Podcast Episode: HIPAA, Cybercrime & Human Error
Pairaphrase Founder & CTO Rick Woyde appeared on Podcast Detroit with Joe Dylewski, President & Owner of ATMP Solutions. In this podcast episode they talk critical components of HIPAA and how various types of cybercrime and human error can threaten healthcare data security, privacy and electronic data exchange.
Transcription (first 10 minutes)
You’re listening to the podcast Detroit Network visit www.PodcastDetroit.com for more information.
Hello again. This is Rick Woyde, CTO at Pairaphrase. And today my guest is Joe Dylewski with ATMP Solutions. Hi, Joe.
Thank you for joining me tonight. I really appreciate it.
Thanks for having me.
Tell us a little bit about yourself and your business, Joe.
Sure. I am an IT professional by trade. I’ve been in the IT business for approximately 30 years, doing a variety of things. Back in the days where Novell Blue and Redbox networks were part of the mainstream. And for the past 13 years, I’ve really focused my career on cybersecurity and really it started with a lot of the work that medical professionals were doing to convert a lot of their paper records to electronic and really started working with them and other companies who were handling sensitive information.
And really the focus of what I’ve been doing is more on the business risk side and teaching and educating people about how cybersecurity affects their business. So the ability to look at a business’s overall risk posture relative to the information that they store, process, transmit, and then help them put a plan in place to to remediate that. We tend not to get involved in a lot of the technical implementation. And at the end of the day, my goal is to educate people and teach them about what’s going on.
And also, from an educational standpoint, I have a bachelor’s degree in business administration and a master’s degree in mathematics. And so in addition to this, I’ve also taught at the college level in math. So teaching is what I really try to accomplish with all this.
Terrific. And if somebody wants to get a hold of you, how would they get a hold of you?
The best way to do it is our website, which is ATMPGroup.com. And from there there’s information about the company and a contact page to reach us.
Terrific. Thank you. So let’s let’s get right into it. And tonight or today, our topic is HIPAA. And full disclosure here, Joe’s firm is helping Pairaphrase with an audit right now, a compliance audit. And it’s been a very fascinating and educational and very valuable experience. But I think there’s a lot of mystery is what I would say around HIPAA.
So please tell us what exactly is HIPAA.
Sure. So HIPAA just recently passed its 24th birthday and you have to go back to ’96 to to kind of look at the roots of HIPAA. Basically, HIPAA was designed, believe it or not, to help reduce costs in healthcare. And the healthcare industry in general, sometimes people look at them and think that they kind of lag behind in technology implementation. And one of the problems that we had in healthcare back in the 90’s and before that was these organizations communicated by paper.
So if you put it in simplest terms, if you were to go to the doctor, they would record your insurance information and they would keep ledgers of all the procedures, all the diagnoses, and they would package that up and then send that to an insurance company through mail or courier, where the insurance company would then unpack it by paper. And that was very costly. The administrative overhead and all of that was very costly. So they had to come up with a standard to be able to take this information, make it electronic and be able to communicate between doctors, hospitals and insurance companies in electronic fashion.
Well, the problem was there was no real standard to do that. In addition to that, it brought up a whole lot of other implications around the privacy of that data. So once it became electronic, who could see it? The security of that data in its electronic form, what rules were in place to make sure that if a doctor, an insurance company had it, that they took care of it, that they were good stewards of that data.
So in the process of taking and implementing these methods of being able to take that information and move it places and share it places, they also took and implemented the whole idea of insurance portability, right. So when you look at HIPAA, HIPAA is actually the Health Insurance Portability and Accountability Act. So there were a number of titles in the whole HIPAA law that was passed in ’96 that dealt with things like being able to take your insurance from one company to another or being able to carry your insurance.
There were tax implications relative to that. But one of the big pieces was this whole idea of administrative simplification, so they agreed on information exchange rules, but they also agreed on things like the privacy and the security of that information once it was there. So that then really led to the propagation of those rules, not only to doctors, hospitals, health insurers and providers and so forth, but it also led to the further propagation of that into the supply chain.
So, for example, if I was a company providing services to an insurance company or a doctor, then I was really expected to live by the same set of rules that they were, because the data, whether it’s at a doctor’s office or it’s at a company providing services, it’s still equally important and has to be protected the same way. So over time, the HIPAA rule became more pervasive throughout a lot of different companies within the health care industry.
And when we think about it today, most individuals that think about HIPAA, they tend to go towards that form. They sign when they get to the doctor. Right. That’s our that’s our knowledge of HIPAA. But there’s as you’ve learned, there’s so much more behind the scenes that deal with some of the rules and guidelines that have to be followed to protect it. So that takes us up to where we are today. And in between ’96 and today, there have been a couple of different updates in additional guidance provided by Department of Health and Human Services.
But kind of encompassing all of that is really what’s gone on the last 24 years. But now with how much we hear on a daily basis about security breaches, all of the standards, HIPAA included, have gotten a lot more visibility and exposure, and they’re taking it much more seriously than they ever have. And that is ramped up over the years.
Well, I think cybersecurity today, especially during our current time of this pandemic, is more important than ever because I’m under the impression, it appears to me that cyber crime is just exploding right now.
There’s all kinds of fraud going on. There’s all kinds of phishing, which still remains a huge issue for everyone because it is so pervasive and the ones that are really good at it are really, really good at it. So how does HIPAA exactly keep you more secure?
Well, there’s within HIPAA I talked about that administrative simplification title, or rule. And within that administrative simplification, there are actually three sets of different rules.
One of them is called the security rule. And the security rule lays out a number of administrative, physical and technical safeguards that organizations have to follow. They have to be able to attest that, yes, I do this, yes, I do this. And for the layperson who might not know cybersecurity, there might be things within that rule that they never knew about.
Yeah, we all take it for granted. And we cross our fingers and hope that companies and websites and wherever we’re entering our personal information is safe.
And I’ll give you an example of something that really stands out. I could be a typical physician, right. A provider that’s running a practice. And I run on my electronic medical records software, but I also on my laptop have worksheets, spreadsheets with patient names. I may also have images of that patient. And not a lot of people realize this, but that is also protected health information. Okay, so I’m putting a lot of focus and attention on that medical record software, which might be up in the cloud wherever it’s located.
But I tend to lose sight of this information that’s sitting on my laptop. So to use your example of phishing, generally what phishing does is it’s targeting the potential for human error. Okay, because I get a phishing message, I click on a link, and it either imports some type of malicious code which can encrypt my workstation, i.e. ransomware, or it puts something on my workstation that can capture my credentials. And phishing is part of it. But the other is voice.
I mean, how many how many stories have we read about people, people I know who have gotten calls from Microsoft support. And they say, I need to get on your computer type this LogMeIn.com and they take remote control of your computer. But these are all exercises designed to exploit human error. And so I think a lot of HIPAA and I always say a lot of HIPAA is designed to prevent or really to add human fault tolerance to prevent human error.
Listen to the Full Podcast Episode
How to Translate Large Files with Ease
Need to translate large files? Learn about the best tools to use when translating large PDF’s, documents & more (10MB+).
Catalog Translation Software Features to Look for
Need catalog translation? Look for these 10 top catalog translator features (before you buy).
Best English to Vietnamese Document Translation Software
Looking for English to Vietnamese translation software, but not sure what features you need? Access this buying guide.
Creating Effective Termbase Glossaries for Machine Translation
Need to create a termbase glossary? Get our top 5 tips for creating effective termbase glossaries for machine translation.
Best English to Korean Document Translation Software
Looking for English to Korean translation software, but not sure what features you need? Access this buying guide.
DeepL Alternative for 2022 Onward
Explore various DeepL drawbacks and user-specific needs you might identify with. This way, you can conclude whether alternatives to DeepL could fill these gaps.
Most Accurate Translator: How to Get it
While a 100% accurate translator does not yet exist, this post will tell you how to get the most accurate translator tailored to your company’s words and phrases.
2022 Translation Industry Trends to Anticipate
Explore 2022 translation industry trends! Learn about 10 translation industry trends 2022 will bring, according to our predictions »
Secure Transcription Software That Translates Languages
Need secure transcription software that translates languages? Learn what features to look for and how Pairaphrase will benefit you.
Best English to Portuguese Document Translation Software
Looking for English to Portuguese translation software, but not sure what features you need? Access this buying guide.
Translation KPIs for Translation Management Success
Establishing translation KPIs (Key Performance Indicators)? Here are the 5 Most Important KPIs for translation management success.
5 Things Pairaphrase Cannot Do For You
Pairaphrase is a powerful tool, but it is not a replacement for the human translation and post-editing review process. Read this before you buy.