The push is on for adoption and if healthcare providers don’t adapt, they face some potentially sharp teeth. We read that, “Failure to implement EMR by 2014 may result in increased malpractice premiums and increased exposure to malpractice claims, as well as a reduction in Medicare reimbursement, beginning in 2015”. Ouch!

So what’s the tie to VPN’s? We see a significant portion of the EMR communications being wireless. Don’t believe us? Next time you’re in a hospital, take note of all the handheld devices the staff is marching around with. How about hospice workers who update records via PDA’s? How about in-facility WLAN and WiFi networks? Doctors use laptops from room to room and hotspots are popping up in cafeterias, waiting rooms, etc. all over the country. The list goes on and as it grows so does the threat to information traveling wirelessly.

EMRs are a great benefit to the healthcare industry and have the potential to improve patient care definitively. With solid VPN’s in place, HIPAA can be satisfied as well as protecting the great benefits wireless communications have on worker productivity. The right VPN tech is important too – avoiding vendor lock, ensuring the tech fits facility policy and doesn’t force policy changes, and it must be easy enough to users that they don’t even notice it’s running (otherwise, they’ll find a way around it!).

HIPAA is a collection of standards striving for an effective and efficient method of exchanging information to the right people in a secure manner, thereby creating streamlined workflows in an electronic environment, and so delivering higher quality yet affordable health care. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”

This ranges from keeping file cabinets/record rooms locked, stricter access controls to computers (password requirements or smart card authentication), to the more complex data storage, digital signatures to ensure non-repudiation, etc.

Let’s focus on the PHI that is being transmitted, or in other words, when Electronic Protected Health Information is being transported over open networks: that’s where secure communication plays a role; this is where NCP steps up to the plate.  These requirements are not by any means limited to HIPAA, as these same requirements are also applicable to the financial institutions, government departments, police departments, and so forth.

What our customers in these different fields appreciate is NCP’s understanding of secure communications: the safeguarding of the data in transit; but also verifying the authenticity and authorization of the person receiving and transmitting the information by means of strong authentication (multi-factor authentication).  The HIO in question can select which vendor/provider they want to use for this; be it a PKI environment with smart cards or an OTP setup, NCP is flexible and will allow for this freedom of choice.

- Strong Authentication: the assurance to one entity that another entity is who he, she, or it claims to be,

- Integrity: the assurance to an entity that data has not been altered (intentionally or unintentionally) in transit,

- Confidentiality: the assurance to an entity that no one can read a particular piece of data except the receiver(s) explicitly intended.

Of course one can impose a lot of restrictions on the user; but besides some user awareness (often overlooked; as not everything can be locked down by technology — think about discussions about patients and treatments in public areas between personnel or with family members), is user-friendliness.  When a user is confronted with a lot of barriers that keep them from performing their work in an efficient effective manner, they will inevitably find a way to circumvent this.  By making the procedure of establishing a secure connection as easy and as transparent as possible for the user, yet maintaining a high level of security, an administrator can tick this requirement on the list and have the assurance that this base is covered.