February 7, 2018
CHIA is pleased to announce that as of January 1, 2018, our new address is:
5055 E. McKinley Ave, Fresno, CA 93727

Email addresses and phone & fax numbers will remain the same.
Registration Open: Cybersecurity; Risk Mitigation & Preparedness Strategies Symposium
Cyber-attacks are on the rise and health care organizations continue to be targeted. Criminal attacks have become a root cause of recent data breaches. Governing the security, integrity, privacy, and content of the electronic health record is the responsibility of HIM and HIT professionals. Establishing safeguards to protect the organization's greatest asset - protected health information - is imperative. Learn risk mitigation strategies and breach prevention best practices from industry experts. This symposium will provide an operational response to dealing with a cyber-attack and prepare HIM and HIT professionals with the tools necessary to respond.

For single/both day rates and full event details, including the program agenda and presenter line-up, visit: 

Advanced Registration Ends March 1 - Register Early & Save!
January 2018 OCR Cybersecurity Newsletter: Cyber Extortion
Office for Civil Rights; January 30, 2018

Incidents of cyber extortion have risen steadily over the past couple of years and, by many estimates, will continue to be a major source of disruption for many organizations. Cyber extortion can take many forms, but it typically involves cybercriminals’ demanding money to stop (or in some cases, to merely delay) their malicious activities, which often include stealing sensitive data or disrupting computer services. Organizations that provide necessary services or maintain sensitive data, such as Healthcare and Public Health (HPH) sector organizations are often the targets of cyber extortion attacks. The HHS Office for Civil Rights (OCR) published a checklist and accompanying infographic to assist HIPAA covered entities and business associates on how to respond to a cyber-attack.
Ransomware is a form of cyber extortion whereby the attackers deploy malware targeting an organization’s data that renderers the data inaccessible, typically by encryption. The encryption key must be obtained from the ransomware attackers to decrypt the data. The ransomware attackers demand payment, often in the form of cryptocurrency (e.g., Bitcoin) for that decryption key. Unfortunately, paying ransom to the attackers may not result in an organization getting its data back. Or, once an organization pays the ransom, the attackers may provide a key to only decrypt a portion of the data and ask for additional ransom to decrypt more data. OCR published a fact sheet (Fact Sheet: Ransomware and HIPAA) that provided guidance on preventing and responding to ransomware attacks for HIPAA covered entities and business associates.
AHIMA Releases Cybersecurity Action Plan as Survey Reveals Increasing Rates of Cyberattacks
Mary Butler for Journal of AHIMA; Dec 14, 2017

According to results of a startling new survey, four in five doctors (or 83 percent) have experienced a cyberattack of some kind, with the most common attack being phishing (55 percent of those surveyed), followed by viruses (48 percent).

The survey, which was conducted by Accenture and the American Medical Association (AMA), drew on responses from 1,300 physicians in the US. Unsurprisingly, 55 percent of respondents stated they were very or extremely concerned about a cybersecurity event striking their practice. These results come at a time when data sharing between providers—and providers and patients—is at an all-time high, with the adoption of electronic health records (EHRs), health information exchanges (HIEs), and an increase in the popularity of mobile health devices.

As noted in the survey, 85 percent of physicians believe it is very or extremely important to share personal health data outside of their health system so long as it’s accomplished securely. What’s more, 83 percent of physicians said that HIPAA compliance alone is insufficient and that a more holistic approach to assessing and prioritizing risks is needed, according to an AMA news release about the survey.
Allscripts Clients Back Online, but Issues Plague Some Cloud-based Providers
Jessica Davis for Healthcare IT News; Jan 26, 2018

Allscripts has restored service to the majority of clients impacted by the outage caused by a ransomware attack on two of the company’s North Carolina data centers, company spokesperson Concetta Rasiarmos wrote in an emailed statement.

“We recognize this has been disruptive for our clients and are working around the clock to safely and securely return service to all affected clients,” said Rasiarmos. “We continue to work with the remaining clients to bring them back online as quickly as possible.”

The EHR vendor went down after SamSam ransomware got into the company’s data centers on Jan. 18, which caused service outages to roughly 1,500 of its clients. After some services were offline for seven days, the company was able to get the majority of services back online on Thursday.
Partners Health Care: 2.6k Patients Affected After 'Malicious Computer Program' Compromised System
Alyssa Rege for Becker's Hospital Review; Feb 06, 2018

Boston-based Partners HealthCare said in a Feb. 5 statement roughly 2,600 patients' private inforamtion may have been affected after the system's computer network was compromised by an unauthorized third-party "malicious computer program" last May.

Partners said its monitoring system identified suspicious activity May 8, 2017, and immediately blocked some of the malware. The organization proceeded to work with third-party forensic consultants to identify the issue and mitigate its impact. Officials determined the malware was not specifically intended to target Partners' computer network and that the attack did not compromise its systemwide EMR. However, officials discovered the malware may have gained unauthorized access to certain data on affected computers between May 8, 2017, and May 17, 2017.

During an ongoing review of the incident, Partners officials became aware July 11, 2017, certain data that appeared to involve patients' personal and health information was affected during the incident.The affected data "was not in any specific format, and it was mixed in together with computer code, dates, numbers and other data, making it very difficult to read or decipher," according to the statement.
CHIA 2018 Election Results Announced
The CHIA Nominating Committee and CHIA Board of Directors are pleased to announce the results of the 2018 CHIA Election. Please join us in congratulating CHIA’s 2018-19 Incoming Board Members, and thanking each of the members who graciously stepped forward and permitted their name to be placed on this year's ballot. 
A special thank you to each of the CHIA members who voted.  14% of eligible members voted in the 2018 election. 

Each HIM professional who steps forward to seek a leadership role within a CLA, CHIA, or AHIMA contributes to the strength and success of CHIA. Learn more about CHIA volunteer opportunities and consider becoming a valued CHIA volunteer today!
Nancy J. Andersen, MS, RHIA, CCS (NCHIA)

Diane Premeau, MBA, RHIA, CHP (NCHIA)
Larry Smith, MHA, RHIT (SCHIA)
AHIMA Delegates
Kamar Braish, MS, RHIA (GOCHIA)

AHIMA Alternate Delegate
Sandy Hames, MLS, RHIA, CHP (NCHIA)
CHIA Events Calendar
Advanced ICD-10 Coding Workshop - Day 1 PCS
Friday, February 9 - Garden Grove

Advanced ICD-10 Coding Workshop - Day 2 CM
Saturday, February 10 - Garden Grove

A Respiratory System A&P and Coding Review
Wednesday, February 21 - Live Webinar

EHR Governance Symposium
Wednesday, March 14 - Thursday, March 15 - Long Beach