibited.
AAHAM Mission StatementAAHAM’smissionistobethepremierprofessionalorganizationinhealthcareadministrativemanagement.Throughanationalorganizationandlocalchapters,AAHAMprovidesqualitymemberservicesandleadershipintheareasofeducation,communication,representation,professionalstandardsandcertification.
![Page 3: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/3.jpg)
AUGUST 2016 5 4 KPAMA JOURNAL
LoCALCathyArchuletaPatrickBlewittMaryJoFiesWilburJohnsonSteveMachemerAngelaMillerDellaMurdockAunRazaCarmenRomanKathyTylerLoriWamplerMichaelWatkinsRonWatkinsChristinaYoungNenaZeiders
NEW MEMBERSnAtIonALAimeeBruff
SarahBush
KarenDruck
BethFranzak
BarbaraLingg
BreannMeadows
RichardOlmstead
• Name? William H. Major
• Certifications?CRCR, CRCS
• How many years have you been a national member? Since January 2008
• How did you get where you are today professionally? Hard work and great mentoring by Chris Stottlemyer
• What made you decide to become certified? I wanted to become a member of the board and some pushing from Chris Stottlemyer.
• What advice do you have for members that want to move up in their current healthcare careers? Look for every opportunity to improve yourself personally and professionally. Always look for something new to learn and add to your professional workload even when you don’t think that you can possibly take on one more role.
• What is your spouse’s name and occupation (if applicable)? Wade A. Markel…though we’re not legally married we have been together for over 35 years. He is an Executive Director with the American Heart Association.
• What are your children(s) names, ages and occupations (if applicable)? No children…just nieces and nephews (Melissa, Michelle, Sean and Scott)
• What was the last book you read? The Lost Symbol by Dan Brown.... I’m I huge history buff so I tend to read either nonfiction or novels that have lots of historical data.
• What is your favorite movie? I’m a big science fiction fan (Star Wars, Star Trek, Stargate) but there are certain movies that I always have to watch when they’re on TV…My Best Friend’s Wedding, The Shawshank Redemption, The Parent Trap, The Notebook, Meet Me in St Louis, Singing in the Rain.
Meet a Keystone AAHAM Officer• What is your indulgence?
A weekend in New York.
• What was your first job?Busboy for a restaurant called 7 Cousins.
• What did you have for breakfast today? Normally I have something like a hardboiled egg, coffee and maybe an English muffin but today I had a slice of cherry pie.
• Where did you spend your last vacation?
Rehoboth Beach, Delaware
• What do you never leave home without when you travel? Alka Seltzer…I know if I get sick or don’t feel good, it will always pick me up.
• I still can’t quite get the hang of....Excel spreadsheets
• What is your favorite way to celebrate after you’ve
completed a demanding project? A good meal and a great Martini.
• Name something about you that most people don’t know.I met one of my best friends, Marti over 52 years ago on the boat to the Statue of Liberty. She was visiting with her family from California and I was with my grandfather from New Jersey. We have remained friends for all these years and have traveled all over the country together.
• What do you know now that you wish you’d known when you were younger? Invest in your retirement because you will eventually get old.
• The world would be a better place if only.... People would try to see the other side of the story. It doesn’t mean you have to agree, you just have to understand that there is another side.
![Page 4: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/4.jpg)
6 KPAMA JOURNAL AUGUST 2016 7
REgIonAL AAHAM MEEtIng & ExHIBItoR FAIRSponsored by the Keystone and Philadelphia Chapters of AAHAM
tuesday, September 20, 2016DESMonD HotEL
1 Liberty Blvd., Malvern, PA 19355
COST: $90/Member $115/Non-Member $90/HFMA/NAHAMMember**4.50EducationalHours=9.00AAHAMCEUs**
The Keystone and Philadelphia Chapters of AAHAM are pleased to present this year’s Regional AAHAM meeting and Exhibitor Fair.
Come join us for a day of education and networking with peers and vendor partners.
AgEnDA08:00AM—08:45AM Registration&ExhibitorFair ContinentalBreakfast
08:45AM—09:00AM Welcome/Announcements StevenHoneywell WilliamMajor
9:00AM—10:00AM Keynote Speaker Decide: Work Smarter, Reduce Your Stress & Lead By Example SteveMcClatchy,AlleerTraining
10:00AM—10:30AM BreakExhibitorFair ExhibitorHall
10:30AM—11:15AM Lehigh Valley Hospital’s Epic Journey JeffHinkle,LehighValleyHospital
11:15AM–12:00PM HAP update on Changes Within PA JoleneCalla,HAP
12:00PM—01:00PM Lunch/NetworkwithExhibitors ExhibitorHall
01:00PM–02:00PM Cyber Fraud – Avoid Being Scammed HowardForman,PNC-PINACLE®
02:00PM–02:15PM AfternoonBreak
02:15PM–03:15PM Leading Relationships: Communicate Effectively, Build Trust, Resolve Conflict SteveMcClatchy,AlleerTraining & Lead Your Relationships
03:15PM–04:00PM ExhibitorRaffles/Drawings
Included in your registration is the opportunity to have a complimentary professional head shot taken by our photographer, Steve Aaron (Regional Sales Executive at HBCS).
Steve will be available 9am to 2pm during the seminar. No pre-registration is required! Remember to bring your professional attire to take advantage of this generous offer.
REgIonAL AAHAM MEEtIng & ExHIBItoR FAIR— REgISTRATIoN FoRM —
Please register the following individuals for the September 20, 2016 Regional AAHAM Meeting and Exhibitor Fair:
NameofOrganization/Facility ____________________________________________________________________________
nAME oF AttEnDEE _____________________________________________E-Mail______________________________
ChapterAffiliation: Keystone NE Phila AAHAM HFMA NAHAM Non-Member
nAME oF AttEnDEE _____________________________________________E-Mail______________________________
ChapterAffiliation: Keystone NE Phila AAHAM HFMA NAHAM Non-Member
nAME oF AttEnDEE _____________________________________________E-Mail______________________________
ChapterAffiliation: Keystone NE Phila AAHAM HFMA NAHAM Non-Member
nAME oF AttEnDEE _____________________________________________E-Mail______________________________
ChapterAffiliation: Keystone NE Phila AAHAM HFMA NAHAM Non-Member
Cost:AAHAMMember $ 90 MakecheckpayabletoKPAMAHFMA/NAHAMMember $ 90 Checkfor$_____________enclosedNon-Member $115
It’s easy to register and pay online. Just visit the “NEW” Keystone Chapter website at:http://www.keystoneaaham.org/
or, send your registration form and check (payable to KPAMA) to:
MARY WALLACE3KeatsRoad,Yardley,PA19067
[email protected]—Phone#215-630-6990
![Page 5: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/5.jpg)
AUGUST 2016 9 8 KPAMA JOURNAL
REgIonAL AAHAM MEEtIng & ExHIBItoR FAIRFeatured Speakers
StEVE McCLAtCHY, PresidentAlleerTraining&ConsultingSteveMcClatchyisakeynotespeaker,workshopleaderandauthoroftheNewYorkTimesBestsellerDecide:WorkSmarter,ReduceYourStress&LeadbyExample.Stevehasspokenbeforethousandsofaudiencesonthetopicsofleadership,performance,personalgrowth,andwork/lifeengagement.HisclientlistincludestheNFL,Google,Pfizer,Microsoft,Disney,NBCUniversal,Accenture,HP,DiscoveryChannel,UnderArmour,Tiffany’s,WellsFargoandCampbell’sSoup.HeisafrequentguestlecturerinmanyofAmerica’stopbusinessgraduateschoolsincludingHarvardandWharton.HehasappearedonABC,CBS,FoxNews,NBC’sTodayShowandhasbeenquotedinTheWallStreetJournal,WebMDMagazine,FastCompany,OprahMagazine,EntrepreneurandInvestor’sBusi-nessDaily.Steve’spassionisforcontinualimprovementandbelievesthatwhenwestopgrowing,learning,gainingexperienceandachievinggoalswestopliving.Steveisbestknownforhispassion,senseofhumorandenergeticpersonality.Youwillbecaptivated,motivatedandtrulyinspiredbyhisuniqueandpracticalapproachtoeffectivenessandsuccess.
JoLEnE H. CALLA, EsquireVice President of Health Care Finance and InsuranceTheHospitalandHealthsystemAssociationofPennsylvania,(HAP)Ms.CallacurrentlyservesastheVicePresidentofHealthCareFinanceandInsurancefortheHospitalandHealthsystemAssociationofPennsylvania(HAP).Inthisrole,Ms.Calladirectsallactivitiesrelatedtohealthcarefinance,includingMedicare,Medicaid,andothergovernmentreimbursementforhealthcareproviders.Herresponsibilitiesincludedetailedunderstandingandanalysisofstateandfederalbudgets,aswellasacomprehensiveknowledgeoflegislationandregulationimpactinghospitalandhealthsystemfi-nances,reimbursement,taxexemptionofnot-for-profithospitals,andhospitalcharitycareandbillingpracticesacrossthecontinuumofcare.Ms.CallafrequentlyparticipatesinnegotiationswithgovernmentagenciesandrepresentativesofoutsideorganizationsonbehalfofHAP.PriortojoiningHAP,Ms.CallaservedtheCommonwealthofPennsylvaniaforseveralyearsasBureauDirectorfortheOfficeofMedicalAssistanceProgramswhereshedirectedalloperationsandimplementedmultiplefederalandstateinitiatives.Ms.CallawastheonlypersontoleadboththeFee-for-ServiceandtheManagedCaredeliverysystems.Ms.Calla’spriorpositionsaffordherextensiveexpertiseinthehealthcareandinsuranceindustry,withaconcentrationinmanagedcare.SheworkedasaSpecialProjectsConsultantforCapitalBlueCross,astheDirectorofGroupAdministration,StrategyandProcessforCoventryHealthCareandasDirectorofMarketingandCorporateCommunicationsforKeystoneHealthPlanCentral.Ms.CallareceivedherJurisDoctoratefromtheWidenerUniversitySchoolofLaw,herMasterofArtsinCommunicationArtsfromtheNewYorkInstituteofTechnology,andherBachelorofArtsinEnglishandBachelorofArtsinCommunicationArtsfromVillanovaUniversity.
HoWARD n. FoRMAn, AAPSenior Vice PresidentPINACLE®ProductGroupManagerPNCAsoneofthenation’stoptreasurymanagementproviders,PNCoffersacomprehensivearrayofproductsandservicestobusinessesofallsizes.HowardNForman,AAPisheretosupportPNC’streasurymanagementteamindeliveringthecapabilitiesthathelpbusinessesthrive.HeisaSeniorVicePresidentandisresponsiblefortheproductmanagement,productdevelopment,security,andsalessupportfunctionsforPINACLE®–PNC’scorporateonlineandmobilebankingportal.Heisafrequentspeakeronavarietyoftopicsrelatingtotreasuryandpayments,andhasheldleadershippositionswithnationalindustryassociations,suchasNACHA–theElectronicPaymentsAssociation,andtheAssociationforFinancialProfessionals(AFP).HowardisthepastchairoftheNACHABlueRibbonPanel,isapastmemberofthePaymentsInstituteBoardofRegentsandpreviouslyservedontheAFPPaymentsAdvisoryGroup.HowardjoinedPNCin2012.HeearnedhisBachelorofSciencedegreefromtheUniversityofPittsburgh.
JEFF HInKLEAdministrator of Patient Financial Services LehighValleyHospitalJeffHinkle,CRCE-IistheAdministratorofPatientFinancialServicesatLehighValleyHospital,an1,100+acutecarebedfacilityinEast-ernPennsylvania.HehasworkedforLehighValleyHospitalfor13yearsandpreviouslyworkedfortheAARPcontractfor16years.HehasaBachelor’sdegreeinFinanceandanAssociatedegreeincomputerprograming.JeffisamemberofAAHAMandHFMA.
RogER PoREMSKY, CRCE-IChapter Board ChairpersonPATHS,LLC2010BevinDriveAllentown,PA18103 Phone:610-437-7144 Mobile:484-614-4880 Email:[email protected]
BILL MAJoR, CRCE-I, CRCS-IChapter PresidentWellspanHealth1001S.GeorgeSt.York,PA17405 Phone:717-812-3907 Mobile:717-586-1523 Email:[email protected]
LISA LAudEMAN, CRCE-I/CRCE-PChapter Vice PresidentEducationCommitteeChairpersonPennsylvaniaPsychiatricInstitute2501NorthThirdStreetHarrisburg,PA17110-2098 Phone:717-782-4783 Mobile:570-449-0560 Email:[email protected]
MARY WALLACEChapter TreasurerHRSIFederalReserveBankBuilding100N.IndependenceMallW.Suite5NWPhiladelphia,PA19106 Mobile:215-630-6990 Email:[email protected]
KIM RAFtERYChapter SecretaryHRSIFederalReserveBankBuilding100N.IndependenceMallW.Suite5NWPhiladelphia,PA19106 Phone:215-391-4834 Mobile:610-715-1523 Email:[email protected]
IREnE PARKSElected Board MemberChapterCorporatePartnersChairpersonFinancialRecoveries200EastParkDriveMt.Laurel,NJ08054 Phone:856-669-2270 Mobile:267-334-5018 Email:[email protected] MARY BETH MCMENAMIN, CRCS-IElected Board MemberLegislative Committee Chairperson LehighValleyHealthNetwork2100MackBlvd,4thFloorAllentown,PA18103-5622 Phone:484-884-2671 Mobile:484-225-7213 Email:[email protected]
DALE BRuMBACHChapter Membership ChairpersonGolf / Social Committee ChairpersonPennCreditCorporation916S.14thStreet,POBox988Harrisburg,PA17108-0988 Phone:800-720-7293,Ext.3433 Mobile:717-329-8695 Email:[email protected]
CARoLYN BRoWN, CRCE-IChapter Certification Committee Chairperson Philhaven283S.ButlerRoad,POBox550Mt.Gretna,PA17064-0550 Phone:717-270-2460 Mobile:717-926-3570 Email:[email protected]
KRISTY PIPHER-RICHMoNdChapter Ways and Means ChairpersonCommercialAcceptanceCompany2WestMainStreetShiremanstown,PA17011 Phone:717-901-4557,Ext.214 Mobile:717-503-2821 Email:Kprichmond@ commercialacceptance.net
KIM SuMMERLotChapter Journal EditorNRAGroup,LLC2491PaxtonSt.Harrisburg,PA17111 Phone:1-800-360-9953,opt.1,ext.3071 Mobile:717-571-2726 Email:[email protected]
SuE FASNACHT, CRCP-I, CRCS-IBoard Member WellspanEphrataCommunityHospital446N.ReadingRoadEphrata,PA17522 Phone:717-733-5902 Mobile:717-490-2386 Email:[email protected]
REBECCA HARTRANFT, CRCP-I, CRCS-I/CRCS-PBoard MemberWellspanEphrataCommunityHospital446N.ReadingRoadEphrata,PA17522 Phone:717-733-5928 Mobile:610-960-7017 Email:[email protected]
dEB STERLINg, CRCE-IBoard MemberNRAGroup;EBOSolutions,LLC2491PaxtonSt.Harrisburg,PA17111 Phone:800-360-2998,Ext.3902 Mobile:717-512-5322 Email:[email protected]
RICHARD oLMStEADEducation Committee MemberMedClaimsInternational700TurnerIndustrialWay,Suite210Aston,PA19014 Phone:610-494-7505,Ext.100 Mobile:302-562-5256 Email:[email protected]
SHARon tAuBEEducation Committee MemberKeyMedPartners/BAM3607RosemontAvenue,Suite401CampHill,PA17011 Phone:717-000-0000 Mobile:717-712-5296 Email:[email protected]
Keystone AAHAMBoard of Directors 2016
![Page 6: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/6.jpg)
10 KPAMA JOURNAL AUGUST 2016 11
Please follow/join our social media pages!www.keystoneaaham.org
Prevent Healthcare Phishingby Strengthening Employee Training
By Dylan Sachs of BrandProtect
Healthcare phishing attacks have increased in frequency, but there are several ways organizations can take control and improve their data security measures. Cybercriminalsviewthehealthcareindustryasaprimetar-get.Justthisyear,wehavewitnessedhospitalslikeHollywoodPresbyterianMedicalCenter,MedStarHealth’sUnionMemo-rialHospital,inBaltimore,Maryland,andMethodistHospitalinHenderson,Kentuckymakeheadlines,astheyfellvictimtocyberattacks.
TherecentVerizonDataBreachInvestigationsReport(DBIR)sawransomwareattacksrise16percentoverallthisyear.Andac-cordingtoanewstudybytheBrookingsCenterforTechnologyInnovation,23percentofalldatabreachesoccurinhealthcare,triplingoverthelasttwoyearsalone.
RecentresearchbythePonemonInstituteandBrandProtectpolledsecurityteamsandleadingenterprisesonexternal(Inter-net-based)threats,suchasphishingandmobile-basedschemes,andemployeeorexecutivemasquerades.Thesethreatsarepervasiveandserious.Onaverage,the505enterprisessurveyedwerevictimizedmorethanonceamonth,andspentanaverageof$3.5millionannuallytorecoverandremediatetheseattacks.
PREVEntIng MoDERn HEALtHCARE PHISHIng AttACKSItisclearthatthecriminalsareimprovingtheirtechnique,soitisessentialthathealthcareCISOsuptheirgame,too.What’sneededtosucceedinthisbattleagainstcybercriminals?Threesimplethings:
Search out cyber threats beyond the perimeterWhilenetworkandendpointmonitoringshouldneverbene-glected,thereisanopportunityforCISOstogetaheadofmanycyberattacksbyproactivelysearchingforandmitigatingonlineactivitythattargetstheinstitution.Thelistofmalevolentactivi-tiesisalongone–forexample,thecriminalsmaybeimperson-atinghospitalorinsuranceexecutivesthroughduplicateonlineprofilesatLinkedIn,FacebookorTwitter.Thesemasqueradingprofilesareusedtogatherlinksandconnectiontorealpeoplewithintheinstitution,allowingthecriminalstonotonlybuildadatabaseofinternalcontacts,butgivingthema“legitimate”meanstoreachout.Theremaybeunauthorizedusergroupsthatfalselyappeartorepresenttheinstitution.Theremaybedomainsthatmimictheactualdomainofthehospitalorinstitu-tion.Completeexternalcybermonitoringwillalsoprovideyouwithevidencethatyouhave(orhavenot)beenbreached.Bymonitoringblackmarketactivity,youwillbeabletoseeifyourpatientrecordsarebeingofferedforsale.
Monitor domain registrations and MX recordsBymonitoringnotonlycopycatandsimilardomains,butbyalsotrackingtheMXrecordstatusofthosedomains,CISOs
canproactivelyblockpotentialspearphishingorBECattacks.Cybercriminalsplayacatandmousegamewithdomains–theyregisteroractivateanemail-capabledomainjustbeforetheylaunchtheirattack,anddiscardthedomainaftertheystrike.Inthemostsophisticatedcases,theseattackdomainsareonlyon-linefor24to72hours.Toemail-enableadomain,thecriminalssimplyactivatethedomain’sMXrecord,whichidentifiesthatdomainasemailcapable.WhentheMX-recordofacopycatorsimilardomainisactivated,thatdomainbecomesapotentiallaunchplatformforaBECortargetedemailattack.Tostopanattackbeforeitbegins,CISOsshouldimplementfull-scaledo-mainmonitoringwithintegratedMX-recordmonitoring.Whenapotentialattackingdomaincomesonline,CISOscanblockemailsfromthatIPaddressorplacethatdomainontheirlistofuntrusteddomains.
Educate employees and membersCISOsshouldtakestepstomakesurethatcyberthreataware-nessandsecuritybestpracticesaretopofmindforallem-ployees,doctors,andnetworkmembers.Aninformeduserismuchlesslikelytobevictimizedbyaroguemessage.Quarterlyreminders,orbetter,monthly,aboutphishingandspearphish-ingdangers,ortheperilsofdownloadingmobileapps,cangoalongwaytoprovidingonelastlineofdefensefororganizations.Theseremindersshouldalsooffersomeclarityonwhatthere-cipientsshouldexpectfromtheorganization,inthewayofdatarequests–anythingout-of-the-ordinaryshouldbequestionedimmediately.SomeofthemostpopularwaysCISOstrytohelptheirconstituenciesbecomethreat-hardenedincludenewslet-ters,webinars,lunchtimesessions,andactualinboundphishingtests.Inaddition,newemployeeonboardingprogramsshouldincludeamoduleoncyberthreatawareness.Inthebestcases,theseeducationalprogramsbecomeaninstitutionalpriority,withexecutivesuitesponsorshipandparticipation.
WHY HEALTHCARE?Healthcareorganizationsarealargetargetformanyreasons.EHRsincludethepersonal,family,andbillinginformationoftheirpatients.TheyarevirtuallycompletepersonalidentityportfolioswithSocialSecuritynumberslinkedtonamesanddatesofbirth,parents’names,maidennames,physicalandemailaddresses,children’snames,and,insomecases,completeinformationofclosefriends.
Ontheblackmarketforstolenrecords,healthrecordscom-mandthehighestpremium,becausecybercriminals,armedwiththecontentsofEHRs,haveeverythingtheyneedtoapplyforcreditcardsormortgages,submitstateandlocaltaxreturnsandmore,devastatingthelivesoftheindividualswhoseidenti-tieswerestolen.
Additionally,theavailableattacksurfaceinthehealthcarein-dustryisverycomplex,andnotuniformlysecure.Twotrendsinthehealthcareindustry-themovetoEHRsandtheevolutionof
subspecialiststhatfunctionasindependentcontractors-havecombinedtocreateanelectroniclandscapethatdefiesdescrip-tion.
Atypicalhealthcareeventcaninvolvedozensofinstitutionsandservicessubcontractors,eachoneusingitsownbillingandrecord-keepingsystem,whilestillrequiringfullaccesstotheEHR.Ofcourse,thisamalgamatednetworkischallengingtomaintain,andnotsurprisingly,itcreatesmassiveopportunitiesforcompromise.
Finally,healthcareenterprises,hospitalsandcaregivingorgani-zationsespecially,dependonuninterruptedoperations.Hospi-talsandregionalmedicalcentersarecriticalresources.
Whenahospitalorregionalmedicalcenterfindsthattheiroperationsareinterrupted,gettingtheirsystemsbackonlineinstantlybecomesthetoppriority.Itcanliterallybeamatteroflifeanddeath.Andtoanindividualorafamily,accesstohealthcareisoneofthemostimportantassetstheycanhave.Itgoeswithoutsayingthatwhensomeonegetsamessagethatsuggeststheirhealthcarecoverageisatrisk,itgetstheirfullattention.
Fundamentally,thecybercriminalshaveonesimplegoal.Theyonlyhavetoconvinceonepersonthattheirfakeemailmessage,theircopycatwebsite,ortheirbogustweetisreal.Theyonlyneedonepersontofallfortheirscaminordertoprofit.
Andcybercriminalsaregoodatthat.Theyareincreasinglyorga-nized,andtheirschemingmessagesarenearperfectduplicatesoftherealthing.Theyhaveincorporatedsocialengineeringtotargettheirmessagesmoreaccurately.Today,thebadguyshaveevolvedtheirgamefarbeyondsimplephishing.
Moderncybercriminalsnowemploysocialengineeringtotargettheirattackscarefully,leveragingpubliclyavailabledataaboutprofessionalnetworks,usingLinkedIn,Spokeo,Hoovers,Dis-coverORG.comandotherpubliclyavailableresources,tocreateplausibleemails.
Theseemailsaredesignedtocomefromexecutiveswhoareknowntotherecipientsandsometimescovercurrentbusinessorindustryissues,withaneeriefamiliarity.Thisgreatlyraisesthelikelihoodthatrecipientsoftheseemailsclickonthelink,oropentheattachment,springingthetrap.Accordingtothelatest
VerizonDBIR,30percentofallphishingemailsareopenedbytheirtargetsand12percentactuallyclickonthedangerouslinkorattachment.
StRong LEADERSHIP IS nEEDEDAccordingtothePonemonsurvey,HealthCare/Pharmasecurityprofessionalsreportedthattheywerethesecond-mostoftenattackedindustry(justbehindfinancialservices)andtheiran-nualspendingwaswellabovetheaverage,equalingalmost$3.9millionperyear.Despitethisattackvolume,healthcare/pharmasecurityteamstrailedallotherindustriesintermsoftheen-gagementoftheirseniorsecurityleadershiparoundexternalthreatsandcreatingaprocessfordealingwithexternalthreatmonitoring,analysisandmitigation.
Cyberattacksagainstthehealthcareindustryareontherise.Theurgencyaroundtheoperationalintegrityofhealthcareinfra-structure,plustheuniquevalueofEHRsandotherhealthdatameansthatthereisnoendinsightfortheseattacks.
Ransomwareisgainingnotoriousheadlines,butmalwareattacksandotherincursionsthatleadtobreachesarealsoincreasinginfrequency.CISOshaveopportunitiestostayastepahead.Educationalprogramsfordoctorsandstaffmembersarecritical,buttheyarenotenough.
Proactivecybermonitoring,particularlyaroundMX-recordacti-vation,canhelptoslowthemostdangeroussociallyengineeredattacksfromeverreachingtheirintendedtarget.
Dylan Sachs directs Identity Theft and Anti-Phishing efforts at BrandProtect. He works directly with leading financial institu-tions, healthcare providers and Fortune 500 enterprises to help CISOs and security teams deploy better defenses against modern email and identity theft attacks, including BEC attacks socially-engineered exploits. Sachs also leads the BrandProtect Incident Response Team.
Prevent Healthcare PhishingContinued from Page 10
~ PASS IT ON! ~DoyouknowsomeonewhowouldliketoreceivetheKPAMAJournal?Emailinfo@KeystoneAAHAM.orgwiththeindividual’sname,companyandcontactinformationorvisitourwebsiteatwww.keystoneaaham.organdfollowthelinktoJoin Keystone AAHAM’s Email List.
GET PubLiSHEd!Wearealwayslookingforarticlesfromourmembers.Doyouhaveanarticleonacurrentfinancialhealthcaretopic?Pleasesendtowmajor3@wellspan.org.Articlesshouldbelessthan800wordsandsubmittedinaWorddocument.
Continued on Page 11
![Page 7: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/7.jpg)
12 KPAMA JOURNAL AUGUST 2016 13
NYUmedicalstudentsareexposedtode-identifiedinforma-tionsotheycanlearnhowtoanalyzedataandcomeupwithhypotheticaltreatmentsforpatientsbeforetheyhithospitalfloors.Theyalsogenerallyfollowtwotothreespecificpatientsatanypointduringrotations,buttheycan’tcontinuetomoni-torpatientsandseehowtheirtreatmentsplayoutovertime.
Dr.FritzFrancois,NYULangoneMedicalCenter’schiefmedi-calofficer,wouldliketoseeNewYorkUniversitySchoolofMedicineusemorereal-timedatatobetterpreparestudentsfortherealworldofpopulationhealthmanagementthey’reabouttoenter.
HIPAA,thelawthefederalgovernmentusestopolicetheprivacyandsecurityofthenation’shealthinformation,isstandingintheway,hesaid.
Thatlaw—theHealthInsurancePortabilityandAccountabilityAct—isturning20,andsomepeoplemaywonderifit’suptothejobin2016andbeyond.
ThefrustrationFrancoisexpressedillustratesoneofthemanyconundrumsposedbyHIPAAanditsregulationsinanagewhenthehealthcareindustryiscountingonthefreeflowofdatatorevolutionizehowcareisdeliveredandpaidfor.
PresidentBillClintonsignedthelawAug.21,1996—aroundthesametimetheWorldWideWebandemailwerestartingtotakeholdinAmericanlife.HHSandCongresshaveworkedtotransformandupdatethelaw—initiallycreatedtomakeit
easierforAmericanstokeephealthinsurancecoverage.Inthedecadessinceitwasenacted,electronichealthrecordshaveeclipsedpaper,andhealthinformationisbeingcollectedandtransmittedinwaysthelawdoesn’treach.
Andinspiteofthelaw,healthcarehasseenadrumbeatofmassivedatabreaches.AcyberattackdisclosedjustweeksagobyBannerHealthcompromisedtherecordsof3.7millionpeople.Inaddition,therehavebeenrecentepisodesofcrimi-nalsseizinghospitalEHRsystemswithmalwareanddemand-ingransomtounlockvitalmedicaldata.
Hundredsofthefts,lossesandothermishapswithpaperandelectronicpatientinformationhavebeendisclosedtoHHSeachyearsincemandatoryreportingtookeffectin2009,andthebreachesofteninvolveasprawlingarrayofvendorsthatdobusinesswithhealthcareprovidersandinsurers.
HHS’OfficeforCivilRightshasbeenquiteactivelatelyinHIPAAenforcement,reachingadozensettlementsinthecur-rentfiscalyearcomparedwiththreeinfiscal2015.
Theapparentcrackdownhasledtoalotofanxietyamonghealthcareproviders,especiallysmallentitiesthatdon’thavethestaffingortechnologycapabilitiestokeepupwithanever-changingworldofcybersecuritywhereeveryoneisworriedaboutthenextattack.
“Ithinktofightoffthosekindsofattacksrequiresanincreas-ingsophisticationthatisn’tnecessarilyaffordableforallproviders,”saidMarkSwearingen,anattorneyatHallRenderKillianHeath&Lyman.“Theydowhattheycantogetasecuresystemsetup.”
CoveredentitiesandbusinessassociatesalsomaynotbeawareoftherequirementstheymustmeettobeHIPAA-com-pliant.AlthoughHHSproducesguidanceforthecomplexwebofregulations,manybusinesses’HIPAAriskanalysisprogramsaren’tbroadenough,Swearingensaid.
MostcompanieshaveconductedriskanalysisoftheirEHRsystemsaspartofthefederalincentiveprogramforusingthetechnology,butHIPAAactuallyrequiresa“comprehensiveenterprise-wideriskanalysis”thatlooksintoallsystemsthattouchprotectedhealthinformation,includingbillingsystemsandemail.
DevenMcGraw,wholeadsthehealthinformationprivacydivisionattheOfficeforCivilRights,saysthehighervolumeinHIPAAsettlementsdoesn’tnecessarilyshowanupwardtrendinHIPAAenforcementactions.
“Eachcaseisexamined,andtheinvestigationsdevelopbasedonthefacts,”McGrawsaid.“Theultimatepenaltythatcouldbepursuedthatisthebasisofthesettlementdiscussionde-pendsontheconductinvolved.”
Evenwithrecordsettlements,therearegrowinggapsinthelaw’sprotections.Forexample,wearablemobiledevices,consumer-facingmobileappsandsocialmediaaren’tgener-allycoveredbyHIPAA’sprivacyandsecurityprotections,saidJodiDaniel,apartnerinthelawfirmCrowell&Moring.AndtheapplicationofHIPAAisambiguous,shesaid,forservicesthataren’tbilledtohealthplansorotherpayers,includingmanytelehealthservicesandcareprovidedbyso-calledcon-ciergepractices.Theseswathsofthehealthcarelandscapearesuretogrow.
“Ithinkthatgapposessignificantproblems,”saidDaniel,previouslywaspolicydirectorinHHS’OfficeoftheNationalCoordinatorforHealthInformationTechnology.“Eventhesameinformationheldindifferentplacesmayhaveprotec-tionsinoneplaceandnotanother.”
McGraw,however,praisedHIPAAforcoveringtheenviron-mentitwascreatedtoaddress20yearsagowhilebeingflexibleenoughtoadapttodramaticchangesintheindustry.“Ithinkitgoestoshowthatwe’reopenandwillingtoaddressthequestionsthatarearisingoutthereinthefield,nomatterhowsmallorhowbigtheyseem,”shesaid.
TheOfficeforCivilRightsisjuststartingitssecondwaveofauditsofcoveredentities,andthefirst-everauditoftheirbusinessassociates,whichbecamedirectlyliableunderHIPAAin2013.“WhatI’mhopingwe’llseeismoreexamplesofcom-pliantorganizationsthaninphaseone,”McGrawsaid.
Ultimately,accordingtosome,theOfficeforCivilRightsdoesnothavethebudget,stafforpowertobroadlyenforceHIPAA’s
At 20, is HIPAA hitting its stride, or is it over the hill?By Erica Teichert
privacyandsecurityprovisions,leadingmanyprovidersandbusinesspartnerstoinstallinadequatesystemsandproto-cols.“HIPAAisafalsepromise.Itgivesustheillusionthatourprivacyisprotected,butwithoutanyenforcementmecha-nismthatprotectionislargelyhollow,”saidNealEggeson,anIndianapolis-basedattorneywhospecializesinprivacylaw.“Theemperorhasnoclothes.”
ButdramaticallyincreasingtheOfficeforCivilRights’budgetwouldn’tdriveproviderstotakedatasecuritymoreseriously,Eggesonsaid.Congressneedstocreateaprivatecauseofac-tiontoallowvictimstosuewhentheirdataiscompromised,hesaid.“Overnightyouwouldseecoveredentitiesstarttotakerealstridestowardsimprovingpatientprivacyprotec-tion.”
Victimsofbreacheshavepursuedclass-actionlawsuits—onewasfiledlastweekagainstBanner—butjudgeshavegener-allybeendubiousoftheargumentthattheheightenedriskofidentitytheftconstitutesdamages.
Nevertheless,justthefearofrunningafouloftheregulationsisoftenblamedforstiflinginnovation,suchasNYU’sattemptstoinfusemedicaleducationwithdata-drivenhealthcaredeliv-ery.
Whilehestillwantspatientstoretaintheirprivacy,Francoissaidrelaxingsomerestrictionsonthesharingofpatientdatawithstudentscouldsubmergetheminmanagingpopulationhealthfromthebeginningoftheirtraining.“That’sreallyhowweshouldbemovingintermsoftrainingthenextgeneration,”hesaid.
Continued Next Page
HIPAA Continued from Previous Page
![Page 8: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/8.jpg)
14 KPAMA JOURNAL AUGUST 2016 15
Keystone Corporate partners
Your participation in the Corporate Partner Program enables the Keystone Chapter to continue providing a forum
for the education of our members as well as opportunities to meet and network with our friends and associates
throughout the Chapter!
pLatInUM pLUs — $1,500
HRSIBureauofAccountManagement
KeyMedPartners
NationalRecoveryAgencyEBOSolutions
pLatInUM — $1,000
CapioPartnersCommercialAcceptanceCompany
ArcadiaRecoveryBureauFinancialRecoveries
ProCoPennCredit
CreditManagementCompany
Thank You!
GoLD — $750
CreditBureauofLancasterTheROICompanies
sILVer — $500
SunStoneConsultingMedClaimsInternational
PATHSEMCSoft
BreaK — $250
FirstCredit,Inc.CentralCreditAudit
![Page 9: KPAMA Journal - StarChapter · 2016-08-30 · 2 KPAMA JOURNAL AUGUST 2016 3 Hello Keystone! What an exciting year 2016 has been. As our national office is Raising the Level, we at](https://reader033.vdocuments.us/reader033/viewer/2022060323/5f0db10a7e708231d43b9baa/html5/thumbnails/9.jpg)
16 KPAMA JOURNAL AUGUST 2016 17
NationalAAHAMLegislativeDayswereMonday,April25thandTuesday,April26thinWashingtonDC.PennsylvaniahadthelargestnumberofAAHAMmemberspresentagainthisyear!ThereweretwoscholarshipsawardedthisyearfromourKeystoneChapter.NancyEsterlyandLaurieSteffyweretheluckywinners.Togetheralongwith100otherAAHAMmembersfromacrosstheUnitedStateswewereabletovisitournationsSenatorandRepresentative’soffices.NationalAAHAMarrangespersonalmeetingswithmembersoftheUSSenateandourHouseofRepresentativestoshareourconcernsaboutissuesthatcouldimpactus.Thisyear,PennsylvaniaAAHAMmembersmetwithSenatorToomeyandSenatorCasey’soffice.TherewereseveralRepresentativeofficesavailableformemberstomeetwith.Theseofficesincluded;TimMurphy,CharlesDent,MichaelFitzpatrick,PatrickMeehan,RyanCostello,ScottPerryandRobertBrady.
What a learning opportunity…… thanks AAHAM for making it possible!A great time with great people!
the topics that we brought to the table this year were, the HIP Act (Hospital Improvements for Payment) and HR2156 - the Medicare Audit Improvement Act.TheimplementationoftheAffordableCareAct(ACA)changedmanyoftheprocessesregardinghealthcare,creatingalargerdebateonhealthcaresystemsandtheirefficiency.Throughthisdebate,manyissueshavebeenuncoveredwithvariousaspectsofMedicare,especiallyaboutpayment.TheHIP ActwascreatedinresponsetopaymentissuesthatexistwiththecurrentMedicarepaymentsystems,suchastheissuesbetweenpaymentsystems,thecurrentdefinitionsofashortstay,theproblemsassociatedwiththetwo-midnightpolicy,andreformtotheRecoveryAuditContractors(RAC)program.ThesecondtopicwasHR 2156- The Medicare Audit Improvement Act.TheRACprogramwascreatedtoidentifyandrecoverimproperMedicareoverpaymentsandunderpaymentstohealthcareproviders.Hospitalshaveseenalargeincreaseintheamountofdocumentsbeingrequested.
IsthereatopicthatyouwantcoveredattheKey-stonemeetings?Isthereaspecificspeakerthatyouwouldliketohear?Letusknow!
Theseareyourmeetingsandwewanttoknowwhatpresentationsyouwanttosee.Isthereafavoritespeakerfromthepastthatyouwouldliketohearfromagain?
[email protected](BillMajor)[email protected](ChristineIfft)andletusknowpotentialtopics,speakers,orrepeatper-formances.
TOPiCS
~ ABOUT US ~The purpose of the Keystone Chapter
shall be to:A. Promoteandencouragetherecognitionof
healthcareadministrativemanagementasanintegralpartofthefinancialmanagementwithinhealthcareproviderorganizationsandthroughoutthehealthcareindustry.
B. Encouragetheimplementationofeffectiveandefficientbusinessandreceivablesmanagementpoliciesandproceduresinalltypesofhealthcareproviderorganizationsandthroughoutthehealthcareindustry.
C. Stimulateandencourageanexchangeofinformationamongthemembership.
D. Developandencouragetheimplementationofprogramsforthepurposeoffurtheringtheeducationandincreasingtheknowledgeofthemembershipinthehealthcareindustry.
E. Developandimplementsuchprogramsasmayaddtotheknowledgeandencouragethedevelopmentofpersonsnewtothehealthcareindustry.
F. Establishnon-discriminatorystandardsofperformanceandprofessionalconductforpersonswhoparticipateorareinvolvedinhealthcareadministrativemanagement,includingthemanagementofpatientaccountsofanyhealthcareproviderorganizationorrelatedfieldconductingbusinessinthehealthcareindustry.
g. Promotethehealthcareprofessionbycooperatingwithotherhealthcareorganizations,institutionsandrelatedagencies,thirdpartypayers,andthegeneralpublic.