Cybersecurity: 10 Steps to Protect Your Patients’ Data and Privacy

As more and more of our everyday lives and information move online, cyber risks from hackers, malware, denial of service attacks, and ransomware attacks continue to increase. There are cybersecurity risks to everything from the nation’s energy infrastructure to personal health and financial data — with the latter putting physician practices squarely in the risk zone.

Generally speaking, what’s at stake? Breach of privacy. Loss of data. Loss of money. Service disruption. And even loss of trust — trust in technology, certainly, but people also lose trust in an organization responsible for a cyber breach. Especially for physicians, having and keeping your patients’ trust is critical.

Cybersecurity Awareness Month is a great time to evaluate your practice to ensure you’re doing everything you can to protect your patients’ data, privacy, and continuity of care.

Strengthen EMR and EHR Cybersecurity

The American Medical Association recently released detailed cybersecurity resources for physicians, including an updated 2022 guide on Electronic Medical Records in Healthcare from the U.S. Department of Health & Human Services (HHS). The guide details benefits and risks of using EMRs and EHRs, such as vulnerability to hacking. The guide also reviews specific threats to EMRs and EHRs, including ways to protect against each threat, as well as strategies to strengthen cybersecurity.

Email

Email is an “easy” way for hackers to get into your practice. Many phishing schemes and ransomware attacks target email systems — where staff who use email can inadvertently fall victim to these threats. Phishing attacks take the form of malicious emails that trick recipients into clicking a link or downloading a file that exposes their computer to malware, which can do everything from destroying files to releasing a virus. Ransomware, also shared via email, is software that can hold your systems or data hostage until a ransom is paid.

The HHS and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have detailed prevention resources for both: Counter-Phishing Recommendations for Non-Federal Organizations and Ransomware: What It Is and What To Do About It.

Take Action

Here are some helpful ways you can strengthen your cybersecurity and take action to protect your patients’ data, privacy, and continuity of care:

  • Training: Educate all staff on cybersecurity risks and responses as well as proper use of email and other systems to ensure security protocols are applied and followed.
  • Added protection: Supplement the cyber protections offered by 3rd party providers and vendors to address any gaps in systems and services.
  • System backups: Ensure all critical systems are regularly backed up and can be readily accessed as needed.
  • Planning: Develop detailed incident response plans, just like for disaster response, including the importance of contacting law enforcement as soon as possible.
  • Updates: Regularly perform system and network updates so their security protections are the most current.
  • Access review: Determine which staff, vendors, and other outside parties need to have access to your network and other systems and ensure those who don’t need the access don’t have it.
  • Passwords: Use strong passwords and change them frequently to maximize their effectiveness. Make sure all staff are protecting their confidential passwords.
  • Remote protection: Assess remote workers’ security to ensure it’s buttoned up, including systems access, password use and storage, personal computers and networks, and general cyber safety protocols staff should be following.
  • Mobile protection: Ensure staff who use mobile devices for email and network access have strong passwords, encrypted data, and updated security apps.
  • Insurance: Protect your practice with cyber-related coverage. The MSV Insurance Agency (MSVIA) specifically offers Cyber Liability Coverage that expands coverage beyond standard professional liability.

Cybersecurity is important for your practice every day. It’s not something to think about once in a while or even once a year, although Cybersecurity Awareness Month is a perfect time for a reminder. Make training, updates, reviews, and assessments part of your regular business operations to give you the peace of mind of knowing you’re doing everything you can to protect your patients’ data, privacy, and continuity of care.

COVID-19 and Monkeypox Updates for Virginia

Dear Colleague:

I am writing to provide you with brief updates on COVID-19 and monkeypox.

VDH Adopts CDC’s Revised COVID-19 Infection Prevention and Control Guidance

  • On September 23, 2022, the Centers for Disease Control and Prevention (CDC) released updated COVID-19 infection prevention and control (IPC) recommendations for healthcare personnel (HCP). Corresponding guidance for isolation and work restriction of HCP and strategies for mitigating staff shortages was also updated.
  • Healthcare facilities are encouraged to review the recommendations in detail and make updates to their policies and procedures as needed.
  • Community Transmission is currently the metric used to guide select IPC measures in healthcare settings. Healthcare facilities should review the Community Transmission levels weekly to determine if modifications to current IPC measures are needed.
    • When SARS-CoV-2 community transmission levels are high, source control (wearing a well-fitting facemask, cloth mask, or respirator) is recommended for everyone in a healthcare setting where patients could be encountered.  If community transmission is not high, healthcare facilities may opt not to recommend universal source control.
    • Source control is also recommended for people in healthcare settings who have suspected or confirmed SARS-CoV-2 infection or another respiratory infection, had close contact (patients and visitors) or a higher-risk exposure (HCP) with someone with COVID-19, for 10 days after exposure, or who reside or work in an area of the facility with a COVID-19 outbreak.
  • Asymptomatic patients with close contact with someone with COVID-19 should have a series of three viral tests for SARS-CoV-2. Testing is recommended to be done promptly, but no earlier than 24 hours after the exposure.  If the first test is negative, a second test should be done 48 hours later and, if negative, a third test should be done 48 hours later.
    • Testing is not generally recommended for asymptomatic people who are recovering from COVID-19 in the previous 30 days.
    • For those who have recovered in the prior 31–90 days, testing with a rapid antigen test, not a molecular test, can be considered.
  • COVID-19 vaccination status is no longer used to inform source control, screening testing, or post-exposure recommendations.
  • Performance of expanded screening testing of asymptomatic HCP with known COVID-19 exposures is at the discretion of the facility.

Monkeypox Updates

Thank you for your continued partnership.  Please visit the VDH website for current clinical and public health guidance on COVID-19monkeypox, and other conditions.       

Sincerely,

Colin M. Greene, MD, MPH
State Health Commissioner

Published October 6, 2022 at VDH

Meningococcal Outbreak in Eastern Region | Letter from Virginia State Health Commissioner

Dear Colleague,

The Virginia Department of Health (VDH) is reporting an increase in meningococcal disease activity in the eastern region of Virginia. Six cases of invasive meningococcal disease serogroup Y were reported between June and August, which exceeds the expected number of cases. Whole genome sequencing confirmed that the cases are genetically linked, and thereby constitute a community outbreak of meningococcal disease.  Note that this strain is not resistant to ciprofloxacin and penicillin, as has been previously detected in Maryland and northern Virginia in 2020.

To date, VDH has not identified a common risk factor among the cases, and we suspect the cases are connected by asymptomatic community transmission.  Several case-patients are residents of Norfolk, with additional cases detected in other parts of Hampton Roads.  The majority of case-patients are Black or African American.  Most case-patients are adults between 30-40 years old.  Five case-patients are unvaccinated for serogroup Y, and one is partially vaccinated.  Two case-patients have died from complications associated with the disease.

Early identification and follow up are key to preventing further transmission.  Public health responds to reports of suspect meningococcal disease by rapidly identifying close contacts for whom short-term antibiotics are recommended for prophylaxis.

I ask you to take the following steps:

  • Maintain a high index of suspicion for meningococcal infection, especially in patients presenting with sudden onset of fever, headache, stiff neck, and photophobia.  A petechial rash with pink macules might also be observed.
  • Immediately notify your local health department (LHD) if meningococcal disease is suspected based on clinical findings or laboratory results of gram-negative diplococci or Neisseria meningitidis from a normally sterile site.  Please coordinate with the LHD to send specimens/isolates for newly identified cases to Virginia’s state public health lab, DCLS, for serotyping.
  • Continue to encourage routine administration of MenACWY vaccine in adolescents and younger children, also including children and adults at increased risk (e.g., persons with HIV).

Thank you for your attention and cooperation on this emerging situation.

Sincerely,

Colin M. Greene, MD, MPH
Colonel, US Army, retired
State Health Commissioner

National Preparedness Month: Prepare Your Practice for Emergencies

The best time to prepare for a disaster is before it hits — well before it hits. This seems obvious, but National Preparedness Month is here to remind us to take action and plan. Physician practices may lack comprehensive planning that protects the business and outlines “What to do when…” The consequences can be disastrous to your patients if they can’t count on you for care, as well as disastrous to your practice’s staff, operations, and financial well-being.

Most recently, the pandemic has been an extended exercise in disaster management, considering how quickly and completely it turned the medical world upside-down, and how long its impacts have continued. If you haven’t already, be intentional about thinking through and documenting what you learned throughout your pandemic experience and consider how you can apply those lessons to other possible disaster situations.

Since it is National Preparedness Month, it’s also a great time to build or update your plans to prepare your practice for disasters and emergencies. When you and your team know “What to do when…” you can ensure you’re ready to respond in ways that are helpful to the situation and your patients while also protecting the health of your practice.

A Physician’s Responsibility

When talking about disaster preparedness for your practice it’s a must to start with ethics. Disasters of many kinds require a medical response to which physicians are often urgently called. Clearly how you respond to a disaster, and how you balance your response with the needs of your patients, is an individual decision.

To help, look to the American Medical Association’s code of ethics and an opinion on disaster response which discusses that, although a physician’s obligation is to respond, you also have an obligation to consider risks and their impact on your ability to provide future care.

You may consider doing scenario planning around specific disaster situations to frame where and how you could best provide effective medical services. Examine how your response would potentially impact your everyday patients and design detailed alternative plans to ensure continuity of care for patients who may need it. When there is a future call to action, you’ll already have planned how you’ll respond and what needs to happen next.

National Preparedness Month: Helping You Make a Disaster Plan

If you need to make disaster plans for your business, or want to ensure they’re updated, where do you start? We have three suggestions.

The U.S. Department of Homeland Security created its Ready campaign to provide information to help Americans prepare for natural, health, and man-made disasters. The Ready Business website offers businesses detailed hazard-specific toolkits with information about identifying risk, developing a plan, and taking action. The Ready toolkits include hurricane, earthquake, inland flooding, power outage, and severe wind/tornado. The site also features information about important response elements like risk assessment, employee assistance, and protective actions like evacuation. You could build on these guides by applying their framework to other disasters and emergencies your practice may face, which could include things like snowstorms, extreme heat or cold waves, structure collapses, infectious disease outbreaks, and community violence.

The U.S. Small Business Administration also provides preparedness checklists and safety tips on its website for specific disasters, including hurricanes, winter weather, earthquakes, tornadoes, wildfires, floods, and cyber security.

Finally, the American Society for Health Care Risk Management created a brief guide for physicians to use to create an emergency plan. It steps you through recommendations for analyzing vulnerabilities, plan components, training, and developing policies and procedures for staff, communications, patient care, and more.

Protecting Your Practice

Of course, protecting your practice in a disaster is critical for you, your staff, and your patients.  Did you know MSV offers insurance through its insurance agency? The MSV Insurance Agency (MSVIA) can help you prepare your practice for disasters and emergencies with Business Insurance as well as provide Professional Liability Insurance and Group and Individual Health Insurance.

Specifically related to disasters, the Business Owners Policy (BOP) for small- and medium-sized practices combines business property insurance with coverage for the building (if your practice owns the building), crime, business interruption and lost income, and general liability. Additional optional coverages can add non-owned vehicles, computer and data coverage, equipment breakdown, and more. BOP can cover repair or replacement costs for physical damage and can provide continued cash flow if your practice must close temporarily.

Contact MSVIA through our website form today to learn how to prepare your practice for disasters and emergencies with insurance coverage, which is a critical piece of today’s disaster preparedness puzzle.

2022 Nominating Committee Report

The Nominating Committee met on August 16, 2022 to consider all eligible candidates for the upcoming term of office. The committee recommends the following slate for consideration by the society membership.

MSV Board of Directors
Term 2022-2023/2024

Officers (Elected for 1-year term)

President-Elect | Alice Coombs, MD

Speaker | Alan Wynn, MD

Vice Speaker | Michele Nedelka, MD

 

Directors (Elected for 2-year term)

District 2 | Lee Ouyang, MD

District 2 | Sharon Sheffield, MD

District 6 | Mark Kleiner, MD

District 8 | Atul Marathe, MD

District 10 | Tarek Abou-Ghazala

District 10 | Andrea Giacometti, MD

Academic | Karen Rheuban, MD (UVA)

 

Directors (Elected for 1-year term)

Resident | Lindsay Gould, MD (EVMS OBGYN)

Medical Student | Salimah Navaz Gangji (VCOM)

 

Associate Directors (Elected for 2-year term)

District 2 | John Sweeney, MD

District 6 | Joe Hutchison, MD

District 8 | Marc Alembik, MD

District 10 | Soheila Rostami, MD

Academic | Lindsay Robbins, MD (EVMS)

 

Associate Directors (Elected for 1-year term)

Resident | Pooja Gajulapalli, MD (VCU Peds)

Medical Student | Shreya Mandava (UVA)

Virginia Delegation to the American Medical Association
Term 2023-2024
Elected for 2-year calendar year term

Delegates

Thomas Eppes, MD

Michele Nedelka, MD

 

Alternate Delegates

Lee Ouyang, MD

Josephine Nguyen, MD

Josh Lesko, MD

Mohit Nanda, MD

2022-2023 Nominating Committee

 

District 1 Sterling Ransone, MD

District 2 Stuart Mackler, MD

District 3 Hazle Konerding, MD

District 5 Bushan Pandya, MD

District 7 Claudette Dalton, MD

District 8 Carol Shapiro, MD

District 10 Edward Koch, MD

Academic  Cyn Romero, MD

AMA Advisor (Chair of the Virginia Delegation) Tom Eppes, MD

2020-2021 Former President Advisor | Art Vayer, MD

2021-2022 Former President Advisor | Mohit Nanda, MD

Get Waivered: A Free Evidence-Based Training to Treat Opioid Use Disorder

Opioid use disorders (OUD) affect over 2.1 million people in the United States. Sentara, in partnership with Get Waivered is pleased to offer two free facilitated opportunities for this virtual evidence-based training:

Wednesday, September 21, 2022
4:30 p.m. – 5:30 p.m.

Saturday, September 24, 2022
10:00 a.m. – 11:00 a.m.

Because the path to recovery depends on a collaborative approach, we encourage you to share this information with other providers/colleagues who may be interested in our upcoming virtual training next month.

Qualified practitioners who undertake required training can treat up to 100 patients using buprenorphine for the treatment of OUD.

Eligibility:

  • Physicians (MD/DO)
  • Nurse Practitioners (NPs)
  • Physician Assistants (PAs)
  • Clinical Nurse Specialists (CNSs)
  • Certified Registered Nurse Anesthetist (CRNAs)
  • Certified Nurse-Midwifes (CNMs)

View the Event Flyer for additional information.

AMA Report: Disturbing Trends on Overdose Deaths Requires Specific Actions, All-Hands Approach

CHICAGO—With a report issued today detailing the horrific toll of the nation’s overdose and death epidemic, the American Medical Association (AMA) calls for an all-hands approach — policymakers, public health experts, educators, faith leaders, and employers – to help save lives.

While physicians and other health care professionals have reduced opioid prescribing in every state—by nearly 50% nationally – that by itself cannot reverse the trend of drug-related overdose deaths. In fact, for the first time, in 2021 drug-related overdose deaths exceeded 100,000—primarily due to illicitly manufactured fentanyl, methamphetamine and cocaine. Overdose deaths are amplified by underlying social needs including housing and transportation.

“No community has been – or will be – spared the pain of this epidemic. The spiking mortality numbers – with young people and Black and Brown Americans dying at the fastest growing rates – add yet another urgent call to remove health inequities from the nation’s health care system. We know policymakers have not exhausted all remedies. Until we have, we must keep advocating for humane, evidence-based responses,” said Bobby Mukkamala, M.D., chair of the AMA Substance Use and Pain Care Task Force.

The report calls for a campaign to include:

  • Policymakers, health insurance plans, national pharmacy chains and other stakeholders to change their focus and remove barriers – such as prior authorization — to evidence-based care. States should require health insurance companies and other payers to make non-opioid pain care alternatives more accessible and affordable.
  • Medical and other health care professional licensing boards to help patients with pain by reviewing and rescinding arbitrary restrictions on opioid therapy—as now recommended by the Centers for Disease Control and Prevention.
  • State officials to remove punitive policies against pregnant individuals and parents who have a substance use disorder. State departments of corrections and private jails and prisons need to ensure that all individuals with an opioid use disorder or mental illness receive evidence-based care while incarcerated — and are linked to care upon release. This includes ensuring access to medications for opioid use disorder (MOUD).
  • Employers to review their health insurance and benefits plans to ensure employees and their families have access to pain specialists and affordable access to comprehensive pain care, physicians who provide MOUD, and psychiatrists who are in the employer’s network.
  • Public health officials to help control infectious disease spread through supporting comprehensive syringe services programs, reduce overdose through widespread, community-level distribution of naloxone and fentanyl test strips and pilot projects in support of overdose prevention centers.
  • Faith leaders to help destigmatize substance used disorders and harm reduction by educating their members and holding overdose awareness events.

“What is becoming painfully evident is that there are limits to what physicians can do. We have dramatically increased training and changed our prescribing habits, reducing the number of opioids prescribed while increasing access to naloxone, buprenorphine and methadone. But illicitly manufactured fentanyl is supercharging this epidemic. We need help from leaders across sectors to combat this public health crisis,” said Dr. Mukkamala.

The use of prescription drug monitoring programs (PDMPs) also continued its upward trajectory with physicians and other health care professions surpassing the 1 billion mark for the first time. PDMPs are electronic databases that track controlled substance prescriptions and help identify patients with uncoordinated care who might be receiving multiple prescriptions from multiple prescribers.

Read the report here, including state-by-state data for opioid prescriptions, MOUD, naloxone and PDMP use.

Year Drug-related overdose deaths Opioid prescriptions dispensed from retail pharmacies Prescription drug monitoring program queries
2012 41,502 260,464,735  
2013 43,982 251,770,763  
2014 47,055 244,484,091 61,462,376
2015 52,404 227,807,356 86,096,259
2016 63,632 215,998,653 136,643,036
2017 70,237 192,696,190 295,347,288
2018 67,367 168,858,135 449,497,610
2019 70,630 153,966,961 744,943,531
2020 91,799 143,389,354 908,269,727
2021 107,270 139,617,469 1,131,828,211

New Webinar: Tecovirimat (“TPOXX”) for Treatment of Monkeypox

September 13th, 2022 | 11 a.m. CT/12:00 noon ET
Hosted by Sandra Fryhofer, MD, Chair, AMA Board of Trustees
Register Now

Guests:

  • Adam Sherwat, MD, Deputy Director, Office of Infectious Disease at FDA’s Center for Drug Evaluation and Research
  • Brett W. Petersen, MD, MPH, Deputy Chief, Poxvirus and Rabies Branch, CDC’s Division of High-Consequence Pathogens and Pathology

Join experts from the AMA, FDA, and CDC for a discussion about tecovirimat, or TPOXX, for the treatment of monkeypox in infected individuals. The discussion will provide background on tecovirimat, including its current status, availability and access while the drug is under an investigational new drug application. A moderated question and answer session will be held at the end of the discussion to help address any confusion or misinformation about patient access to TPOXX.

Register and Submit Your Questions

VDH Webinar: What Healthcare Professionals need to know about Monkeypox

These webinars will cover an overview of the current monkeypox situation, epidemiology of the virus, risk assessment/communication, infection prevention and control, testing, collaboration with public health officials, and medical countermeasure strategies, including an in depth overview of the JYNNOES vaccine and TPOXX therapeutic. There will also be an allotted time for questions.

Note: both sessions will present the same information/content.

Session 1 
Friday September 9th at 12pm (noon)

Session 2 
Tuesday, September 13th at 7pm

Solving Physician Burnout

Excerpt via Medical Economics

…In Virginia, physicians have a new level of confidentiality set in law. The Medical Society of Virginia (MSV) advocated for creation of the SafeHaven program, which has a partnership with a physician-focused national behavior health consulting practice.

Melina Davis, MSV executive vice president and CEO, agrees physicians are reluctant to seek counseling because if they must reveal it, they fear they could lose licenses, have referral networks dry up, or get fired. But physicians enrolling in SafeHaven gain legal privilege that forbids release of any records, reports or communications originating in the program — even in malpractice lawsuits, barring a court order that meets a high standard of proof, according to MSV.

State lawmakers unanimously approved the program in March 2020. It was coincidental timing with the spread of COVID-19, but the pandemic spurred the program’s beginning and physician enrollment started in July 2020. State lawmakers were unanimous a year later in expanding SafeHaven for physician assistants, nurses, pharmacists and students of those protected professions.

Now SafeHaven has 4,400 members, with 48% using the program and 17% in coaching and counseling. Davis argues that rate is unprecedented for physician usage of employer-sponsored wellness programs in the United States. “It’s unprecedented because they feel safe,” she says.

SafeHaven will expand into Michigan and MSV wants to serve as a consultant to take the program across the country. Primary care physicians can do their part by advocating for the same legal protection in every state, Davis says.

“More people need to be asking for this,” Davis says. “More people need to be advocating that it be a normal part of your legal system and your service system for health care workers. They need it, they deserve and it’s here. It makes a big difference.”

Read the Full Article