“It’s 11 o’clock do you know where your personal health information is?” The new provisions in the American Recovery and Reinvestment Act of 2009 (ARRA) may make this a very expensive question if the answer is “no.”ARRA has new – and sweeping – provisions regarding the security of health information. “Covered entities” will be required to notify individuals within 60 days of any breaches of their personal health information. And, if the privacy breach involves 500 or more individuals, then the Department of Health and Human Services must be notified as well.”Business associates” will also be held to  much higher standards of maintaining the privacy and security of health records. HIPAA enforcement is extended to these entities, too.And, to counter critics that there was “a lot of HIPAA and not a lot of enforcement,” the new Act gives states attorneys general the authority to sue for HIPAA violations. This right had been reserved exclusively for the HHS’ Office of Civil Rights. State AGs will be able to seek statutory damages and attorneys fees on behalf of affected individuals in their states. State AGs are well-known for acting aggressively and rapidly, so HIPAA compliance will no longer be something to address “tomorrow.”These new provisions should cause anyone with sensitive medical information to reflect on the steps that they’ve taken – and need to take - to secure this data.At Secure Services Corporation, we believe that secure and encrypted data using our highly robust SHAPE (Secure Health And Privacy Environment) products will allow our customers to rest easy. They’ll know where the personal health information is at 11 o’clock and around the clock!SHAPE – Secure information at the tip of your finger.

HIPAA has too many letters to qualify as a “four letter word.” But, some medical providers – especially smaller practices – have given it that status. But, while many have focused on HIPAA, any breach of personal, healthcare or financial information can be costly to a business.A recent news article noted that retailers (large or small) credit unions and clinics all face the same problems as a huge firm if a breach in privacy occurs. Among the problems are government fines, lawsuits – individual and class-action, bad press and loss of customers. Most people in business don’t want to face any of these problems. A smaller firm faced with any – or all – of these problems is unlikely to survive them.May 2009 is the date for implementation of the Federal Trade Commission’s “Red Flags Rules.” These rules require many businesses – including healthcare providers – to implement a program to detect, prevent and mitigate instances of identity theft. Failure to comply with the rules could mean administrative penalties of up to $2,500 in fines per violation.Clearly, HIPAA, privacy and identity protection are concepts that warrant significant efforts if healthcare providers are going to thrive and consumers are going to remain confident in using their services. So, it’s time to stop cussing about our fate (another four letter word) and take action. Thankfully, Secure Services Corp. has developed affordable and interoperable solutions that help address these problems of security and identity protection. Help -  a four letter word that I like.SHAPE – Secure information at the tip of your finger.

The other day I was listening to music when I noticed that the sound wasn’t right. After a few minutes I found that one of the speaker wires had come loose. My stereo system – without that wire attached – wasn’t really a system. It hit me that the same could be said of our health care system. Oftentimes the various components aren’t connected. Perhaps our specialist is across town and not part of the hospital network. We might be on vacation and need to access care – again, the provider of care is not connected to the rest of our care. What we needed, I realized, was a health care system that revolved around us not around institutions – a Personal Health Care System – with the patient at the center and their doctors, hospitals and others as integral team members in the system.How do we get to a Personal Health Care System? A critical first step is that the patient has to have access to their medical information irrespective of where that care is provided. Personal Health Records (PHRs) provide a repository for medical data to meet this need. But, a PHR, alone,  isn’t connected to anything.Next generation PHRs, like our SHAPE PHR,™ bring us closer to having a Personal Health System by working with doctors, hospitals and other providers to communicate and input information into the PHR. These connections,with the patient at the center – and with the patient’s permission – maintain a more complete record of a patient’s care and allow other providers to have a more complete picture of the patient’s health care. As importantly, doctors and medical providers must be assured that the PHR is HIPAA-compliant (as the SHAPE PHR is). A PHR of this type will encourage doctors to provide data thereby reflecting care no matter where it is received within the hospital or provider network or across the globe.The next step is the most important. A Personal Health System must be at your fingertips when you need it. Our SHAPE Card™ allows the patient to securely and privately access their PHR with their SHAPE Card and their fingerprint in the doctor’s office or at the hospital. We’re using the power of the Internet powered by the most powerful security and encryption technology to make this Personal Health System private, reliable and secure.What can a Personal Health System mean for someone? For a starter, no more annoying clipboards at the doctor’s office. No more fear that, in an emergency a drug allergy will be overlooked. And, studies show that quality of care is enhanced and costs are reduced for patients, medical providers and insurers.A Personal Health System – connecting care with the patient at the center and the medical community as integral parts of the team – now that’s music to my ears.SHAPE – Secure information at the tip of your finger.

The track record for efforts to establish formal health information exchange networks has shown promise. However, concerns about loss of competitive advantage and data misuse lessen provider and health plan willingness to contribute patient data – impeding the growth of exchange networks. This concern coupled with the costs associated with large scale data and information infrastructure has caused these efforts to flounder – or fail. Secure Service Corporation’s core philosophy and architectural design of our SHAPE^TM solutions provide the desired benefits of the exchange networks without the competitive disadvantages and costs associated with them.

The SSC Private Intellectual Architecture creates value by combining Security, Privacy, and Communication in a single environment. SHAPE Linx, our collaborative environment, meets the business needs of medical providers for HIPAA-compliant communications and increased savings and efficiency in transactions and administration. The SHAPE^TM suite of products fulfills the promise of health information exchange networks to providers with robust data protections unsurpassed in the marketplace and without the loss of competitive advantage.

While SSC’s products are technologically sophisticated and cryptographically state-of-the-art, the premise is a simple one that has so far eluded the competition. Everyone is familiar with the story of The Three Little Pigs . A system that protects only privacy can be thought of as a house made of straw. It provides privacy but it can’t stand up to the big bad wolves that are determined to breach it. A product that is built with privacy and security at the core is a house made of sticks. Better than straw – but still vulnerable.

Only SSC’s SHAPE suite of solutions built with privacy, security and surveillance tracking in a communication and collaboration environment at its core – a house made of bricks – can withstand the onslaught of the wolves and provide real value to healthcare stakeholders.

SHAPE – Secure information at the tip of your finger.

The drumbeat for greater use of IT in health care is growing. Pam Mitroff, Secure Service Corp.’s Director of Public Relations and Communications recently attended a National Association of Health Underwriters meeting in Washington, D.C. She told me that almost every speaker included the need for IT in health care as a part of their remarks.A number of speakers spoke of using technology to improve quality of care. They noted that many senior citizens would benefit if their doctors had easy access to medical information. Many seniors see six or more doctors so coordinating care is important.An EHR (electronic health record) is not necessarily the best answer to enhanced coordination of care. EHRs are provider-centric. The information is input and maintained by the medical provider. If providers are linked, continuity of care can be improved through sharing of medical information.A better solution is a patient-centric PHR (personal health record). Patients have a funny habit of seeking care from a variety of sources. A PHR captures information from every medical encounter either through entries made by the patient or by the provider of care – whether they’re in the same medical network or on the other side of the continent.There is no doubt that bringing technological solutions to health care can increase efficiency and improve quality of care. SSC’s SHAPE suite of products, including the SHAPE PHR, is at the forefront of this growing movement.SHAPE – Secure information at the tip of your finger.

HIPAA – it’s the elephant in the room of every medical provider. And, we believe that the elephant is going to get much bigger. There is talk about expanding HIPAA to include more types of businesses and processes under the rubric of “covered entities.

”Why might this happen? It’s in the headlines every day. Breaches of data are too common and breaches of private medical information are no longer tolerated. So, how does one justify holding medical providers and insurers to the HIPAA compliance standard and allowing other parties to be less vigilant?

Let’s not forget that the biggest elephant is the federal government (state government is only a bit smaller). The federal government has relied, to date, on the “honor system” for HIPAA compliance – fines and penalties have been rare. We hear that’s about to change and that HIPAA violations will be uncovered and addressed. So, medical providers may want to review steps that they’ve taken and see what they can do next to ensure HIPAA-compliance.

SHAPE Linx™ is a unique secure personal desktop information management and comprehensive connectivity solution. SHAPE Linx provides an encrypted, HIPAA-compliant communication platform that protects information in transit and at rest and it ensures that both the sender and the receiver of information are authenticated and authorized to transfer or access the information.

Before you go elephant hunting make sure you have SSC’s affordable, technology neutral SHAPE Linx information management tool on your desktop.

SHAPE – Secure information at the tip of your finger.

I was struck the other day by two comments made by members of our SSC staff. The first was that there is a progression of where businesses are in their journey to an electronic environment – especially in the health care industry.

Bob’s idea was that there are seven steps along the journey to a secure electronic environment for health care information. You may have a few to add or subtract one or two, but the concept struck me as sound. Bob’s steps were:

1. Paper charts
2. Paper claims
3. Electronic claims
4. Using a picture ID to establish identity
5. HIPAA compliance internal to the organizations
6. HIPAA compliance internally and externally
7. Biometric identity.

He thought that prospects and clients should consider where they are on the journey, where they wish to go and how quickly they need to get there. Then, it becomes a simple matter of helping them implement the SHAPE products and strategies to get them where they want or need to be.

The second comment was made by Brendan. His idea fit well with Bob’s. He pointed out that our solutions could help clients make the transition from drowning in paper to a paperless environment. He has found that some clients and prospects are not ready or willing to move to a paperless world. Our job is to help them make the transition – at their speed and within their needs.

Both of these ideas underscore our mission at Secure Services Corp. That is, to provide solutions that are easy to implement, economical and that provide secure and encrypted communication. And, for health care providers and others using private medical data – it’s a HIPAA-compliant environment.

SHAPE – Secure information at the tip of your finger.