Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com

Author: Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome. Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas. She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation. Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance? All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Have you “Googled” yourself lately?

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Modern technology is both amazing and scary! Do you know what is being said about you or your organization? In today’s world we must keep up with what is being said on the World Wide Web (WWW) to make sure what the world sees and reads is not Fake News! It also helps you to uncover any broken links to your website that may frustrate potential new patients from actually finding you.

It is a proven fact that before a person buys nearly anything, they “Google” it. This includes finding services as well as looking for a new physician. Do you want to increase your patient visits? Are you being found? Is the information that is out there correct? We suggest searching for your name, practice name, address, and phone numbers to see what is listed. Also check the websites that rate physicians.

Do you have any social media sites? Did you know that someone else can create one for you? These are called “unofficial” sites in Facebook. Patients could be checking in and writing negative comments about your practice and you may not even know about it. That is why it is so important to keep an watchful eye! However, be very careful how you respond. Patients have the right to tell the world about themselves but healthcare providers do not!

Before you venture into any marketing campaigns, make sure you are not violating any privacy laws. If you decide to hire a marketing company or reputation management service; insist on a company that is well versed in the medical arena. Special HIPAA regulations are required in marketing and we have heard some practices being charged with HIPAA violations due to their service provider. Also, remember to check your state laws as well!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Practice call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Phishing Scams are hitting everyone!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Nearly everyone has received a phishing email at one time or another. It seems like every time a celebrity makes the news, scammers are sending emails, and creating fake sites to steal your information. They prey on our interests and they know that many people are interested in learning what “really” happened. Remember the old saying “curiosity killed the cat”, well this may not kill you but it could make your life miserable and cost you a lot of money! They can install malware on your computer and depending on the type of malware, it could also do some very nasty things!

Here are some helpful hints:

  1. Never use work computers to surf the web, especially do not go to websites that you are unfamiliar with. If you do not follow the policies and procedures of your organization, YOU personally could be held liable for any breaches or theft of information.
  2. Never click on links in an email offering “important” or requires an “urgent” response. Instead open your browser and go to the website you are familiar with.
  3. Never click on email attachments that offer “important” or “urgent” information.
  4. Never click on links within social media.
  5. Make sure you have enterprise versions of anti-virus and anti-malware software and they are up to date.
  6. Implement a two step process before authorizing any exchange of money and anywhere it is offered.
  7. Continual education!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Is it time review your Policies and Procedures?

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

As you know you HIPAA Compliance is not a once and done process. It continually changes and evolves as your organization grows and your technology changes. This is a reminder to review what you have in place to ensure it still adequately safeguards your data.

Here are some quick helpful tips:

  1. Review your Notice of Privacy Practices. Have you implemented any new technology or added any new services that needs to posted? If you have a website make sure you update your NPP there as well.
  2. If you have a “Contact us” or an “Appointment Scheduler” form on your website and your website is not HTTPS, we recommend placing a disclaimer advising patients not to send personal information via the form. If you do have an HTTPS site, make sure your hosting vendor understands HIPAA and review where the data is sent and stored.
  3. Review your Technology Equipment. Have you added any new software or hardware? Do you regularly check your firewall settings? Are you reviewing your website security to ensure it is up to date? Are you documenting your IT efforts or reviewing your monthly IT vendor reports?
  4. Have you reviewed your list of Business Associates to ensure you have BA agreement in place with ALL of your Associates?
  5. Review your Inventory list. Have you added any new equipment or have you disposed of any?
  6. Have you conducted your annual HIPAA training for everyone? Is it documented?
  7. Have you tested your Contingency Plan?

Of course we could go on and on, but hopefully this will jumpstart your thinking process! Remember, your Risk Management Plan is a living document that needs to be updated on a continual basis. As you review your compliance efforts be sure to document this in your Plan.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Patient Data is a Hot Commodity

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Health care organizations are now a primary target since they are the custodians of patient data and a plethora of information. The reason patient information is sought after so much is because it can be sold on the black market for a decent price. Social Security Numbers also have a longer shelf life unlike credit card numbers. Therefore it is imperative that any company or person that is involved with healthcare data do what they can to protect their computers and/or network.

Criminals are diligent in trying to gain access to these valuable databases. They can get into your network through social engineering, malware, and mobile devices to name a few. Sadly, most attacks go undetected for months, sometimes even a year unless it is ransomware when you are “notified” immediately!

Under the Security Rule, all entities that work with Protected Health Information are required to conduct a Risk Analysis to uncover any potential vulnerabilities. Then they must create a Risk Management plan to correct those deficiencies. Although most of the “technical” standards are addressable and not required, this does not mean optional. All covered entities and business associates must have reasonable and appropriate safeguards in place to protect their data. Aside from your normal IT services, we believe it will only be a matter of time before network security audits will become mandatory. Keep in mind your Policies and Procedures are still the backbone of HIPAA Compliance.

So what can you do to protect your data and your organization?

  1. Conduct a security risk analysis
  2. Mitigate the vulnerabilities that are discovered
  3. Request a third party network security audit
  4. Request documentation that your business associates are HIPAA Compliant
  5. Continual EDUCATION!

These are just some of the basics that you should implement. For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Phone Scams- Just hang up!

Posted bySuze Shaffer

By Aris Medical Solutions

We have been trained to be polite. When someone asks us a question, we are compelled to answer. Sometimes, you just need to HANG UP!

A new scam is making headlines now because they are recording your answer to use in the future. For example, when someone calls and asks you “can you hear me” and you simply say “yes”, this scammer is recording your voice. This scammer may be a live person or a robo call, some robo calls now even sound like a human and you do not realize it is a recording at first. Either way by you simply saying yes, they can edit the call and use your own voice to authorize a purchase or a contract. They may already have other personal information like your credit card number and need this additional component to carry out their scam.

Of course there are many phone scams out there, always remember to exercise caution when someone calls asking for information. ANY information! Do not even give out what type of copier or phone system you use. If they are a vendor of yours they will already have this information.

So, let’s start a new catch phrase. Instead of “just do it”, let’s “just hang up”!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

1557 Discrimination Law – is your practice at risk?

Posted bySuze Shaffer

By Aris Medical Solutions

Section 1557 is the nondiscrimination provision of the Affordable Care Act (ACA). The law prohibits discrimination on the basis of race, color, national origin, sex, age, or disability in certain health programs or activities. Section 1557 builds on longstanding and familiar Federal civil rights laws: Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973 and the Age Discrimination Act of 1975. Section 1557 extends nondiscrimination protections to individuals participating in:

  • Any health program or activity any part of which received funding from HHS
  • Any health program or activity that HHS itself administers
  • Health Insurance Marketplaces and all plans offered by issuers that participate in those Marketplaces.

Section 1557 has been in effect since its enactment in 2010 and the HHS Office for Civil Rights has been enforcing the provision since it was enacted.
This provision goes much further than most practices are aware of including the fact this rule became effective July 18, 2016.

  • Take steps to ensure 1557 has been addressed:
  • Assign a Civil Rights Coordinator;
  • Revise your policies and procedures;
  • Incorporate a general assessment evaluation;
  • Review the patient intake process;
  • Track all requests for auxiliary aids and services;
  • Monitor performance of interpreter services to ensure effective communication;
  • Review your complaint process;
  • Post a Notice of Nondiscrimination;
  • Post a Nondiscrimination Statement; and
  • Conduct mandatory training for all staff.

Title II of the Americans with Disabilities Act of 1990 (Title II), Section 504 of the Rehabilitation Act of 1973 (Section 504) and Section 1557 of the Affordable Care Act of 2010 (Section 1557) requires an entity to take steps to ensure communication with individuals with disabilities is as effective as communication with others through the use of appropriate auxiliary aids and services. This includes people with as well as language barriers.

OCR has modified the notice requirement in § 92.8 to exclude publications and significant communications that are small in size from the requirement to post all of the content specified in § 92.8; instead, covered entities will be required to post only a shorter nondiscrimination statement in such communications and publications, along with a limited number of taglines. OCR also is translating a sample nondiscrimination statement that covered entities may use in fulfilling this obligation.
In addition, with respect to the obligation in § 92.8 to post taglines in at least the top 15 languages spoken nationally by persons with limited English proficiency, OCR has replaced the national threshold with a threshold requiring taglines in at least the top 15 languages spoken by limited English proficient populations statewide.

Samples can be downloaded here:
https://www.hhs.gov/civil-rights/for-individuals/section-1557/translated-resources/index.html

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

DynA-Crypt Ransomware is worse than the others!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Karsten Hahn who is a GData malware analyst discovered this ransomware called DynA-Crypt. Larry Abrams at Bleepingcomputer alerted the world about this new type of ransomware. Thanks to them, we know about this and must be diligent in protecting our information.

This new strain is even more dangerous and destructive than the others. This malware not only encrypts your data, but also takes screenshots of your active desktop, login commands that you type, and even records system sounds from your computer. It will even steal information from Skype and Chrome. While this vicious attack is encrypting your computer, stealing your information, it is also deleting your files.

This would be considered a major HIPAA data breach and not only will you lose everything, you will have to report this to your State and Federal authorities under the Breach Notification Laws.

Make sure your anti-virus and anti-malware is up to date and verify it is an enterprise version. Although this is not specifically stated under HIPAA, it is considered reasonable and appropriate. If you never have this happen to you, the HIPAA Police is not going to penalize you. However, if this does affect your practice or organization and you do not have reasonable and appropriate safeguards in place, you will be fined and penalized.

Everyone in your organization should be made aware of this new attack and remind them NOT open any file attachments OR click on any links in ANY email unless you are absolutely sure it is safe. Best practices is to open your browser and go directly to the company’s website to check on anything you receive in an email. Also be VERY careful trusting emails from friends. If YOUR email is hacked, they will spoof a name in your contact list and send an email back to YOU. They hope that since you know this person you will open the email. If you receive an email that asks you to click on a link or open a file, look carefully at the FULL email address, more than likely is NOT your friends email. Keep in mind, it still could come from their actual email address. Always call or text them and ask if they sent this to you.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Default passwords- why you need to change them!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Home security cameras and baby monitors are making the news again about being hacked. This is nothing new, we have been telling people for years to change the default passwords on ALL your technology devices. Anyone can Google your device or IP address and they can get your default password. HIPAA requires that you have reasonable and appropriate safeguards in place to protect patient data. This includes updating and changing technology as needed.

For example all I had to type in Google was “Default password for Netgear”, and this is what I found:

For most NETGEAR devices (except ReadyNAS/ReadyDATA products and Fully Managed Switches), the default username and password are: Username (all models) = admin. Password (current models) = password. Password (very old models) = 1234. Aug 9, 2015

If you use any security cameras, Google “IP Camera Default Usernames Password and IP Addresses”. I found a website that lists ALL CAMERAS!

I highly recommend that you walk around your home and office and make a list of all your technology devices and Google them. If you can find a default password on the internet; so can everyone else. If you do not know how to change the password, we suggest hiring someone to do this for you. Otherwise you could simply remove the password all together!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Background Check Requirements

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

The state of Indiana expanded the requirements for background checks to include national criminal history checks on employees and owners of home healthcare and personal services facilities.

The previous law required only a limited criminal history check. A limited criminal history contains only felonies and class A misdemeanor arrests within the state of Indiana. The expanded criminal history check includes history of all counties and states where the person lived. The national criminal history check contains information from all state and federal jurisdictions.

Employers must request a national criminal history check within three days of a new employee’s commencement of work, and owners cannot employ someone to provide services in a patient’s residence for more than 21 days without receipt of the results of the check. Employers must complete a national criminal history check on all new hires, and no employee without the check can serve patients in their residences. Owners, officers, and managers are also subject to the criminal history check. Convictions of rape, certain exploitations, or criminal deviate prohibits anyone from owning a facility or working in patient care. This history check must cover the person’s lifetime and it not limited to a certain time frame or number of years. This exclusion also applies to anyone that failed to report the crime or was convicted of theft within the last 10 years.

Although this law does not include “medical practices”; Aris still recommends a background check on all staff members. More than likely we will see more states amend their laws and they may include all of healthcare. If you are not doing so, it is time to review your Workforce Clearance Procedures.
Here are some websites to assist you:
https://www.intellicorp.net/marketing/home.aspx

https://www.fadv.com/healthcare

https://www.backgroundchecks.com/

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Healthcare is a huge target!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Things may seem wonderful since a new year is beginning; please don’t forget that many things remain the same.

For instance…
Healthcare is targeted in many ways. Do your employees know how to spot a phishing email or a potential virus? Most phishing expeditions and viruses are delivered right to your inbox! Did you know that nearly 90% of all ransomware attacks were on healthcare? A new report by Check Point software’s researchers states that Ransomware plague earns $2 million, while only 0.3% victims pay up. With this much money that is being made, more and more criminals are creating Ransomware. What would you do if one of your employees clicked on a link and downloaded a virus or your system was encrypted by ransomware?

Today, we are extremely busy and the criminals know this. It is so easy to spoof another company’s logo and create a phishing email or worse; a ransomware infection. What can you do? First and foremost you must continually educate your staff on what to look for and how to avoid making costly mistakes.

Here are some things to watch out for:

  1. Emails that claim your account has been compromised and you need to call a toll free number immediately. Lookup the number for the company and call them on that number and not the number supplied in the email. If you call the number that is supplied, either you will to talk to a real criminal and they try to get information from you or your credit card number. The other way is you get stuck in a voicemail holding pattern and then your number is programmed in and they call you back and try the same scam.
  2. Emails that claim your package (FEDEx / UPS / USPS) or payment (IRS / Bank / Credit Card) was not delivered, and you need to click on an attachment or a link.Open your browser and go directly to the company’s website, do not click on anything in the email.
  3. Phone call that advises you there is new software upgrade or virus and offers a free scan on your computer. Do not permit anyone access to your computer unless they have been verified by the company they work for and you know who they are.
  4. Fake apps that look like the real stores. Watch for apps that do not have a lot of reviews or bad reviews. Do not click on a link to download an app, go to the app store. Even then be careful, although Apple and Google use algorithms to detect, some have slipped through! Do not give out too much information and try to avoid adding any credit card numbers to apps. Read the permissions on all apps before downloading. If it is asking for more than is needed, do not download even though it sounds like a great app. Many apps contain malware to steal your information. If you connect your portable device to your office network, it can steal information from there as well.

Remember, most scams have a sense of urgency to prevent a negative consequence. Also, as the old saying goes… if it sounds too good to be true, it probably is. Always think before you react!
For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

©2025 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC