So we thought we’d start an ongoing collection–that is, one that is updated to reflect trends and changes–of the best resources for teaching with the iPad.
This will include resources from all of the best sources, from Apple’s own stuff to TeachThought to edutopia to MindShift to DMLCentral to Jackie Gerstein and more. We can update it, or make it a wiki to crowdsource the process, or you can add suggestions in the comments below. Based on the activity of the comments, and the sharing of the post, we’ll decide how to handle it moving forward.
The Office of the National Coordinator (ONC) released the revised “Guide to Privacy and Security of Electronic Health Information”April 13 to help organizations integrate federal health information privacy and security requirements.
The guide is geared toward HIPAA covered entities and Medicare eligible professionals from smaller organizations. The updated version features information about compliance with the privacy and security requirements of CMS’ Electronic Health Record (EHR) Incentive Programs as well as compliance with HIPAA Privacy, Security, and Breach Notification Rules.
The guide covers such topics as:
Increasing patient trust through privacy and securityProvider responsibilities under HIPAAHealth information rights of patientsSecurity patient information in EHRsMeaningful Use core objectives that address privacy and securityA seven-step approach for implementing a security management processBreach notification and HIPAA enforcement
In a landmark 2005 Harvard Business Review article, USC business professors Warren Bennis and James O’Toole argued that the skills imparted by most business schools were not relevant to students and their eventual employers.
Premera is the third largest health insurer in Washington State, and was hit with a cyber attack initiated on May 5 of last year. The Premera attack exposed the personal information of as many as 11 million current and former clients of Premera across the US. While Premera noted on January 29 of this year - the day the data breach was discovered - that according to best information none of the personal data had been used surreptitiously, the fact remains that the data mined by cyber attackers is exactly the kind of information useful for perpetrating identity theft.
To that end, it has been reported that the cyber attackers targeted sensitive personal information such as names, dates of birth, Social Security numbers, mailing addresses, e-mail addresses, phone numbers, member identification numbers, bank account information, and claims and clinical information.
As for why the attack was not discovered for some eight months, Premera has said little. However, the breadth of the attack - affecting some 11 million people - and the delay in discovering the breach (initiated May 5, 2014 and revealed January 29, 2015) will likely provide much fodder for Premera cyber attack lawsuits.
According to the Puget Sound Business Journal, the New York Times had suggested the Premera cyber attack may have been perpetrated by the same China-based hackers who are suspected of breaching the federal Office of Personal Management (OPM) last month. However, the VP for communications at Premera, Eric Earling, notes there is no certainty the attack originated in China.
“We don’t have definitive evidence on the source of the attack and have not commented on that,” he said. “It continues to be under investigation by the FBI [Federal Bureau of Investigation] and we would leave the speculation to others.”
That said, it has been reported that the US government has traced all of these attacks to China.
Recent data breach attacks, including the Vivacity data breach and Connexion data breach, are reflective of a shift in targets, according to cyber attack experts. The attacks to the data systems of the federal OPM notwithstanding, it seems apparent that hackers are increasingly shifting their targets to health insurers in part due to the breadth of information available from the health records of clients.
The goal of cyber attackers in recent months, according to claims appearing in the New York Times, is to amass a huge trove of data on Americans.
Given such a headline as “Premera Blue Cross Reports Data Breach of 11 Million Accounts,” it appears they have a good start. While it might be a “win” for the hackers involved acquiring such data surreptitiously and illegally, it remains a huge loss in both privacy and peace of mind for millions of Americans who entrust their personal information to insurance providers, who, in turn, require such information in order to provide service. Consumers and clients also have historically assumed that such providers have taken steps to ensure their personal information is secure.
When it isn’t - and it takes eight months for a cyber attack to be identified - consumers have little recourse than to launch a Premera cyber attack lawsuit in order to achieve compensation for the breach, and as a hedge for the possibility of ample frustration down the road were the breach to evolve in a full-blown identity theft.
To that end, five class-action data breach lawsuits have been filed in US District Court for the District of Seattle. According to reports, two of the five lawsuits allege that Premera was warned in an April 2014 draft audit by the OPM that its IT systems “were vulnerable to attack because of inadequate severity precautions,” according to the text of the lawsuits.
Tennielle Cossey et al. vs. Premera asserts that the audit in question, “identified… vulnerabilities related to Premera’s failure to implement critical security patches and software updates, and warned that ‘failure to promptly install important updates increases the risk that vulnerabilities will not be.’
“If the [OPM] audit were not enough, the events of 2014 alone should have placed Premera on notice of the need to improve its cyber security systems.”
Moving forward, Premera Blue Cross data breach lawsuits are being consolidated into multidistrict litigation, given the number of Americans affected and their various locations across the country. An initial case management conference has been scheduled for August 7.
Healthcare providers are accustomed to the privacy and security rules contained within the Health Insurance Portability and Accountability Act (“HIPAA” or the “Act”) – particularly as they apply to the careful management of patient information. On April 24, 2015, the Health and Human Services Office for Civil Rights (OCR) issued important guidance regarding HIPAA’s application to employee health and wellness programs. OCR is responsible for enforcing the Act’s privacy and security rules.
The HIPAA privacy and security rules generally apply to “covered entities” – defined as (1) A health plan; (2) A health care clearinghouse; or (3) A health care provider who transmits any health information in electronic. The rules also apply to “business associates.” The Act is most often associated with medical records generated by a health care provider. An employer – solely by hiring and paying an employee – is not impacted by the obligations of the Act. In general, the Act does not apply to an employee’s employment records.
OCR’s recent guidance addresses two important issues: 1) when does the Act extend to an employer’s health and wellness program; and 2) when may a health plan provide a sponsor employer with access to a participant’s protected health information (PHI).
The recent guidance makes clear that the application of the Act depends upon the structure of the employer’s health and wellness plan. Note that a health plan is a “covered entity” and is subject to the Act. OCR noted that a health and wellness program that is offered to employees as part of the employer’s health plan benefit is covered by the Act and its rules. A health and wellness program that is not part of a health plan is not covered by the Act and its rules – though other federal and state laws may apply to protect the confidential nature of such information.
In many instances, an employer (as the health plan’s sponsor) may administer the health and wellness program (among other elements of the plan). A health plan (a “covered entity” and subject to the Act) may provide an employer-sponsor access to an employee’s health information under limited circumstances where the employer-sponsor is involved in administering the program. In particular, the employer-sponsor may provide access to the employee’s PHI only to permit the employer-sponsor to perform its administrative functions and agree to modify its plan documents and certify that it will:
Establish adequate separation between employees who perform plan administration functions and those who do not;Not use or disclose PHI for employment-related actions or other purposes not permitted by the Privacy Rule;Where electronic PHI is involved, implement reasonable and appropriate administrative, technical, and physical safeguards to protect the information, including by ensuring that there are firewalls or other security measures in place to support the required separation between plan administration and employment functions; and report to the group health plan any unauthorized use or disclosure, or other security incident, of which it becomes aware.
Health plans and employers (particularly those within the health care industry where HIPAA awareness is already high) should be prepared to proactively address the protection of and access afforded to an employee-participants’ PHI. In addition, since the health plan (as a “covered entity”) has specific obligations related to any PHI breach, health plan and employer-sponsor should carefully and thoroughly review the privacy and security protection provided to all employee-participant PHI.
If an employee-sponsor does not perform administrative functions on behalf of the health plan, access to an employee-participant’s PHI is further limited. In particular, in such instances, the health plan may only disclose: 1) information on which individuals are participating in the plan or enrolled in the health insurance issuer or HMO offered by the plan; and 2) summary health information to the extent requested for purposes of modifying the plan or obtaining premium bids for coverage under the plan.
Mind mapping is a great way to brainstorm, make a plan, or turn ideas into the steps needed to make it real. Thankfully, there are great tools out there to help you build mind maps, organize them, and save them for later.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.