An Ounce of Prevention – Why HIPAA Guidelines should be your standard operating procedures

The American Heart Association lists heart disease as the #1 cause of death in the US with nearly 800,000 deaths per year. In comparison, more than 3.1 million patients have been impacted in the first half of 2017 by a data breach that led to the theft of protected health information (PHI). That's right — in half the time, nearly four times as many people have been impacted by an information breach as have died from heart disease! Yet an estimated two thirds of medical practices remain at risk of bei ...

Incidental Exposures – What are they and what is their impact?

A number of customers contacted me recently concerning possible breaches and what they should do.  After reviewing their situations, these were actually incidental exposures.  What is an incidental exposure? It is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.  Typical examples of such in the healthcare setting include conversations between patients and doctors where comp ...

Healthy Skepticism – Your Best Cyber Defense

It's no longer news that most of us are uber-connected. We use phone apps for weather, meditation, mapping, games, travel, texting, and more.  Online management of home devices, including thermostats, coffee makers, and alarm systems make it possible for us to remotely control many aspects of our lives. These technologies offer previously unthinkable convenience – and a great deal of risk to their owner's physical and information security. Healthcare, too, is becoming more connected for all the s ...

Focus on Security: In plain sight

Sometimes we tend to focus strictly on the technical side of security and compliance and fail to notice the very important issues hiding in plain sight. While a hacker breaking into your network and stealing ePHI is the threat that is being talked about the most, it is sometimes the overlooked old-fashioned threats that present the greater risk. Think about how many times a patient record has been sitting somewhere and how long does it actually take for someone to pick it up and walk off? What about allo ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Third Rock Recognized at Austin Recovery’s 50th Anniversary Event

Third Rock Recognized at Austin Recovery's 50th Anniversary Event Round Rock, TX, July 25, 2017 – On May 5th, Austin Recovery celebrated its 50th Anniversary with a luncheon gala at the Shalom Austin Jewish Community Center in Austin, TX. At the event, they recognized Third Rock, Incorporated and its partner Nivola Healthcare Solutions for their work and donations supporting the organization’s HIPAA compliance activities and related information security practices. Austin Recovery requested Third R ...

Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck! This series has emphasized: Being risk management proficient rather than being a "HIPAA Expert". Being accountable, which means ...

Closing the Cybersecurity Gap

As we hear more and more about breaches and ransomware in businesses and especially healthcare, it is becoming an even greater concern for healthcare business owners. It is no longer if you will be attacked, but when and how often. The first step in closing the cybersecurity gap is to realize that you can't do it on your own. Cybersecurity is not finding your basic "IT guy" that "can fix it". It is about obtaining the right resource whether that is a full time hire or a managed service. The next thin ...

Is a new Healthcare Cybersecurity Framework the answer?

The Healthcare Industry Cybersecurity Task Force has asked the U.S. government to create new policies that would help healthcare providers improve their cybersecurity.  You can read about it in this article Cybersecurity task force seeks new security framework, exemption to the Stark law on Modern Healthcare. First let me state, I am all for a Cybersecurity Framework and I appreciate KLAS-CHIME and their work to survey the industry.  They are primarily focusing on the large and very large enterprise h ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

1 2 3 4 5 6 13