| > | | | | to establish an easy and affordable way to give their |
| | | | patients medical advice over the web. The provider |
| OVERVIEW | | | | must have the ability to send and receive protected |
| Operating a medical practice is assiduous work | | | | medical advice from work or home and cannot |
| requiring great attention to detail on a variety of | | | | afford the installation, maintenance and expensive |
| fronts. Patient privacy has always Been an important | | | | licensing fees associated with available server-based |
| concept in the medical profession. New laws are | | | | solutions. Furthermore, the caregiver’s patients |
| taking this notion a step further, making it mandatory | | | | are largely non-technical and will not bother with |
| for medical facilities to protect individuallyidentifiable | | | | cumbersome key exchange, s/mime and other |
| health information. Government regulations such as | | | | requirements commonly associated with widely |
| the Health Insurance Portability andAccountability Act | | | | available encryption technologies. |
| (HIPAA) and others stipulate the how your digital | | | | Additionally, encryption software does not protect |
| records containing sensitive patient information should | | | | content after it has been delivered. Once opened, |
| be kept secure, but caring for your patient’s | | | | the patient’s identifiable medical information is |
| privacy is just good business. | | | | totally exposed; email can be accidentally forwarded, |
| One of the most time and labor consuming tasks in | | | | laptops and PCs can be lost or sold with PHI |
| maintaining an electronic medical record is importing | | | | remaining on the hard-drive, patient info could be |
| non-digital patient information such as radiology | | | | leaked via virus, spy-ware or Trojan worm. |
| reports, hospital dictation andconsultation/referral | | | | Unauthorized individuals gain access and |
| letters is an extremely time and labor consuming task | | | | doctor-patient confidentiality is breached. The |
| in maintaining an electronic medical record. This is | | | | caregiver must be able to ensure that received |
| unfortunate because most of this information is | | | | documents remain encrypted and can be deleted |
| already in digital format at the sender's location but | | | | from the patient’s computer after a given |
| printed to paper for transit. Transmitting digital | | | | time. How can the healthcare provider utilize the |
| information securely, however, can be problematic at | | | | power of email to give medical advice while keeping |
| best. Simply emailing a document to an intended | | | | sensitive patient data secure? |
| recipientwould potentially violate a patient's privacy | | | | Taceo helps healthcare professionals meet HIPAA |
| since the mail could be intercepted in transit or read | | | | requirements for the secure storage, transmission |
| byunauthorized persons on the destination email | | | | and delivery of identifiable patient information. Taceo |
| server before it is downloaded. Also, it would | | | | makes the sending and receiving of secured email |
| beimpossible to tell whether or not the document | | | | and documents quick and easy. From the desktop or |
| was tampered with or was sent by someone | | | | MS Outlook®, providers can encrypt and apply |
| electronically pretending to be someone else. For | | | | usage permissions to control and prevent actions as |
| example, to promote office efficiency, medicaloffices | | | | forwarding, cut/copy/paste, printing and disabling the |
| that want to allow physicians to provide electronic | | | | Print Screen key. Email and documents can also be |
| mail as a means to transmit information are forced to | | | | set to expire and will become unreadable at a |
| have an email disclaimer that can not | | | | given time and date. |
| guarantee the privacy of information contained in an | | | | Taceo is by no means a comprehensiven overall |
| email. The information may be confidential and | | | | HIPAA security solution, however if used properly |
| subject to protection under the law, but the fact | | | | can help your business to inexpensively meet most |
| remains that no real protection is provided as a | | | | of the critical rules. |
| preventative for security breach of your information. | | | | TACEO FEATURES AND BENEFITS |
| Whether you are a healthcare provider, payer or | | | | Protect EPHI from theft, misdirection and |
| pharmaceutical company you have electronic | | | | unauthorized distribution. Allows primary care |
| information that must be protected. Essential Taceo | | | | providers and specialists to instantly and securely |
| virtually eliminates the costs associated with | | | | share patient records with little cost. Enables |
| safeguarding Protected Health Information (PHI). With | | | | patients to easily access and securely reply to |
| Taceo you are now free to email medical advice to | | | | protected emails containing medical advice, |
| your patients, send prescription requests to the | | | | prescription information and more from their home or |
| smallest of pharmacies and safely deliver patient | | | | work computers. Gives off-site providers an easy |
| records to referral doctors. | | | | method to access and reply to secure email sent |
| HEALTH INSURANCE PORTABILITY AND | | | | across disparate computing environments |
| ACCOUNTABILITY ACT (HIPAA) | | | | Affordable security beyond the office firewall. Taceo |
| The Health Insurance Portability and Accountability | | | | can ensure the proper use and protection of EPHI no |
| Act (HIPAA) of 1996 was designed to create a new | | | | matter where it travels or where it is stored. |
| national standard for protecting the privacy of | | | | Helps ensure authenticity of EPHI with digital |
| patient’s health information. HIPAA also | | | | signatures. Improve productivity by using the web |
| focused on improving the efficiency and | | | | to instantly & securely share sensitive data. |
| effectiveness of the Healthcare system, by | | | | Taceo offers an affordable way to securely store |
| encouraging thedevelopment and adoption of | | | | sensitive information on site. Prevent unauthorized |
| Electronic Data Interchange (EDI) between healthcare | | | | access to your documents. Prevent unauthorized |
| providers, payers and pharmaceutical organizations. | | | | distribution (no forwarding) Prevent document |
| HIPAA also stipulates the strict requirement for | | | | editing (no cut, copy, paste) Set expiration time |
| organizations to establish safeguards to protect the | | | | date on email & documents. Ensures |
| integrity and confidentiality of an | | | | confidentiality and privacy. Securely and |
| individual’sProtected Health Information | | | | permanently delete files to Department of Defense |
| (PHI).HIPAA applies to individual healthcare providers, | | | | standards (DOD 5220.22-M). Patients can |
| health plans, and healthcare insurance providers.The | | | | download Taceo for free. Meet regulatory |
| law also pertains to organizations that deal with the | | | | compliance requirements for privacy - HIPAA, |
| electronic PHI of customers, employers and patients. | | | | PIPEDA, 21 CFR Part 11, Sarbanes-Oxley |
| Civil and criminal penalties can result from | | | | REDUCING YOUR VULNERABILIIES |
| noncompliance and security violations. | | | | No security software in the world is 100% |
| PENALTIES FOR HIPAA VIOLATIONS | | | | unbreakable, even the most advanced digital |
| HIPAA calls for civil and criminal penalties for security | | | | encryption techniques can be broken or circumvented |
| and privacy breaches. General failure to comply is | | | | by some person or organization with enough |
| $100 per penalty; violations of an identical | | | | motivation,time and money. Taceo does not totally |
| requirement may not exceed $25,000 per year. For | | | | negate the risk of information leakage, for example a |
| example: it would be considered a violation to email | | | | malicious individual could take a digital photo of the |
| claim or file with identifiable patient information that is | | | | screen or re-type the content into another document |
| not encrypted. Even though one requirement may | | | | and distribute it. However, Taceo considerably |
| not exceed $25,000, HIPAA has more than 15 named | | | | reduces the risk that sensitive data can be |
| security standards, which if repeatedly violated could | | | | disseminated to unauthorized individuals or groups. |
| quickly grow to more than $375,000. More severe | | | | Taceo Safeguards remain with the data no matter |
| criminal penalties also apply to more flagrant HIPAA | | | | where it travels or where it is stored. Even if a CD or |
| violations. Wrongful disclosure of PHI can result in a | | | | USB thumb-drive containing protected data isstolen, |
| $50,000 penalty and up to one year in prison. | | | | the information contained therein will remain |
| Offense with intent to sell of misusepatients | | | | encrypted and cannot be opened by unauthorized |
| protected health information is punishable with a | | | | recipients. |
| maximum $250,000 fine and/or 10 years | | | | THE ANALOGUE TO DIGITAL MIGRATION |
| Imprisonment. | | | | Although it is often difficult to make the initial switch |
| TACEO: HELPING TO NAVIGATE THE HIPAA | | | | to using digital patient records, the cost savings can |
| MINEFIELD - COMMON HIPAA SCENARIOS AND | | | | be profound, especially when amortized over a |
| TACEO | | | | number of years. Benefits include better accuracy in |
| Medical office wishes to refer and identifiable PHI to | | | | health records, less time spent transcribing patient |
| another healthcare provider. | | | | notes, filling prescriptions and receiving quicker |
| A primary care physician examines an individual and | | | | payment from insurance companies. For the most |
| determines that he would like to send the patient to | | | | part many healthcare practitioners have been slow to |
| another provider for further diagnosis or treatment. | | | | adopt digital medical records, as of April 2005 only |
| The physician then asks his/her assistant to assemble | | | | 16.4% of doctors in the United States had made the |
| and email the patient’s history and physical | | | | switch. Reasons most often cited for the slow |
| (H&P), imaging reports, labs, progress notes, etc. | | | | adoption has been the costs in time and money. Fear |
| to the off-site healthcare provider for review. | | | | of complicated regulations also slow the transition; |
| Unfortunately, the physician and his assistant are in | | | | once records are in the digital realm HIPAA standards |
| now violation of HIPAA regulations. | | | | must be strictly adhered. |
| Unprotected email is like sending a post-card through | | | | Although the task appears daunting, individual and |
| cyber-space. While transiting it is routed through | | | | smaller medical practices can cost-effectively make |
| multiple servers, an email containing patient PHI can | | | | the digital transition with largely low cost, |
| be easily read by people other than the designated | | | | off-the-shelf components. |
| recipient (the off-site provider). Furthermore, the | | | | Taceo, from Essential Security Software should be |
| patient’s records, because of an accidental | | | | an integral part of any digital migration plan. Taceo |
| keystroke, could be unintentionally misdirected to an | | | | can help your office secure the storage and |
| unknown party, thereby increasing the severity of | | | | transmission of PHI. Because Taceo can be used on |
| the security breach. The physician’s assistant | | | | almost any PC, it can beused to bridge the |
| could have used Taceo to protect the email and | | | | gap with offices of other healthcare providers |
| attachments. With the quick click of a button the | | | | that have not yet made the switch to digital records. |
| worker could have prohibited the patient records | | | | Whether digital or analog, all organizations that deal |
| from being printed, forwarded and edited. The | | | | with patient medical information are subject to |
| outgoing documents would be encrypted and | | | | HIPAA ordinances. |
| un-accessible to anyone besides the intended | | | | SUMMARY |
| recipient healthcare provider. (Even if the receiving | | | | Any healthcare provider or organization that works |
| healthcare provider is notfully set-up to work with | | | | with patient healthcare data is at risk for losing |
| electronic patient healthcare information, they can still | | | | control of this information. Unprotected electronic files |
| securely view patientrecords without violating patient | | | | containing sensitive data can easily be accessed, |
| confidentiality.) | | | | altered, stolen and re-distributed to unauthorized |
| On-line Pharmaceutical Provider | | | | parties. Electronic protected healthinformation (EPHI) |
| A pharmaceutical provider fills prescriptions via on-line | | | | is subject to stringent HIPAA regulations; penalties |
| ordering, but cannot meet HIPAA securetransmission | | | | for violation of HIPAA rules can result in stiff fines |
| requirements for emailing regarding prescriptions and | | | | and jail time. Loss of EPHI can place healthcare |
| medications, order confirmation, and other information | | | | organizations at great financialand legal risk. |
| to their patients. The organization could resort to | | | | Taceo, from Essential Security Software can help |
| analog methods such as calling each individual | | | | small to mid-size healthcare providers mitigate these |
| customer or sending information to the customers | | | | risks. Taceo can also help organizations meet HIPAA |
| via standard post, however these methods are very | | | | requirements for the secure transmission, access and |
| inefficient and cost prohibitive. To meet HIPAA | | | | integrity of EPHI. Taceo is effective, affordable and |
| regulations the on-line prescription provider must | | | | easy-to-use software that enables healthcare |
| shoulder the burden of hiring and training a number of | | | | providers to securely store, transmit and receive |
| new employees atgreat cost. What is the on-line | | | | sensitive data. Taceo can encrypt and help control |
| pharmacy to do? | | | | access to almost any file. Protected email and |
| With Taceo, the pharmaceutical provider can securely | | | | documents are safeguarded against unauthorized |
| send prescription information, orderconfirmations and | | | | forwarding, editing, coping, and printing or screen |
| more to their clientele. The confidentiality and | | | | capture.Taceo opens up a new realm of possibilities |
| integrity of emails containingprotected health | | | | never available before with such ease and |
| information (PHI) is enforced and maintained even | | | | affordability.Healthcare providers can securely email |
| after delivery. Nearly any customer with a PC1 can | | | | medical information to their patients. Pharmacies can |
| easily download the free version of Taceo, enabling | | | | use Taceo to send prescription order information to |
| them receive and reply protected email. | | | | doctors and customers alike. |
| Taceo’s usage permissions interface provides | | | | Caregivers can quickly and securely collaborate with |
| the company with an effective way to assign flexible | | | | off-site specialists thereby ensuring patients receive |
| rights management controls based on the profile of | | | | good treatment and much more. |
| the client. Emails Containing prescriptioninformation can | | | | System Requirements |
| be set to expire when no longer valid. | | | | - Microsoft Windows 2000/XP/2003 or newer |
| Healthcare giver wishes to provide individual patients | | | | - Microsoft .Net framework installed (if you |
| medical advice via email | | | | don’t have this Taceo will install it for you) |
| To provide added value, a healthcare provider wishes | | | | - Internet access. |