Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

Advanced Business Management

Our consultants are highly trained to provide complex management solutions and strategy planning for your business. You can count on us to improve performance and your business skills, while cutting costs.

We ensure full support in a broad range of business management areas, such as:

Business Strategy

Knowing how and when to make the right strategic move is critical to your success in today?s dynamic environment. Our Strategic Management Consultants provide solutions for a tighter integration of your vision, values, and mission statements with the strategic management process.

The result is a stronger alignment of your operating activities with your goals, and also an improved internal infrastructure to support and manage the strategic management process.

Business Process Improvements

In our years of activity, we have developed a robust process to ensure Business Process Improvements projects are implemented successfully. To achieve a positive outcome a number of factors must exist and we?ll make sure your company manages to get the right mix of: sponsorship management and commitment, process improvement goals, right motivations, cultural issues management, provision of adequate resources and funding, and availability of standards and procedures.

Performance Management

An effective performance management system integrates all aspects of the organisation from a shared vision, through a common language, and establishes a culture of accountability and results. It provides more of a holistic way of managing your organization that is more powerful than its individual parts, and without forsaking the values of the organisation.

Change Management Services

Economic downturns, fast rising new competitors, and even climate change, can force companies to scale down, engage in mergers & acquisitions, or transfer to a new location. We?ll help you through every step of the change process, from: evaluating the required change by conducting diagnostics such as change complexity, causal, structural, and context analysis, managing stakeholders including your sponsors, top executives, managers, and personnel, planning for the change, and managing the change process itself.

Project Management

Whether you need help for a single project or much more, we’ve got you covered. With us you get a coordinated, presence-of-mind approach to project management that will point all of your projects to an overall strategic direction, no matter how complex or simple these might be. Our services incorporate all project-related activities including: programme management, project risk management, project review and audit, project rescue, and project governance.

Interim Management

Our resources have an MBA and/or professional accounting qualifications with an average of 10 ? 30 years of progressive work experience with public companies, in complex private equity environments, and/or privately-held middle market companies. We not only offer the most highly qualified project / interim resources to our clients, but we also allow for an interim-to-hire provision in our contracts.

It has proved mutually beneficial to our consultants and clients to have the option for longer term employment opportunities after having worked together on a project / interim basis.

 

4 Reasons Why You Might be Missing Out on Energy Savings…

?well your company actually, although for many small-to-medium businesses it boils down to the same thing. Governments usually lag behind in terms of innovation but are beating us hands-down when it comes to going green. I have heard that private sector energy savings average less than 1% per year and I for one would not be surprised if that were true. So what is causing this rot, when we started out so enthusiastically? Here are four possibilities for you to mull over.

  1. Your Team is Unevenly Yoked ? A pair of mismatched horses cannot pull a wagon in a straight line any more successfully than a business team can achieve its goals, if there is no agreement on priorities. While your sales team may be all for scoring green points against your competition, your accountant has a budget to balance and your operations department just wants to get on with the job.
  1. Energy?s not in Focus ? The above may in part be due to production goals you set your department heads. Energy is not nearly as greedy as raw materials and human capital. If you tell them to cut 5%, where do you think they are going to look first? You need to put energy savings up there, and agree specific targets as you do with other primary goals.
  1. Your Equipment Could be Over-Spec ? It is a very human thing to put more food on our plates and buy faster cars than we need. Only a few generations ago our ancestors lived through feast and famine, and the shadow of this still influences our thinking. Next time you buy equipment sit around the table and agree the decision criteria together. Then stick to them and repel all attempts at up-selling.
  1. You Are Delegating Too Much ? Delegation is part of company culture, or if you prefer the collective way of doing things. If you delegate something completely it is akin to saying I do not care much about this, make it happen. Energy saving is a financial and moral imperative. The fact the oil price is down does not mean there is no place for sustainability on your desk (and the price is likely to be up again soon).

Governments succeed in saving energy (whereas businesses often do not) because governments have a crowd of stakeholders beating down the door and demanding progress. As business owners we are more likely to do the same when the pressure is upon us, and that pressure surely has to come from us.

Malware

In the past, viruses were created with the sole purpose of wreaking havoc on the infected systems. A large fraction of today’s malware, on the other hand, are designed to generate revenues for the creator. Spyware, botnets, and keyloggers steal information from your system or control it so that someone else can profit. In other words, the motivation for making them is now more attractive than before.

Keyloggers can reveal your usernames, passwords, PIN numbers, and other authentication information to their creators by recording your key strokes. This information can then be used for breaking into various accounts: credit cards, payment programs (like PayPal), online banks, and others. You’re right, keyloggers are among the favourite tools of individuals involved in identity theft.

Much like the viruses of old, most present day malware drain the resources, such as memory and hard disk space, of contaminated systems; sometimes forcing them to crash. They can also degrade network performance and in extreme cases, may even cause a total collapse.

If that’s not daunting enough, imagine an outbreak in your entire organisation. The damage could easily cost your organisation thousands of euros to repair. That’s not even counting yet the value of missed opportunities.

Entry points for malware range from optical disks, flash drives, and of course, the Internet. That means, your doors could be wide open to these attacks at this very moment.

Now, we’re not here to promise total invulnerability, as only an unplugged computer locked up in a vault will ever be totally safe from malware. Instead, this is what we’ll do:

  • Perform an assessment of your computer usage practices and security policies. Software and hardware alone won’t do the trick.
  • Identify weak points as well as poor practices and propose changes wherever necessary. Weak points and poor practices range from the use of perennial passwords and keeping old, unused accounts to poorly configured firewalls.
  • Install malware scanners and firewalls and configure them for maximal protection with minimal effect on network and system performance.
  • Implement regular security patches.
  • Conduct a regular inspection on security policy compliance as well as a review of the policies to see if they are up to date with the latest threats.
  • Keep an audit trail for future use in forensic activities.
  • Establish a risk management system.
  • Apply data encryption where necessary.
  • Implement a backup system to make sure that, in a worst case scenario, archived data is safe.
  • Propose data replication so as to mitigate the after effects of data loss and to ensure your company can proceed with ‘business as usual’.

Once we’ve worked with you to make all these happen, you’ll be able to sleep better.

Other defences we’re capable of putting up include:

Ready to work with Denizon?

Contact Us Today