Why CAIPHI, Why Now?
The FBI reports healthcare ranks in the top 5 industries targeted for cybercrime.
“On the black market, where the bad guys sell this stuff, the value of a medical record is easily 10 times more than a credit card account number.” – Privacy Expert Larry Ponemon, to NBC News, July 24, 2017.
The healthcare orbit of 801,000 covered entities and their over 1.5 million business associates face unprecedented threats to networks, EHR systems, and digital devices used for healthcare operations, payment, and treatment that potentially compromise patients’ data and safety.
These Threats are in Three Areas
REGULATORY
Noncompliance
OPERATIONS
Cyberattacks
DATA EXCHANGE
Unsecured ePHI
The Consequences
- Increased Likelihood of Breach.
- Patient Safety or Identify Compromised.
- Significant Federal Penalties.
- Impaired Cyber-insurability.
- Negative Business Reputation.
- Class Action and Individual Litigation.
- Reduced Medicare Payments under MIPS (2019).
REGULATORY
Noncompliance
Failure to Conduct a Risk Analysis and Implement and Document a Security Management Plan, with Resultant Privacy Breach and Security Incident Threats and Vulnerabilities.
OPERATIONS
Cyberattacks
Internal: Workforce Member Vulnerabilities Due to Inappropriate or Lack of Safeguard Training.
External: Phishing/Ransomware Intrusion Threats to Vulnerable Networks and Systems.
DATA EXCHANGE
Unsecured ePHI
Access by Unauthorized or Unauthenticated Persons or Systems that Compromises Confidentiality, Availability, Integrity, or any Combination thereof.
The CAIPHI Solutions
CAIPHI links cybersecurity safeguards to provide chain of custody of ePHI across healthcare stakeholders’ EHR, IoT, and Data Exchange environments.
REGULATORY COMPLIANCE
A Comprehensive Cybersecurity and HIPAA Safeguard Compliance Tool Set that Includes a NIST-Based Risk Analysis Template, Written Policies and Procedures, and a Safeguard Training Curriculum.
EMERGENCY PREPAREDNESS
Checklists and Management Tools for Tracking, Testing, and Certification for Emergency Preparedness Protocols for 17 CMS-designated Medicare and Medicaid Providers and Suppliers for which Compliance was required by November 15, 2017.
AUDIT OF loT DEVICES
An Adaption of an Existing Software that Identifies All Networked Devices, Tracks Their Activity to Ensure Appropriate Use in Medical Diagnosis and Treatment, Alerts Management when an Inappropriate Use or Malfunction Occurs or in Anticipation of a Malfunction.
SECURE DATA EXCHANGE
An Adaption of a Sensitive Healthcare Data Exchange Mobile Software that Initially will be for Provider-to-Provider Exchange, Ensures Authorization and Authentication of the Data Recipient.
Value Added Benefits
CyPHIcomply™ and CyPHIprepare™ provide the regulatory and best practices framework for design, development, and deployment of future software to:
- Mitigate internal and external risks to patient safety.
- Create a trusted environment for healthcare stakeholders.
- Minimize financial and reputational liabilities to noncompliance.
- Enable cybersecurity insurance coverage.
- Generate linked data leading to real-time quantifiable intelligence across continuum.