Sunday, May 31, 2015

Everything You Need to Create a Healthcare Data Breach Notification Plan

Healthcare data breaches have moved front and center in the news lately. In fact, 2015 has been called "The Year of the Hack." As many people admit, it’s not a matter of if your organization will be breached, it’s just when the breach will occur. One important thing all organizations should prepare for is what, how and to who they should communicate when the breach occurs. Having a Security Incident Response Plan assembled prior to a breach will go a long way toward ameliorating the negative impacts a breach will have for your organization.

This post provides a list of great resources that can be used to create a Security Incident and External Breach Notification Plan. The materials were developed by government agencies like the NIST, DOJ, private companies like Experian and Microsoft, associations like the American Bar Association and leading security consultants. 

What Goes into a Good Plan?


Gives a good overview of how to “Establish and implement a written data breach response policy”


Really good info!


More info on what should be included in a good plan.


Good RACI chart for assigning responsibilities – Other useful info too


Good questions to answer before and after a breach: See pages 10, 16, 21, 26. Also, this fellow Lenny Zelster appears to be a very knowledgeable consultant. I don't know him personally but he might be a good consulting resource.

What Kind of Questions Should You Ask or Will You be Asked?

Questions that need to be addressed. Sample questions others may ask for which you’ll need to be prepared.


Appendix A contains incident response scenarios and questions for use in incident response tabletop discussions

Appendix E identifies resources that may be useful in planning and performing incident response.

Appendix F covers frequently asked questions about incident response.

Ok. It Happened!


Overview from Experian including info on HIPAA.


Some good info from Microsoft


And a word from the lawyers... :)

Don't Forget Those Pesky State Regulations


For instance:

States In Which Definition for “Personal Information” is Broader Than the General Definition

States That Require Notification Within a Specific Time Frame

Best Practices, Cheat Sheets & Templates – Oh my!


Recent Guidance from DOJ


In Word & Excel formats


Good steps – see page 10-14

That's All Folks!

So there you have it. The above is pretty much all you'll need to assemble a good security incident response plan. There’s no need to develop a plan all on your own. As someone once said: “Good artists borrow, great artists steal.”

For other information on healthcare and information technology, consider following me on Twitter.



Wednesday, May 27, 2015

AHIP Institute Exhibitors on My Must Meet List



A number of vendors will be exhibiting at the AHIP Institute in Nashville, TN on June 3rd through the 5th.  I count around 220+ on AHIP’s web site. 

Based on my areas of interest – consumerism, transparency, health literacy, risk adjustment and enrollment – I have the following vendors on my radar for the AHIP Institute event.

Company
Twitter
Altegra 
https://twitter.com/altegrahealth
Availity
BenefitFocus
CodeBaby
https://twitter.com/codebaby
Connecture
Copatient
Edifecs
EnigmaHealth
GuideWell
hCentive
HealthEdge
Healthsparq
Inovalon
InterSystems
Lumeris
https://twitter.com/lumeris
Navicure
Navinet
OmedaRX
Socialwellth
https://twitter.com/socialwellth
Softheon
Spendwell
Truven
Verisk
Welltok

See you at the AHIP Institute

As one of four Social Media Ambassadors for this year's AHIP Institute, I'd like to solicit information and ideas from all attendees and exhibitors. If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Monday, May 25, 2015

Looking Forward to These Sponsored Sessions at AHIP Institute



The AHIP Institute in Nashville, TN on June 3rd through the 5th offers some interesting Sponsored Concurrent Breakfast Sessions. The following sessions look interesting to me – and not just because I think there may be breakfast food served!

Breakfast Sessions 

Thursday, June 4 -- 7:30 - 8:15 am

The Health Insurer of the Future: How Health Plans will Transform in the Next Five Years

A discussion on what the health plan of the future looks like, forecasting the challenges and opportunities that health plans will face. Explores the DNA of the health plan of the future, including core capabilities, consumer engagement initiatives, adoption of new business models and technology investments.

Ray Desrochers, Executive Vice President, HealthEdge

Friday, June 5 -- 7:30 - 8:15 am

Survival of the Fittest: Thriving in a Regulated Post-Reform Era

Insights and strategies to understand the key critical performance measures that will determine strategic planning for health plans.
Matt Nichols, Vice President of Data Innovation, Optum

Other Sponsored Concurrent Sessions

Thursday, June 4 -- 1:00 pm – 1:45 pm

Emerging Issue for 2016: The Impact of the Quality Rating System on Qualified Health Plans

Insight into the reporting requirements for the 2016 Quality Rating System (QRS) implementation and the impact it will have on current QHPs. Covers the mid-cycle considerations and lessons learned from the QRS beta test to date.
Reid Kiser, General Manager, HEDIS Advantage, Inovalon
Michelle Johnson, Director, Government Relations & Policy, URAC

...Or the following session at the same 1:00pm time.


It Takes a Platform: How to Optimize Health & Incentives

Learn about the critical components of an enterprise-level consumer platform and how they can help their members achieve the highest health status at the lowest cost.

Jeffrey H. Margolis, Chariman and CEO, Welltok, Inc

Thursday, June 4 -- 2:00 pm – 2:45 pm

Fueled by Healthcare IT Start-Up Funding, Digital Disruption is Knocking

Examines traditional healthcare organizations and industry stakeholders that are taking interest in this shifting marketplace and trying to assess whether this funding momentum will continue, to what extent and to what market segments.

Alan Nalle, Senior Manager, Accenture Health Strategy

Thursday, June 4 -- 3:35 pm – 4:20 pm

Know The Score: Better Engagement For Better Health

Gain insight on how software and member engagement scores drive a proactive member experience – leading to improved member outcomes and lower costs.

Joel Radford, SVP, Software Solutions, Silverlink Communications
Stan Nowak, CEO & Co-Founder, Silverlink Communications
David Veroff, SVP, Analytics, Silverlink Communications

Friday, June 5 -- 9:55 am – 10:40 am

Beyond Private Exchanges: What Companies and Individuals Really Want from their Benefits Programs

Gain a better understanding of how health plans fit into the private exchange landscape from consumer considerations like brand, decision support, and multiple benefit options, to administrative needs like data integration and integrity, member maintenance and billing consolidation.

Shandon Fowler, Director of Product Strategy, Benefitfocus

See you at the AHIP Institute

If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Friday, May 22, 2015

AHIP Institute Sessions I'm Looking Forward To


The AHIP Institute in Nashville, TN on June 3rd through the 5th is particularly exciting for me to attend for three reasons:


1. It’s focused around the needs, issues and challenges of health plans and payers – an industry I’ve worked in for over 20 years.

2. I’m one of four people selected by AHIP to be a social media ambassador for the event.

3. It’s in Nashville, TN – a place where I lived for 10 years, where my youngest son was born and where all four of my kids attended grade school.

Healthcare Literacy, Transparency & Communications!

Since I strongly believe that improving health care literacy, increasing transparency of health care quality and cost information, and sharing information via an omni-channel approach holds the key to improving the U.S. healthcare system, I'm especially looking forward to the following concurrent sessions.

Note: I’ve included the Twitter account for any session presenter that had one.

Beyond the Contract: Enhancing Provider Engagement in New Care Models - June 4 - 2:00p – 2:45p

How retail health care and telemedicine are altering traditional behaviors and relationships between providers, health plans and consumers.

Amy Fahrenkopf, MD, VP, Highmark, Inc.


Transparency: Tools, Information and Innovation - June 5 - 10:50a – 11:35a

Learn about tools and new initiatives to engage consumers in their health care.

Raj Davda, MD, Medical Director, CIGNA 


Social Commerce: Integrating Your Marketing, Sales and Digital Approaches - June 4 - 3:35p – 4:20p

Learn ways to leverage social tools to deliver growth to your company. How social information fit into data and segmentation models.

Lindsay R. Resnick, CMO, KBM Group: Health Services

Katzman Stephanie, Senior Account Executive, LinkedIn
David Murray, Manager, Social Media, BCBS of Michigan
Joanna Belbey, Social Media & Compliance Specialist, Actiance

Health Literacy: A Key to Unlocking Change - June 5 - 9:55 a – 10:40a

Learn how others are bridging the health literacy knowledge gap to help consumers help themselves reach the goal of improved health. How can mass media tools help to propagate discovery and improve comprehension.

No speaker listed on AHIP site


Innovation & Inspiration in Health Care - June 4 - 1:00p - 1:45p

How health plans are rethinking the ways in which they do business. How health plans expanding their portfolios and diversifying their business – and lessons learned.

Darren Olson, Director, UPMC Health Plan 
Rob Coppedge, Senior VP, Cambia Health Solutions

If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Thursday, May 21, 2015

ICD-10 Jeopardy - Now and Then

Nuance Communication's post of today titled “It’s time to play ICD-10 Jeopardy!” reminded me of a series of Jeopardy-themed Tweets I made around Christmas 2012; not in season but timely relative to Nuance's post.

Holiday Accidents 

(Holiday Accidents for $100): Often associated w/ older, over-confident & intoxicated males hanging decorations.

(Holiday Accidents for $100): What is “W132XXA” - Fall from, out of or through roof, initial encounter.

(Holiday Accidents for $200): Avoid this potentially paralyzing condition by saying no to improperly prepared foods

(Holiday Accidents for $200): What is “A051” - Botulism food poisoning?

Xmas Movies

(Xmas Movies for $300): In Christmas Vacation, this happened to the Griswold’s cat during their holiday dinner.

(Xmas Movies for $300): What is “T754XXA”- Electrocution, initial encounter?

(Xmas Movies for $400): In How the Grinch Stole Christmas, the Grinch was “˜saved’ by this often fatal condition.

(Xmas Movies for $400): What is “I51.7” Cardiomegaly - hypertrophy or enlargement of the heart?

Holiday Shows

(Holiday Shows for $100) In “A Christmas Story,” Ralphie’s Mom always warned him about this code.

(Holiday Shows for $100): What is “W34118A” - Accidental malfunction of spring-operated gun, initial encounter?”

(Holiday Shows for $200) In “It’s a Wonderful Life, Young George saves his brother Harry from this watery fate.

(Holiday Shows for $200) What is “W1641XA” - Fall into unspecified water causing drowning & submersion, initial encounter?

70’s Rock Hits

(70’s Rock Hits for $100): Foreigner sings about this vision condition in their #3 hit in 1978.

(70’s Rock Hits for $100): What is “H53.2 ” - Diplopia or Double Vision?

(70’s Rock Hits for $200): Foreigner sings about this anemic condition in their #2 hit in 1978.

ICD-10 Jeopardy (70’s Rock Hits for $200): What is “D58.9 ” - Hereditary hemolytic anemia, unspecified (Hot Blooded)

For more on ICD-10 and healthcare information technology, consider following me on Twitter at @ShimCode and @HITConfGuy


Friday, May 8, 2015

How Can I Know Who Will Eventually Unfollow Me?

Earlier tonight I tweeted “I think I can predict w/ about 70-80% accuracy which “non-spam/commercial” Twitter account will un-follow me based on their bio & tweets.” 

I wanted to wrap up the day but Charles Webster – aka @wareflo – kept me going by tweeting “@ShimCode what do the people who unfollow you have in common?”  

Here’s a quick, more than 140 character, reply to Chuck’s question as to how I think I can determine, in advance, who will likely unfollow me. It’s actually pretty easy. Here’s how I can tell which followers are extremely likely to unfollow me. The more of the following attributes involved, the higher the likelihood that the account will unfollow.

Note: These criteria are loosely ordered by the importance/impact of each reason according to how I interpret the reason. But, of course, in certain scenarios there are exceptions and combinations that alter their order. And these reasons are unique to me; although variations can be made for all Twitter users.

#
Reasons
Comments
1
They’re playing the “Follow-Unfollow” game to gain followers.

Anyone around Twitter for any length of time should know of this trick. It's non-organic and I don’t use it.
I’ve had some people follow & unfollow me 6-7 times. Eventually they unfollow for good when the service they are likely paying for figures out I’m not going to follow them.
2
Incompatible Tweeps

There are people who don’t tweet very often, they don’t share my area of interest, and/or they have private accounts.
Why would I follow these people?
3
Impulse Followers/Accidental Followers

Every now and then I share something that really strikes a chord and I see a spike in followers. Then the person who followed me realizes my content is not for them. Then they drop off.
No comment – they get a pass. When I find someone I'm not sure of, I place them on a watch list.
4
Triple X and MLM Accounts
I block the really overt ones. The rest usually go away on their own. Or are killed off by Twitter.
5
People Who Hate Health Plans, Insurance Companies and Payers

Some people just hate insurance companies. Once they learn I’ve worked on the health plan side, they bolt.
I’ve worked on what some people ignorantly consider the “Evil-Side” for 25 years. Deal with it!
6
People Who Don’t Agree with my Tweets
What can I say?
7
Politics

Occasionally – but way less than years past  – I express my fiscally conservative politics. Some “liberals” just can’t tolerate a different opinion. Go figure.
But be advised, my four 20-something offspring who dragged me a bit to the left these past 10-15 years have started to pay taxes. And I've been getting a reprieve.
8
Anti-2nd Amendment – Anti-Gun People

I'm a strong supporter of free speech and gun rights. Once some people learn this they’re gone.
But they can rest assured I'll not stop defending their right to speak and everyone's right to protect themselves.
9
My Call a Spade a Spade Attitude

I’m not going to be untrue to myself and be a high-fiving, backslapping, go along to get along lemming. So many people on Twitter are so Polly-Annish they make me sick.
Sorry, I’m just not gonna be a backslapper.
10
People that work for organizations that are against most or all of the topics mentioned above are likely to not want to hear/read what I tweet.
See #2, 5, 6, 7, 8, and 9 above.
11
I didn't follow them back right away - or ever.

In general, within the parameters outlined above, I follow people who follow me. I know this is controversial but I make extensive use of lists and filters so following thousands is not an imposition.
Too bad. I've been getting about 100-150 new followers a week and can't always stay on top of reviewing new followers.
So there you have it. I suppose I could develop an app to predict who will unfollow based on scoring followers using the above. But what value would it provide and who would buy it?

BTW Chuck, I unfollowed you once; probably for items #5, 6, 7 & 9?

90+ Useful Websites, Tools & Apps

Here's a list of interesting and useful websites, apps and tools that's been floating around the web for years. This list has been scrubbed to make sure the sites are still active. And I've categorized them.  Enjoy!


Category
The Most Useful Websites and Web Apps
Communication-Audio
www.mixlr.com – broadcast live audio over the web.
Communication-Chat
www.imo.im – chat with your buddies on Skype, Facebook, Google Talk, etc. from one place.
Communication-Editing
www.notes.io – the easiest way to write short text notes in the browser.
Communication-Editing
www.privnote.com – create text notes that will self-destruct after being read.
Communication-Editing
www.typewith.me – work on the same document with multiple people.
Communication-Email
www.alertful.com – quickly setup email reminders for important events.
Communication-Email
www.ctrlq.org/html-mail – send rich-text mails to anyone, anonymously.
Communication-Email
www.followupthen.com – the easiest way to setup email reminders.
Communication-Email
www.scr.im – share you email address online without worrying about spam.
Communication-Misc
www.faxzero.com – send an online fax for free – see more fax services.
Communication-Misc
www.talltweets.com – Send tweets longer than 140 characters.
Communication-Misc
www.wordle.net – quick summarize long pieces of text with tag clouds.
Communication-Sharing
www.join.me – share you screen with anyone over the web.
Communication-Sharing
www.livestream.com  – broadcast events live over the web, including your desktop screen.
Communication-Tools
www.lovelycharts.com – create flowcharts, network diagrams, sitemaps, etc.
Communication-Tools
www.polishmywriting.com – check your writing for spelling or grammatical errors.
Communication-Video
www.mailvu.com – send video emails to anyone using your web cam.
Communication-Video
www.tinychat.com – setup a private video chat room in micro-seconds.
Communication-Web Pages
www.marker.to – easily highlight the important parts of a web page for sharing.
Conversion
www.copypastecharacter.com – copy special characters that aren’t on your keyboard.
Conversion
www.dictation.io – online voice recognition in the browser itself.
Conversion
www.goo.gl – shorten long URLs and convert URLs into QR codes.
Conversion
www.myfonts.com/WhatTheFont – quickly determine the font name from an image.
Conversion
www.onlineocr.net – recognize text from scanned PDFs – see other OCR tools.
Conversion
www.pdfescape.com – lets you can quickly edit PDFs in the browser itself.
Conversion
www.printwhatyoulike.com – print web pages without the clutter.
Conversion
www.regex.info – find data hidden in your photographs – see more EXIF tools.
Conversion
www.unfurlr.com e – find the original URL that’s hiding behind a short URL.
Editing
www.minutes.io  – quickly capture effective notes during meetings.
Editing
www.pastebin.com – Store text and graphics and call them up on demand
Editing
www.tagmydoc.com – add QR codes to your documents and presentations (review).
Editing
www.teuxdeux.com – a beautiful to-do app that looks like your paper dairy.
Education
www.codeacademy.com – the best place to learn coding online.
Education
www.labnol.org – software tutorials and how-to guides.
Education
www.typingweb.com  – master touch-typing with these practice sessions.
Entertainment
http://zerodollarmovies.com – find full-length movies on YouTube.
Entertainment
www.noteflight.com – print music sheets, write your own music online (review).
File Management
www.ge.tt – quickly send a file to someone, they can even preview it before downloading.
File Management
www.jotti.org – scan any suspicious file or email attachment for viruses.
File Management
www.otixo.com – easily manage your online files on Dropbox, Google Docs, etc.
File Management
www.pipebytes.com – transfer files of any size without uploading to a third-party server.
File Management
www.virustotal.com – scan any suspicious file or email attachment for viruses.
File Management
www.wetransfer.com – for sharing really big files online.
Financial
www.chipin.com – helps you raise funds online for an event or a cause (closed).
Graphics
color.adobe.com – get color ideas, also extract colors from photographs.
Graphics
www.bing.com/images – automatically find perfectly-sized wallpapers for mobiles.
Graphics
www.bounceapp.com – replace this with a version that works on mobile.
Graphics
www.google.com/webfonts  – a good collection of open source fonts.
Graphics
www.iconfinder.com – find icons of all sizes.
Graphics
www.office.com – download templates, clipart and images for your Office documents.
Graphics
www.unsplash.com   – download images absolutely free.
Graphics-Tools
www.bubbl.us – create mind-maps, brainstorm ideas in the browser.
Graphics-Tools
www.ctrlq.org/screenshots – for capturing screenshots of web pages on mobile and desktops.
Graphics-Tools
www.draw.io – create diagrams and flowcharts in the browser, export your drawings to Google Drive and Dropbox.
Graphics-Tools
www.kleki.com – create paintings and sketches with a wide variety of brushes.
Graphics-Tools
www.picmonkey.com – Picnik is offline but PicMonkey is an even better image editor.
Graphics-Tools
www.sumopaint.com – an excellent layer-based online image editor.
Graphics-Tools
www.timerime.com – create timelines with audio, video and images.
Graphics-Video
www.screenr.com – record movies of your desktop and send them straight to YouTube.
Graphics-Video
www.stupeflix.com – make a movie out of your images, audio and video clips.
Lookup
http://ctrlq.org/rss/ – a search engine for RSS feeds.
Lookup
http://web.archive.org/ - Look at web sites at a specific point in time. The Wayback Machine
Lookup
www.builtwith.com – find the technology stack to know everything about a website.
Lookup
www.feedmyinbox.com – get RSS feeds as an email newsletter.
Lookup
www.formspring.me – you can ask or answer personal questions here.
Lookup
www.google.com/history – see your past searches, also among most important Google URLs
Lookup
www.iwantmyname.com – helps you search domains across all TLDs.
Lookup
www.lmgtfy.com – when your friends are too lazy to use Google on their own.
Lookup
www.midomi.com – when you need to find the name of a song.
Lookup
www.namemytune.com – when you need to find the name of a song.
Lookup
www.similarsites.com – discover new sites that are similar to what you like already.
Lookup
www.snapask.com – use email on your phone to find sports scores, read Wikipedia, etc.
Lookup
www.truveo.com – the best place for searching web videos.
Mapping
www.scribblemaps.com – create custom Google Maps easily.
Reference
www.boxoh.com – track the status of any shipment on Google Maps – alternative.
Reference
www.homestyler.com – design from scratch or re-model your home in 3d.
Reference
www.hundredzeros.com – the site lets you download free Kindle books.
Reference
www.random.org – pick random numbers, flip coins, and more.
Reference
www.urbandictionary.com – find definitions of slangs and informal words.
Reference
www.wolframalpha.com – gets answers directly without searching
Reference-Travel
www.flightstats.com – Track flight status at airports worldwide.
Reference-Travel
www.seatguru.com – consult this site before choosing a seat for your next flight.
Services
www.fiverr.com – hire people to do little things for $5.
Time-Date
e.ggtimer.com  – a simple online timer for your daily needs.
Time-Date
www.everytimezone.com – a less confusing view of the world time zones.
Time-Date
www.qClock.com  – find the local time of a city using Google Maps.
Time-Date
www.whichdateworks.com – planning an event? Find a date that works for all.
Verification
www.woorank.com – research a website from the SEO perspective.
Verification
www.snopes.com – find if that email offer you received is real or just another scam.
Web Site Tools
safeweb.norton.com  – check the trust level of any website.
Web Site Tools
www.coralcdn.org  – if a site is down due to heavy traffic, try accessing it through coral CDN.
Web Site Tools
www.disposablewebpage.com – create a temporary web page that self-destruct.
Web Site Tools
www.downforeveryoneorjustme.com – find if your favorite website is offline or not?
Web Site Tools
www.ewhois.com – find the other websites of a person with reverse Analytics lookup.
Web Site Tools
www.gtmetrix.com – the perfect tool for measuring your site performance online.
Web Site Tools
www.pancake.io – create a free and simple website using your Dropbox account.
Web Site Tools
www.whoishostingthis.com  – find the web host of any website.
Workflow
www.ifttt.com – create a connection between all your online accounts.