My EMR protects my ePHI, right? WRONG!

False Faith in your EMR/EHR It seems most doctors, practice managers, healthcare compliance officers and healthcare security officers put way too much faith in their EMR/EHR.  They think the EMR encrypts the data and therefore it’s secure and no more worries.  That’s a BIG mistake for the following reasons. Many EMRs do NOT encrypt the data in transit, on the local disk (cache) and/or do NOT auto timeout users. Leaving the ePHI available for easy cyber theft. Access controls are only as good as ...

HIPAA/HITECH, Is your practice compliant?

The new HIPAA/HITECH law has been in force for over two years.  However, most healthcare providers have yet to start addressing the new requirements.  It’s a daunting task for a risk assessment expert, professional project manager or even a CCO, CIO or COO, much less a practice manager.  There are various reasons for the delay: confusion, misinformation, cost and time. One of the most common sources of misinformation we've encountered in our clients is a belief that they are already in compliance!  ...

HIPAA Self-Assessment Validity

HIPAA Risk Assessment: Third party vs self-assessment Although the U.S. government allows healthcare providers under $5 million in annual revenue to perform a risk assessment themselves as part of the HIPAA requirements, is it a good idea?  The alternative is to pay an independent third party to perform the risk assessment. Many consider the Risk Assessment a necessary evil to avoid potential HIPAA fines.  It is important to remember the fundamental intent of HIPAA; protect the patient’s data, maint ...

HIPAA: Get off Windows XP Now! Seriously!

Ok, HEALTHCARE world, you have GOT to get with the program and MOVE forward.  We continue to go into healthcare providers of all kinds; hospitals, clinics, doctors, dentist, optometrist, dermatologist, etc and find these old, slow, archaic systems running Windows XP.  Here are a few reasons why you should PULL THE PLUG on Windows XP. Reasons to part ways with Windows XP No longer officially supported by Microsoft. If you want any support, be prepared to open your wallet in a big way. Has know ...

The Breach is Only The Beginning

The scary thing about a cyber breach, is according to reports (Fire Eye Report), 97% of all networks have been breached. Think about that for a moment and realize that there is a good chance that your organizations network has been breached at some point. Now whether that breach was successful at gaining sensitive data, like ePHI, or not it is hard to tell. Which in its self is even more concerning than the fact that you had been breached. You just don't know and that is bad! You want to know what is tr ...

HIPAA/HITECH Security Risk Analysis Myths and Facts

As we continue to work with more health care providers, covered entities, and business associates we see confusion about HIPAA/HITECH compliance requirements. Some providers are even in denial. They believe they are being compliant by just having staff take short on-line "HIPAA" training courses.  But that falls well short of what is required to be compliant, and many of these on-line training courses are not up to date with current HIPAA regulations, nor do they cover cyber-security, which is now a must h ...

Just how HIPAA compliant are you? HIPAA Quick Check Stats

Healthcare organizations are focused on the health and welfare of their patients.  It is the very reason for their existence.  Today, patient “welfare” increasingly means protecting patient data.  It is daunting task given the complexity and ever-evolving requirements.  The industry and HIPAA regulations struggle to keep up with the rapidly evolving cyber thieve. Over a year ago we setup a HIPAA Quick Check site where organizations can take a few minutes to see just how well they actually stack ...

HIPAA: What was Reasonable and Appropriate is not Today!

If you are scared of the blunt truth, you really should read this anyway. You can no longer simply cover your ears and close your eyes. I’m sure HHS and OCR wish the phrase “reasonable and appropriate” wasn’t ever written into the HIPAA CFRs.  I can’t think of a vaguer and more meaningless phrase, except possibly “indescribably delicious”.  An attempt to instruct providers and business associates to install and maintain security safeguards that protect patient data within your practice’ ...

Healthcare Information Security: Have you been breached?

The Ponemon Institute1 reports that approximately 91% of healthcare organizations (“covered entities”) have experienced an information breach in the past year and an additional 38% have suffered more than five data breaches in the past two years! During the same time period, 59% of business associates have been breached, and 15% have been breached five or more times.* It is estimated that 20 to 30% of providers have been breached and may not yet even be aware that a breach has occurred. According to ...

Security Advisory: LastPass Compromised

According to LastPass their team found and blocked suspicious activity on their network. They claim that no evidence that any encrypted user vault data (where the passwords are stored) was taken. However they said that the investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authent ...

1 6 7 8 9 10 11 12 13