OCR HIPAA Audits: Don’t gamble your organization’s solvency

Risk of Random Selection for an OCR Audit: 1%-5% In July of this year, the OCR began Phase II of their HIPAA Compliance Audit process. They randomly-selected 167 Covered Entities for a “desk audit” and plan to conduct an additional 50-75 onsite audits over the course of the year. A similar process will be used to select and audit a sample of Business Associates beginning in September. Given the hundreds to thousands of Covered Entities and Business Associates in any particular category, the risk o ...

Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign. The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE   Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf. The overarching focus of CompassDB™ is to reduce the cost ...

Healthcare entity leaves its patients exposed after breach

  Athens Orthopedic Clinic (AOC) in Georgia, suffered a cyber-attack in June of 2016 that impacted roughly 200,000 patients.  If that's not bad enough, AOC is not able to pay for extended credit monitoring for its victims.  The healthcare industry, including small, single doctor practices, needs to sit up and take notice. Cyber criminals are at your back door, front door and trying to crawl through your networks.  You need to take action to Defend, Detect, and Defeat cyber breaches from steal ...

Focus on Security: Top Ten Tips for Cyber-Security for Small Businesses

I know it's getting old and boring, but cyber-criminals are focused on PHI, which means we, in healthcare, need to take action to protect it. The SBA has a helpful list of cyber-security tips posted on their web site.  It's a great starting point to harden your defenses and defend against the highly likely cyber-breach.  Here's a summary of what's covered. Protect against viruses, spyware, and other malicious code Secure your networks Establish security practices and policies to protect ...

Achieving Your HIPAA Gold Medal

With the 2016 Summer Olympics in full swing I thought it apropos to use the analogy of achieving a gold medal to obtaining HIPAA compliance.  I know, not really fair or nice to the Olympics and Olympians, but it makes a decent blog post and a good analogy.   So, bear with me and work on achieving your HIPAA gold medal. Vision You need a clear vision.  You will obtain your goal of being HIPAA compliant.  You need to clearly understand what that requires.  Take our Free Risk Assessment to better un ...

Is HIPAA Worth It?

HIPAA is yet another government mandate for American healthcare businesses to address.  We all know it's time consuming, requires a lot of effort to learn, stay current on and to implement.  Plus, it's costly.  But, is it worth it?  Does it truly help the covered entity or business associate in the long run.  You might be surprised by the answer. The simple answer is ABSOLUTELY. First, let's look at HIPAA goals. Basic Goals of HIPAA Portability: To allow patients to transfer their records ...

Advocate Health Care Fined $5.5 Million for HIPAA Violations

Advocate Health Care Network, of Illinois, reported three breaches in 2013.  Four desktop computers containing approximately four million patients' ePHI.    The OCR stated "This significant settlement, the largest to-date against a single entity, is a result of the extent and duration of the alleged noncompliance (dating back to the inception of the Security Rule in some instances), the involvement of the State Attorney General in a corresponding investigation, and the large number of individuals wh ...

Third Rock Announces CompassDB™ – A Comprehensive Compliance Management Platform

Austin, TX, - Aug. 3, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced CompassDB™ their compliance management platform.  CompassDB™ is designed to significantly reduce the cost and burden of HIPAA compliance for all parties involved.  Consulting firms who provide compliance services, and the clients, Covered Entities and Business Associates on which HIPAA regulations are focused, all will benefit. CompassDB™ is a cloud solution that provides safe, secure, web based s ...

Focus on Security: Phishing for Malware

85 percent of organizations have suffered phishing attacks! That is straight from the Wombat 2016 State of the Phish report.  Is that depressing or what!  The sad thing is, phishing can be thwarted most of the time.  But, it requires diligent training of your ENTIRE staff.  Including the board members, owners, executives and doctors.  Everyone needs to be trained to identify phishing attacks and resist opening the link and/or attachment. A few stats from the report. 85% of organizations ...

1 2 3 4 5 6 7 8 11