Posted by Julia Foster on April 14, 2017 in Blog
Spring brings Easter and like most holidays there are ICD-10 for the occasion, keep an eye out for these codes:
R73.9- Hyperglycemia, unspecified
You might be needing this code after eating an Easter basket full of chocolate and jelly beans.
W01.0XXA- Fall on same level from slipping, tripping and stumbling
One of the greatest Easter pastimes is egg hunts. Be careful, you don’t slip, trip or stumble while looking for the golden egg.
F40.218- Animal type phobia
Face it, kids aren’t the only ones afraid of the giant bunny at the mall.
Z91.012- Allergy to eggs
If you didn’t know it before, you might discover this allergy.
W61.33XA- Pecked by chicken
Baby animals, including chicks, are icons of Easter.
Posted by Julia Foster on April 6, 2017 in Blog
March 2017 Cyber Security Summary
March has been the most eventful month for healthcare cyber security since the beginning of the year. With 27 individual breaches, the number of records compromised in March was more than triple the number of records compromised in January and February combined! Some of the most notable breaches include a former employee stealing records, a ransomware attack, and a phishing scam.
What Happened in March
Cyber Security Breaches in 2017:
So far in 2017, there have been 410 total data breaches, and 99 of those have been healthcare related. There have been 6,862,337 total records compromised this year, with 22% of them being in the healthcare industry.
Notable breaches in March:
2017 Largest Data Breach
With almost 700,000 records compromised, a Kentucky healthcare facility had the largest healthcare data breach this year. The breach occurred when a former employee obtained, without authorization, patient information on an encrypted CD, and encrypted USB drive. The information on the drive included names, addresses, Social Security numbers, and insurance information. The investigation indicates that she “intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to the hospital.”
A medical center in Austin notified nearly 300,000 of their patients of a data breach incident that took place at their facility. The breach was caused by a ransomware attack on the system, luckily the attack was detected early, so it did not cause too much harm to the system. However, the hackers still had the potential to access names, addresses, dates of birth, Social Security information and medical information. Many times these types of attacks are not intended to misuse the patient information, but to lock the hospital out and force them to pay a ransom to regain access. The medical center still decided to provide identity theft monitoring services as an extra caution for patients.
A number of employee email accounts were compromised at a hospital in Washington due to a phishing attack. Phishing emails are sent in attempt to trick users into revealing sensitive information. In this case, the hackers were able to gain access to over 80,000 patient’s information. The attack was not realized for more than seven weeks after it occurred giving the attackers lots of time to access or steal information. The hospital has notified the patients who were affected and is also taking steps to reeducate their employees on the dangers of phishing emails.
Posted by Julia Foster on March 24, 2017 in Blog, News
Health Information Professionals Week is March 26th – April 1st, 2017! In honor of HIP week, Excite Health Partners will be hosting HIP Week ‘Fill in the Code’ Challenge. Enter each day for your chance to win a $10 gift card or the grand prize, pictured below!
Each week day during HIP Week at 3:00 pm (EST), we will post a joke on our Facebook, Twitter and Instagram pages with one word missing. The missing word will be replaced with an ICD-10 code. You can participate by telling us what the missing word is. Each daily winner will receive a $10 gift card to their choice of Dunkin’ Donuts, Starbucks or Panera Bread. All correct answers will be submitted into a drawing for the daily prize and all daily entries will be combined for the grand prize drawing. The grand prize winner will be selected April 3rd at 3:00 pm EST.
To enter the contest message us your answer. Answers must be sent before the following day at 3:00 pm EST when the next joke is posted. You may only answer once a day, but you can receive up to 3 additional daily entries by tagging friends in daily posts (1 entry per tagged friend and the same friend cannot be tagged more than once). Make sure you like our Facebook page, following us on Twitter and follow us on Instagram. Good Luck! Email email@example.com if you have any questions!
The grand prize, which is pictured above, includes a Vera Bradley beach tote, Kate Spade sticky note set, a waterproof Bluetooth speaker, beach towel, Essie spring mini collect, Starbucks tumbler, light blue Rtic tumbler and more!
Posted by Julia Foster on March 8, 2017 in Blog, News
February 2017 Cyber Security Summary
February consisted of a ransom attack, a break-in and a breach from inside the system, all which contributed to 21 total healthcare breaches and nearly 80,000 records compromised.
Since the beginning of the year:
There have been 1,288,302 million total records compromised since the beginning of 2017, and over half of them have been healthcare records. Of the 279 total data breaches, 72 of them have occurred in the healthcare field.
February’s most notable healthcare breaches:
The Internal Employees
A pair of patient transporters accessed over 3,000 medical records from a university-based hospital in Tennessee. The two employees looked at 3,247 medical records between May 2015 and December 2016. They were able to see personal information such as demographics, medical record numbers, and social security numbers. As of now, there is no evidence that the information was downloaded or printed. However, the medical center is still taking proper precautions and sending letters to patients notifying them of the breach.
A Georgia-based health system fell victim to a ransomware attack that included almost 80,000 patients’ records. The information was accessed through the system’s appointment software “Waits and Delays.” The hackers were able to remove the appointments database and then demanded a ransom to restore the site. It is not evident if the health system paid it or not. The information stolen included names, dates of birth, contact information and appointment information. Since becoming aware of the breach, the hospital has notified all of the patients who were affected by the breach and encouraged them to keep an eye on their financial statements and credit reports.
7,000 patient records were stolen during a break-in at a healthcare provider’s office in Kansas. The break-in had occurred at approximately 5:00 am before the facility opened. The intruder gained access by breaking a window and stole a desktop computer and a printer. The computer contained many non-encrypted appointment notes dating back to 2002 and 2003. The information in the notes varied, but some consisted of names, dates of birth and diagnoses and orders.
Posted by Julia Foster on March 6, 2017 in Blog
Health Information Professionals (HIP) Week 2017 – March 26th-April 1st
2017 marks the 27th annual Health Information Professionals (HIP) week. This week, which according to AHIMA.org, “is a showcase for the thousands of health information management (HIM) professionals who perform their duties masterfully throughout the year,” will be held March 26th, 2017- April 1st, 2017.
This week is sponsored by The American Health Information Association (AHIMA). This year’s theme will be “Leading the way to quality data.” To celebrate this week Excite Health Partners will be hosting the HIP Week ‘Fill in the Code’ Challenge, participate for your chance to win 1 of 5 daily prizes and/or the grand prize!
Posted by Julia Foster on March 3, 2017 in Blog
5 Topics & Launches from HIMSS17
The hustle and bustle of over 40,000 attendees, 1,200 vendors and 300 sessions at HIMSS17 ended just last week. With everything going on there is a chance you may have missed something, here are five topics and launches from HIMSS17.
While there were many topics being discussed at the 4-day event, attendees have had a hard time pinpointing what issues dominated the conference. Just like the world of HIT, HIMSS17 had a lot going, here is what some of the buzz was all about:
As we know, security breaches in the healthcare industry are in the headlines every day making it a no-brainer this would be a hot topic at the conference. HIMSS felt cybersecurity was so important they dedicated a full-day event, the Cybersecurity Forum, to the topic. While cybersecurity has been a hot topic for a couple of years, this year the conversations turned to medical devices. According to Marty Edwards, director of the Industrial Control Systems Cyber Emergency Response Team at the Department of Homeland Security “It is only a matter of time before we see a major event affecting patients involving medical device cybersecurity.”
Interoperability was a huge focus at last year’s conference, while cybersecurity seemed to be bigger this year, interoperability was still a primary focus for many attendees, vendors, and speakers. While significant progress has been made regarding Interoperability, it may not be happening as quickly as we would all have liked. HIMSS17 left us feeling optimistic; progress is still coming and at a steady rate!
- Big Data and Analytics
According to Paul Black, CEO of Allscripts, “I expected and saw the spotlight on the transformation of Big Data into more meaningful, usable analytics.” The discussion revolved a lot around how to manage patient responsibility, connectivity to communication platforms, and even interventions when necessary.
- Value-Based Care
HIT professionals were looking for tools and solutions to operationalize value-based care and payments. They were also looking for ways to increase patient engagement and enhance the patient experience.
There is no doubt telehealth is up and coming. Many forces are driving the expanded use of telehealth services including the reduction of the spread of contagious viruses/sicknesses, access for rural communities, and cost reduction.
With so many Health IT professionals under the same roof, there is no better place than HIMSS to launch or demo a new product. There were quite a few product launches and demos throughout the show, here are some of our favorites:
- App Orchard- Epic
The highly-anticipated launch of App Orchard, Epic’s app store, finally happened at HIMSS17. According to Epic’s website “The App Orchard is where developers can learn about Epic’s APIs and list their apps for Epic community members to explore and access.”
- Healthy Hospital- McKesson
McKesson had lots of new products to demo during the show, one of those being Healthy Hospital. According to a press release, “Healthy Hospital is a new program that uses advanced analytics to help providers benchmark key revenue cycle metrics, and identify areas where they can accelerate or otherwise improve financial performance.”
Touchstone, which is a comprehensive benchmarking software tool that can be utilized by hospitals and physicians for the measurement of quality and safety, will be available early summer. Touchstone, according to medisolv.org, is “the first benchmarking software of its kind for hospital eCQMs in the cloud,” will be available early summer
- DS8100-HC series scanners AND TC51-HC mobile computers- Zebra Technologies
Zebra Technologies released scanners and mobile computers that according to a press release “can foster clinical collaboration for staffers and drive better operational efficiencies, while also supporting the five rights of medication administration to help increase patient safety.”
- ClaimStaker- Alpha II
Alpha II released ClaimStaker, a claims editing software. According to their site, “ClaimStaker, is the most comprehensive clinical claim and encounter scrubbing tool available today.”
Posted by Amanda Harner on February 9, 2017 in Blog, News
As far as healthcare security is concerned, 2017 is off to a pretty good start. Although there were 24 data breaches that occurred in January, 151,970 records were compromised. Considering the monthly average of records compromised in 2016 was over a million, things are going pretty well! Notable breaches last month included a laptop stolen from a physician’s car, and two system hacks.
A California healthcare system, that includes 6 hospitals, was hacked causing over 10,000 patient’s record to be exposed. In October 2015, an unauthorized user hacked into a website that was no longer in use. The hack was not discovered by authorities until last month when officials were notified. Dates of birth, medical records and phone numbers were among the information stolen. Since the discovery, the health system has taken proper measurements to secure its website and have provided the patients who were affected with free credit monitoring services for a year.
A laptop which contained protected health information of over 3,500 patients of a children’s hospital in California, was stolen from a physician’s locked car. The computer, which was stolen in October was password protected but was not “encrypted to current institutional standards”. An investigation was conducted and it is believed that all of the information was erased from device without any patient data being accessed. The hospital is taking extra caution and sending letters to notify the thousands of patients.
Nearly 5,000 patients were affected when the system of a pain management provider was hacked. The provider has offices in New Jersey, New York, and Pennsylvania that were hurt by the attack. Although the breach was discovered in November, officials are unaware how long hackers had access to information. The investigation revealed that compromised information ranged from social security numbers and Medicare numbers to medical and demographic information. Since the attack, the provider conducted a review of its security processes, which revealed a number of areas that needed improvement. It has since been enhanced to prevent any future attacks.
Posted by Julia Foster on January 13, 2017 in Blog
2016 Cyber Security Summary
2016 kept everyone in the healthcare industry on their toes having a record high number of data breaches! Luckily, the number of compromised records dropped drastically in comparison to 2015. However, one trend that was widely recognized was the rise of ransomware attacks. Although not a new method, ransomware is quickly gaining popularity and becoming a huge issue in the cybersecurity world. Read below to see a recap of 2016’s most impactful data breaches!
Top 5 Most Notable Breaches in 2016:
The Dark Net Sale
The largest and probably most notable data breach was released in June. The hacker, who goes by the name of TheDarkLord, listed 4 different databases for sale on TheRealDeal market (a dark net source). The databases were being sold for $100,000, $200,000 $400,000, and $485,000 and included names, birthdates, social security numbers, addresses, cell phone numbers, and medical history. Ransomware attacks can put providers in a tricky situation because even if the ransom is paid, they are not guaranteed to get their information back.
Held at Ransom
The first ransomware attack of the year occurred in February at a hospital in California. The hackers were able to lock the system cutting off access to hospital employees. During this time they had to resort to handwritten documentation and prescriptions instead of any electronic communication. The hospital was forced to pay the hackers 40 bitcoins (a type of digital currency operating independently of a central bank) or $17,000 to regain access. There is no evidence that any records were actually accessed during the lockout, but the hospital still took proper precautions.
The Food Court
Another large breach in 2016 consisted of 3.7 million records stolen from an Arizona health system in August. The hackers were able to gain access to a payment processing system in some food and beverage areas throughout their facilities. The stolen information included names, birthdates, social security numbers, credit card information, and health insurance information.
One of the most unique data breaches of 2016 was linked to a radical right-wing Ukrainian political group. In July, the group posted a screenshot of information that they compromised from a urology group based out of Ohio to Twitter and uploaded half a million records to a Google cloud-based storage area. The information posted included names, addresses, phone numbers, birthdates, insurance ID’s and diagnoses. When asked the group stated that the motive was political, however, this specific urology group did not have anything to do with the issues.
In August, a company based out of New York that provides ID cards for health plans for big names such as Blue Cross Blue Shield and Health Now was involved in a data breach that consisted of almost 3.5 million records compromised. Information accessed consisted of names, dates of birth, ID numbers, dependents’ names and provider names. The hacker was able to gain unauthorized access to a server which held all of the private information.
In December, almost half a million records were subject to exposure not because of a security attack, but rather a semi-truck. In Fort Myers, FL a truck driver, transporting a load of old paper medical records failed to securely lock the door on his truck, causing the medical records to fall from the vehicle and blow around. It took 3 days for officials to find all of the medical records that they could, however, not all were accounted for. There was no evidence that any information had been improperly used so far, but the information exposed consisted of everything from addresses and medical history to social security and financial information.
Posted by Amanda Harner on January 6, 2017 in Blog, News
Regarding cybersecurity, December had some good news and some bad news. The good news: December had the lowest amount of data breaches throughout 2016. The bad news: December had the 3rd highest number of records compromised, with a total of almost 1 million. Some of the most notable breaches include phishing emails being sent out, a ransomware attack, and a mobile app that was hacked into.
Since the beginning of December:
In December 2016, there were 16 health breaches and 925,863 records compromised. 61% of healthcare data breaches were due to hacking/IT incident.
Since the beginning of the year:
In 2016 there were over 900 total data breaches and 350 healthcare breaches, consisting of over 35,000,000 records compromised throughout the entire year!
December’s most notable healthcare breaches:
LA Health Department
The Los Angeles Health Department suffered the largest data breach in December. It is estimated a phishing email sent to employees compromised over 700,000 personal records. Phishing emails contain viruses which allow access to protected information. These emails usually have an open rate around 30%, but in this case, the open rate was only about 10%. However, even with the relatively small number of opens, a significant amount of damage was still caused to the server. The data compromised consisted of names, dates of birth, social security numbers, payment/bank account information, social security numbers, and medical diagnoses.
A health center also based in California was the victim of a ransomware attack. Troldesh, which is the ransomware that was used in this attack works by conducting scans and encrypting files making them inaccessible to authorized users. Toldesh was installed by an unauthorized user who logged into the server. Names, medical diagnoses, medical record numbers, and insurance numbers were among the information stolen. Luckily, no financial information or social security numbers were compromised.
Earlier this month, a medical laboratory company based out of New Jersey disclosed a data breach that affected more than 34,000 people. Information stolen included personal information such as names, phone numbers, dates of birth and lab results. The information was stolen through MyQuest, which is a mobile app that allows patients to share medical records. The app was improperly secured allowing the hackers to gain access to personal records.
Posted by Julia Foster on December 29, 2016 in Blog, News
Let the countdown begin. 2017 will be here before we know it! Here are some ICD-10 codes you might be using to bring in the New Year!
W25.XXA- Contact with sharp glass, sequela
Be careful when you are clinking glasses, or you will be in need of this code.
F10.920- Alcohol use with intoxication, uncomplicated
The best way to bring in the New Year is with a champagne toast.
S93.401A- Sprain of unspecified ligament of ankle
NYE is an opportunity to dress your best, but it is also an opportunity for a high heel injury.
Z38.00- Single live born infant, born outside hospital
NYE is all about welcoming Baby New Year.
E86.0 – Dehydration, R51 – Headache & R11.2 0 Nausea and vomiting
W39- Discharge of firework
Fireworks at midnight are always a fun way to celebrate!
Y93.A- Activities involving other cardiorespiratory exercise
Do you know what the most common New Year’s resolution is? Getting in better shape.