Why CAIPHI, Why Now?
The FBI reports healthcare ranks in the top 5 industries targeted for cybercrime.
“On the black market, where the bad guys sell this stuff, the value of a medical record is easily 10 times more than a credit card account number.” – Privacy Expert Larry Ponemon, to NBC News, July 24, 2017.
The healthcare orbit of 801,000 covered entities and their over 1.5 million business associates face unprecedented threats to networks, EHR systems, and digital devices used for healthcare operations, payment, and treatment that potentially compromise patients’ data and safety.
These Threats are in Three Areas
REGULATORY
Noncompliance
OPERATIONS
Cyberattacks
DATA EXCHANGE
Unsecured ePHI
The Consequences
- Increased Likelihood of Breach.
- Patient Safety or Identify Compromised.
- Significant Federal Penalties.
- Impaired Cyber-insurability.
- Negative Business Reputation.
- Class Action and Individual Litigation.
- Reduced Medicare Payments under MIPS (2019).
REGULATORY
Noncompliance
Failure to Conduct a Risk Analysis and Implement and Document a Security Management Plan, with Resultant Privacy Breach and Security Incident Threats and Vulnerabilities.
OPERATIONS
Cyberattacks
Internal: Workforce Member Vulnerabilities Due to Inappropriate or Lack of Safeguard Training.
External: Phishing/Ransomware Intrusion Threats to Vulnerable Networks and Systems.
DATA EXCHANGE
Unsecured ePHI
Access by Unauthorized or Unauthenticated Persons or Systems that Compromises Confidentiality, Availability, Integrity, or any Combination thereof.
The CAIPHI Solutions
CAIPHI links cybersecurity safeguards to provide chain of custody of ePHI across healthcare stakeholders’ EHR, IoT, and Data Exchange environments.
REGULATORY COMPLIANCE
A Comprehensive Cybersecurity and HIPAA Safeguard Compliance Tool Set that Includes a NIST-Based Risk Analysis Template, Written Policies and Procedures, and a Safeguard Training Curriculum.
EMERGENCY PREPAREDNESS
Checklists and Management Tools for Tracking, Testing, and Certification for Emergency Preparedness Protocols for 17 CMS-designated Medicare and Medicaid Providers and Suppliers for which Compliance was required by November 15, 2017.
AUDIT OF loT DEVICES
An Adaption of an Existing Software that Identifies All Networked Devices, Tracks Their Activity to Ensure Appropriate Use in Medical Diagnosis and Treatment, Alerts Management when an Inappropriate Use or Malfunction Occurs or in Anticipation of a Malfunction.
SECURE DATA EXCHANGE
An Adaption of a Sensitive Healthcare Data Exchange Mobile Software that Initially will be for Provider-to-Provider Exchange, Ensures Authorization and Authentication of the Data Recipient.
Value Added Benefits
CyPHIcomply™ and CyPHIprepare™ provide the regulatory and best practices framework for design and implementation of CyPHIsensor™ and CyPHIsecure™ software.
- Mitigate internal and external risks to patient safety.
- Create a trusted environment for healthcare stakeholders.
- Minimize financial and reputational liabilities to noncompliance.
- Enable cybersecurity insurance coverage.
- Generate linked data leading to real-time quantifiable intelligence across continuum.
- Reduced Medicare Payments under MIPS (2019).
The CAIPHI Continuum
The Continuum is the linkage of cybersecurity safeguards and chain of custody of a patient’s data received, created, maintained, or transmitted to ensure its confidentiality, availability, and integrity.
- Such safeguards for patient data in exchange require that the sender authenticates the recipient as an authorized receiver of the data and that the data are not impermissibly altered or disclosed in transmission. CyPHIsecure™ is the solution that ensures confidentiality and integrity of patient data, well as its availability to authorized and authenticated users.
- Such safeguards require that IoT devices used in diagnosis, monitoring, and treatment of medical conditions in clinical environments capture, record, and disclose true and accurate information to the healthcare practitioner. CyPHIsensor™ is the solution that ensures availability and integrity of patient data, as well as its confidentiality from access by unauthorized users.
- Confidentiality, Availability, and Integrity of Protected Health Information is CAIPHI.
Our focus is to ensure that our customers implement the safeguard continuum, starting with CyPHIcomply™ for complying with HIPAA Rules and the NIST Cybersecurity Framework, and CyPHIprepare™ for complying with CMS requirements – implementing industry best practices; safeguarding patient data under all circumstances; and using data drawn from CAIPHI’s safeguard tools to establish AI management procedures in the future.