NIST Launches the Latest Big Data Interoperability Framework

The National Institute of Standards and Technology (NIST) launched its final Big Data Interoperability Framework (NBDIF) to assist with the design of data analysis software applications which could operate on just about any computing platform and be conveniently transferred from one computing platform to a different one.

NBDIF is the end result of many years of work and joint venture of over 800 authorities from the government, academe, and private community. The final document consists of nine volumes talking about big data definitions and taxonomies, use circumstance & prerequisites, reference architecture, roadmap standards, privacy and security, a reference architecture interface, and adoption and modernization.

The primary intent behind NBDIF is to advise developers on the design and deployment of greatly helpful tools for big data examination that could be used on diverse computing platforms; from one laptop computer to multi-node cloud-based settings. Developers must make their big data analysis tools to enable them to immediately be migrated from platform to platform and enable data analysts to be changed to more complex algorithms without being forced to retool their computer settings.

Developers can use the framework to make an agnostic setting for big data analysis tool production to ensure their tools could help data analysts’ findings to run continuously, even when their targets change and technology improves.

The amount of files that require analysis has increased significantly recently. Data is presently obtained from a huge range of devices, such as an assortment of sensors hooked up to the internet of things. A few years ago, close to 2.5 exabytes which equal billion billion bytes, of information are generated daily around the world. By 2025, international information generation has been estimated to have 463 exabytes each day.

Data scientists may use large datasets to acquire precious observations and big data analysis tools will permit them to level up their analyses from just one laptop unit to distributed cloud-based settings that work through various nodes and analyze big amounts of information.

So as to do that, data analysts might be required to recreate their tools from the start and employ varied computer languages and algorithms to permit them to be employed on varied platforms. The usage of the framework will boost interoperability and substantially minimize the problem on data analysts.

The final copy of the framework comprises consensus definitions and taxonomies to be sure developers understand each other when talking over options for new analysis tools, besides data privacy and security prerequisites, and a reference architecture interface spec to direct deployment of their tools.

The reference architecture interface specification is beneficial to vendors when developing flexible settings where any tool could function in. In the past, no standard for developing interoperable options are available. At this time there is.

The big data analysis tools could be utilized in different ways, for instance in drug discovery where experts have to assess the behavior of some candidate drug proteins in one set of assessments, then utilize that information into the succeeding round. The flexibility to make changes immediately will help to hasten the analyses and minimize drug development expenditures. NIST, in addition, proposes that the tools can help analysts distinguish health scams with less effort.

The reference architecture will permit the user to pick whether to do analytics using the most recent machine learning and AI tactics or the conventional statistical methods.

Knowing about changes in HIPAA for better compliance

The American Recovery and Reinvestment Act of 2009 (ARRA), also known as the stimulus bill made quite a few amendments to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996.

The most important and noticeable changes include the expansion of enforcement to states’ attorneys general and expansion of privacy and security provisions related to “business associates” and new breach notification provisions along with changes in penalties to be imposed in case of breach of HIPAA.

With changes in HIPAA, the penalties can now be imposed on covered entities along with individuals in position to the previous law where penalties could only be imposed on covered entities. As such, if someone within an organization willingly neglects and doesn’t comply with the rules and makes wrongful disclosures, he or she will be subject to fines, as well as possible imprisonment. Also, in the past, enforcement and violations were addressed solely at the federal level by the Office of Civil Rights. Now, attorney generals are empowered to deal with enforcement and violations as well.

Protected health information can be released by covered entities without authorization only for purposes of treatment, billing and health care operations. Covered entities can’t release information beyond those purposes without authorization of the patient. In addition, specific types of information are viewed as more sensitive (e.g., mental health and substance abuse information, information about certain diseases, such as HIV) in many states and more restrictions on disclosure exist at the state level.

With new laws, patients will have a greater ability to try to find out who has accessed their protected health information. This means that covered entities and business associates could be asked to account for a good deal of information if they get a request. New regulations are being considered in this area, so it is an area to watch.

In order to make sure that they are HIPAA compliant, the covered entities should keep an eye on releases from HSS about changes, consult with their legal representative, make sure that their designated privacy officer is properly trained and that he or she is training their employees and keep their lines of communication open with business associates and make sure any contracts they have with them include appropriate provisions that will require they comply with HIPAA and all other state laws which may come into play.

Forsythe To Offer Catbird’s Vsecurity® Software To Its Customers

Catbird is the pioneer in security and compliance for virtual, cloud and physical networks. The company has now entered into a partnership agreement with Forsythe, a leading IT infrastructure consultant and integrator, according to which Forsythe will offer Catbird’s vSecurity® software to bring PCI, HIPAA and SOX compliance to its customers who are moving to virtual and cloud-based infrastructure.

This software from Catbird harnesses the power of virtualization to deliver the industry’s most comprehensive security and compliance solution for virtual and cloud systems. The software introduces a new model for data center security and enforces controls on virtual machines, their network attributes, virtual networks, and the switch fabric – protecting the whole data plane.

“Security and compliance are critical components for every IT infrastructure. As environments are virtualized, new risks are introduced due to a loss of process control across four change dimensions,” says David Poarch, VP, security of Forsythe. “Catbird has developed a solution specifically for virtualized environments that delivers dynamic, elastic security and integrated compliance for sensitive and mission-critical applications.”

“Recent guidance from PCI, NIST and SANS proves that relying on traditional physical firewalls and physical network inspection is risky and will not pass an audit. Catbird vSecurity® was built from the ground up to do virtual and cloud security better, faster and cheaper,” said Edmundo Costa, Catbird CEO. “Forsythe’s extensive experience in integrating not only virtualized solutions, but also physical infrastructure solutions, across security, servers, networks and storage make them a strong partner in helping our virtualization clients with their security needs.”

“Virtualization security opens the door for mission-critical applications that have traditionally been left out of virtualization roll-outs,” added Costa. “vSecurity will provide Forsythe customers with the ability to meet the new requirements and maximize their virtualization and cloud ROI by being able to include in their deployment plans most applications that were previously excluded, such as, for example, applications that handle PCI data.”

Harris Corporation to support VA’s transition to new coding standards

The U.S. Department of Veterans Affairs (VA) has awarded Harris Corporation a $5.3 million two-year contract to provide remediation to the VA’s Health Administration Center (HAC) Cache System to address new medical coding standards. Harris will support the VA’s migration to new coding]]>

This transition will also help HAC to produce more accurate records as well as conduct more detailed population assessments and studies. Additionally, the ICD-10 migration will improve the HAC’s payment systems for veterans and their family members with more accurate billing information. The Harris team, along with subcontractors 7 Delta Inc. and Vangent Inc., will complete all phases of the ICD-10 integration and software development life cycle.

International Statistical Classification of Diseases and Related Health Problems (ICD) Codes are used to classify diseases and other medical problems under a single standard and promote international comparability with treatment and billing. As part of the Health Insurance Portability and Accountability Act (HIPAA) 5010 transition, the U.S. Department of Health and Human Services (HHS) has mandated that all covered healthcare entities be ICD-10 compliant by Oct. 1, 2013.

“The ICD-10 transition will enable the HAC to improve the accuracy and efficiency of claims processing for veterans and their family members,” said Jim Traficant, president, Harris Healthcare. “By migrating to ICD-10, the Health Administration Center continues to lead the healthcare industry in adopting the latest standards to better serve our veterans.”

97% of Americans want more control on their PHI: New survey reveals

Privacy advocate Dr Deborah Peel ‘s Patient Privacy Rights Foundation and Zogby International has conducted a new survey which has revealed that a whopping 97% of the 2,000 adults questioned want the right to control their own personal medical information and be allowed to limit with whom their “sensitive information” is shared.

In a press release accompanying the release of the survey results Dr Peel said “No matter how you look at it, Americans want to control their own private health information. They overwhelmingly believe that they are the only people in the right position to make decisions about how their information can be used. Researchers do not get a free pass.”

The survey reveals that many of the Americans want to be in control of all of their electronic medical records and have the right to limit with whom their doctors, insurance companies and even the government can allow the information to be given to. Some of them showed their worry about the fact that their sensitive information was at risk of being accessed by employers, researchers, ex-spouses and abusive partners.

Dr Peel’s Austin, TX based advocacy group is calling for the creation of a “do not release” list, something that would work along the same lines as the “do not call” lists that telemarketers must abide by. 73% of those surveyed said they would sign up if such a list were ever to be created.

HIMSS webinar on importance of HIPAA compliance to an IT manager

A Health Information & Management Systems Society (HIMSS) webinar based on the importance of HIPAA compliance for an IT manager is to be held on October 20, 2011, which will be sponsored by Axway, the Business Interaction Networks company.

The webinar which has been entitled, “What does HIPAA Compliance mean to an IT Manager?” will be a case study with Catholic Healthcare West. The webcast will explore how Catholic Healthcare West is managing the challenges of rapidly building their healthcare managed file transfer (MFT) ecosystem while continuing to adhere to Health Information Portability and Accountability Act (HIPAA) compliance. Catholic Healthcare West will share their secrets as to how they ensure patient privacy, and build partner networks that make end-to-end management of certain patient files possible.

The webinar will include discussions between Axway and Catholic Healthcare West on how to leverage technology in a way that allows to access critical health information while maintaining security and the public’s trust at the same time. Various companies participating in the webinar will also get an opportunity to share their experiences designing internal project support for building large-scale MFT infrastructure projects and impart lessons learned during deployment.

The scope of HIPAA Security Rules

HIPAA security rules deal with health information that is maintained or transmitted electronically. This rule emphasizes on the security framework for those entities that deal with medically sensitive information.  As such, they apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”).

According to the Security rule, all HIPAA entities must provide a security plan with safeguards in the following areas:

Administrative safeguards: As per HIPAA Security Rule, a covered entity must identify and analyze potential risks to e-PHI, and it must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. It should also designate a security official who is responsible for developing and implementing its security policies and procedures.

Physical safeguards: A covered entity must limit physical access to its facilities while ensuring that authorized access is allowed.

Technical safeguards: A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).

HIPAA Security Rule is especially applicable to HIPAA compliant web designers and web-hosting providers. HIPAA entities looking for secure solutions must make sure that whatever solutions they implement must comply with the security specifications defined in the rule.

Shared Health awarded the HIPAA Security and Privacy Covered Entity accreditations from URAC

URAC is a Washington, DC-based health care accrediting organization that establishes quality standards for the health care industry. It has awarded the HIPAA Security and Privacy Covered Entity accreditations to Shared Health, one of the leaders in HealthCare Industry.

URAC’s HIPAA Security Accreditation program provides an emphasis on the fundamentals of ongoing risk managemen. It enables health care organizations to validate their security compliance program to safeguard Protected Health Information (PHI) in accordance with the HIPAA Security Rule. Thus, this rpogram ensure healthcare organizations’ commitment to fair information practices, and also helps them show others that they have taken the necessary steps to protect health information privacy in accordance with the HIPAA Privacy Rule.

“We are thrilled to achieve this high level in health care information security and privacy,” said Jana Skewes, chief executive officer of Shared Health. “The URAC accreditations highlight our commitment to delivering the most secure, best privacy protection practices in our industry through innovative health information technology solutions at the point of care, which is the perfect prescription for better health nationwide.”

Shared Health has shown lead by implementation of a comprehensive security compliance plan, rigorous management policies and procedures, administrative, physical and technical safeguards and special requirements for group health plans. It also met stringent standards for privacy protection, including implementation of a privacy compliance plan, strict policies and procedures, workforce training, disclosures, complaints and special requirements for health plans, group health plans, hybrid entities, health care providers, affiliated covered entities and organized health care arrangements.

“By applying for and receiving the HIPAA Security and Privacy Covered Entity accreditations, Shared Health has demonstrated a commitment to quality health care,” said Alan P. Spielman, URAC president and CEO. “Quality health care is crucial to our nation’s welfare and it is important to have organizations that are willing to measure themselves against national standards.”

MGMA survey reveals that practices still not prepared for HIPAA 5010

The Medical Group Management Association has released its survey which reveals that most of the physicians are still unprepared for a shift to the new electronic claims submission standards known as HIPAA 5010, although the adoption deadline is just six months away. Only 9.2 per cent of the physicians were performing test procedures to the software updates provided by the electronic medical record vendors and about 38.2 per cent had no schedules for such tests as yet.

Of the 356 practices that MGMA surveyed, just 15.2% had conducted an impact analysis to examine what the practice needed to do to prepare. Most practices said they had either not started preparing (45.2%) or were less than 25% done preparing (26.4%).

However, whether the medical practices participated in the event of 15th June was not revealed by the survey. The Centers for Medicare & Medicaid Services had declared June 15 as National 5010 Testing Day. The American Medical Association and the MGMA had suggested that CMS conduct such an event.

RAC agrees to pay $1 million to settle violations of HIPAA

The HIPAA Privacy Rule requires health plans, health care clearinghouses and most health care providers (covered entities), including most pharmacies, to safeguard the privacy of patient information, and maintain adequate levels of privacy and security when disposing off various information.

When media circulated various videotaped incidents in a variety of cities across United States in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. Rite Aid pharmacy stores in several of the cities were highlighted in media reports. Following this, OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC and found it guilty.

Now, Rite Aid Corporation and its 40 affiliated entities has decided to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. It has also signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act. Along with this, it has also agreed to take corrective action to improve measures to safeguard the privacy of its customers when disposing of identifying information on pill bottle labels and other health information.

“It is critical that companies, large and small, build a culture of compliance to protect consumers’ right to privacy and safeguard health information. OCR is committed to strong enforcement of HIPAA,” said Georgina Verdugo, director of OCR. “We hope that this agreement will spur other health organizations to examine and improve their policies and procedures for protecting patient information during the disposal process.”

The HHS corrective action plan will be in place for three years; the FTC order will be in place for 20 years.