Is a new Healthcare Cybersecurity Framework the answer?

The Healthcare Industry Cybersecurity Task Force has asked the U.S. government to create new policies that would help healthcare providers improve their cybersecurity.  You can read about it in this article Cybersecurity task force seeks new security framework, exemption to the Stark law on Modern Healthcare. First let me state, I am all for a Cybersecurity Framework and I appreciate KLAS-CHIME and their work to survey the industry.  They are primarily focusing on the large and very large enterprise h ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

HIPAA – Standard Operations for Business

HIPAA gets a bad rap - and deservedly so. However, most of that bad rap is because it is set up in a typical government fashion that is hard to understand and make sense of. When you look at the HIPAA laws and guidelines, it is not long before you become more perplexed than you were before. However, once you get past the government's idea of light reading, or by using our CompassDB tool which translates it into a humanly readable language, you realize that the HIPAA guidelines are not really all that cu ...

Third Rock Welcomes Dr. Julie Rennecker to the Executive Team

Round Rock, TX, June 7, 2017 – Third Rock, a compliance software and consulting firm in Round Rock, announces the addition of Dr. Julie Rennecker to the Executive Team. Dr. Rennecker, a nurse and former healthcare management consultant, holds a PhD in Organizational Behavior from the MIT Sloan School of Management, where she studied technology adoption and organizational change. She joins Third Rock as the Chief Experience Officer with responsibility for the customer experience, from initial contact throu ...

MACRA/HIPAA: Ignorance of the Law Is No Excuse

  Many physicians believe HIPAA is a total waste of their time and money.  That's because they think it's the federal government trying to force them to do something that they don't need to be doing.  But, that's not the intent of the HITECH and OMNIBUS rulings.  Much of the compliance that was put into place was because of the implementation of EMR/EHR systems in the healthcare industry.  The federal government's Meaningful Use program even paid covered entities to transition from paper to ...

Overwhelmed by HIPAA? Compliance is a Process, Not an Event

Like most major change initiatives, HIPAA compliance doesn’t happen in a day. It requires change by every person in the organization. Everyone who touches PHI (protected health information) must develop new work habits to keep PHI secure…Staff who answer phones, schedule appointments, and check patients in have to maintain patient confidentiality in very public work stations…IT staff must implement new technical safeguards and continually monitor systems…Managers must learn the new roles of P ...

Best Defense Against Ransomware is a Good Backup

By now, most have heard or been affected by the WannaCry ransomware that has spread to over 150 countries at last count. The WannaCry ransomware started taking over users' files on Friday, demanding $300 to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. The first line of defense in this is always having a properly maintained firewall both on your network and on each individual computer system. Ho ...

Celebrating Nurses – Cornerstones of the “Human Firewall”

In their roles as both care giver and care coordinator, nurses generate, transmit, transcribe, and interact with enormous amounts of information using a dizzying array of devices. Not surprisingly, nurses play a critical role in keeping patients’ protected health information (PHI) safe. Nurses, you are amazing!!  In the course of a single hospital shift, a hospital nurse may interact with a single patient’s record 10-20 times – or more – depending on the intensity of the care and length o ...

Missing the Target of HIPAA – Part 3

If you haven't read my previous two blogs on this topic I encourage you to do so.  The first blog stresses the importance of being risk management proficient over being a HIPAA “expert”. The second blog deals with being accountable in your work actions, which means not only are you responsible for your actions, but your actions can be independently verified.  These two “factors” can go a long way to protecting your organization from the risks of a breach and from substantial penalties and fine ...

1 2 3 4 5 6 7 13