HHS Releases New Guidance on Ransomware

One of the top newsmakers of 2016 has been ransomware.  During the first half of this year, ransomware grew 300% to 4,000 daily attacks! But several high profile attacks of hospitals really put it in the spotlight.  Although it has been around for several decades, in the past 4 years, Russian groups have further developed its capabilities and propagated its use worldwide. The dark web or darknet also significantly contributed to the increase in ransomware attacks due to its black market for such products. ...

HIPAA Crossword Puzzle

HIPAA Crossword Puzzle Third Rock We thought it might be good to have you learn more about HIPAA through a challenging crossword puzzle. We hope you enjoy completing the puzzle and learn a little about HIPAA in the process.  You can click the image below to download the PDF version and print it off. Answers Across: 2. PHI 3. backups 5. ice cream 6. HIPAA 8. risk assessment 10. covered entities 12. disaster recovery 15. PII 17. cyber breach 20. cyber security 21. audit 22. lemonade ...

Focus on Security: It’s going to take more resources

No one wants to spend money for something they don't want or need.  Many companies, including the healthcare industry, try to squeeze IT when it comes to the budget.  But what most CFO's and executives that control the IT budget need to understand is, they have become a digital business, at least in the back office. Everything is now done on the computer.  Therefore, there must be an increase in resources to keep the computers up-to-date, secure and operating at acceptable levels. With cyber criminals ...

Insider Breaches – A Risk that Shouldn’t be Overlooked

With all the headlines on cyber breaches and the cyber criminals trying to break into your digital environment, you may overlook a common and very real threat.  Accenture's recent security report said 69% of the people surveyed had experienced an insider attempt or success at data theft or corruption.  Many of the other cyber reports show the same types of stats.  It is reasonable to anticipate someone inside your organization may be planning or is actively stealing your company’s proprietary infor ...

Using Caution with Email Attachments

Email is a way of life in most business and is often one of those tools we take for granted. We all feel the pain when it is down as for many it is a key part of their job. It's also an extremely powerful tool that allows us to not only send and receive messages and meeting request, but also attachments. This is where email becomes dangerous to both you and your organization. Most organizations take some level of effort to protect the computer and network from these potentially dangerous attachments wit ...

Cyber-breaches: Don’t Lie to Yourself

We've heard many arguments for not addressing your HIPAA compliance by healthcare covered entities. Honestly, it's appalling to think a person that provides care to people doesn't care about protecting that person's personal information to prevent their customer from experiencing emotional and financial suffering and potential ruin.  The first issue for the healthcare covered entity is to understand it's not about the HIPAA audit but about being breached, losing ePHI and then being forced to be audit ...

Steps to Prepare for an OCR HIPAA Audit

We're often asked when helping clients with their HIPAA compliance, "What do we do if we're audited [by the OCR]?"  It is analogous to the old adage about buying a home; location, location, location.  In the HIPAA world, it's document, document, document! You must record your HIPAA compliance efforts, regularly contributing to the "body of evidence" that your practice is on the compliance path and making improvements.  Conversely, if you aren't documenting your efforts and you receive an audit not ...

Making Your BOE a Priority

Do you keep good records?  When asked that question my mind races to the Federal Income Tax due date, April 15th and I get a knot in my gut.  I think of sorting through a box of receipts late at night feeling very rushed, tired and frustrated.  Each year I set the goal to be better organized for April 15th, but my life is far too busy to allow me to dedicate the time to organizing a solution. In my business life however, I do quite well thank you!  I maintain good records and well organized files.   ...

Primary Cyber Security Threats

We're often asked "How likely is it that we will be audited by the government (OCR) for HIPAA compliance?"  Our response is "It's highly unlikely to be selected to be audited by the OCR".  We immediately follow up with, "However, it's highly likely you will have a breach of PHI or ePHI, which will then trigger an audit by the OCR, and 15,000 audits were started because of someone reporting a practice to the OCR, either a patient, employee, or business associate."  Therefore, take steps to Protect you ...

What’s your security score?

  There are a number of ways to become the subject of an OCR HIPAA audit.  The most unlikely way is to be selected for a random audit and if that happens, go buy a lottery ticket! Complaints filed by dissatisfied customers and/or disgruntled employees resulted in about 15,000 investigations last year.  Suffer a breach and OCR will be knocking on your door.  As the number and severity of breaches continue to increase, third party companies are becoming much more efficient at identifying com ...

1 2 3 4 5 6 7 8 9 11