Avoid the HIPAA Wall of Shame

There are several things a healthcare covered entity or business associate needs to do to avoid HIPAA fines and the possibility of being listed on the wall of shame, but the immediate need is to perform a thorough risk assessment. And that usually means having a third party perform a credible risk assessment that includes privacy, security and technology assessments. Unless your organization has conducted a thorough risk assessment in the last 12 months and taken action to address issues, you're playing ...

Protecting PHI through mutual trust

The Office of Civil Rights (OCR) of the Department of Health and Human Services issued a warning stating that covered entities should expect and prepare to mitigate the damages of breaches as a result of their business associates (BA).  In an article published in Healthcare IT News by Jack McCarthy entitled “OCR cautions hospitals to prepare for breaches at business associates” , he quotes OCR that most covered entities (CE) don’t believe their BAs will notify them of a breach.  The CEs also sta ...

OCR Levies fine for lack of business associate agreements

$1.55 million settlement and remediation  According to the HHS Office of Civil Rights, North Memorial Health Care of Minnesota failed to complete a security risk assessment or risk analysis nor did it have compliant business associate agreements.  The OCR considers these major cornerstones of HIPAA compliance.  The important thing to understand about the security risk analysis is that it now focuses on IT infrastructure.  Which means you must make sure you perform several key steps in the risk assessme ...

Protecting Patient Health Information

The Meaningful Use advisers at the North Texas Regional Extension Center have a lot of experience working with physicians and Patrick Casey makes some good points about the need to protect patient health information. Protected Health Information (PHI) is a hot commodity on the black market and well worth your time to learn how to protect.  It’s a quick read that healthcare providers (doctors, office managers and all staff) need to read and understand. Protecting Patient Health Information by Patri ...

Focus on Security: Backups – The Ultimate Cyber-Security Weapon

Backups, we all believe and trust they are being performed regularly and will work if we ever need to restore our business after a natural disaster, malicious attack or cyber-attack, such as ransom-ware.  The reality is backups are not historically reliable and they become out of sight, out of mind!  You need to ensure they are being performed regularly and restoring from the backup media works. ePHI data is highly desirable by criminals because it is worth far more than credit card information on th ...

Focus on Technology: ePHI Encryption

Five years ago encryption was not common, nor cheap.  Today, it's everywhere and inexpensive to implement. Yet, healthcare still considers it a nuisance, ignores it or assumes their EHR or patient management software provides complete encryption. Consider the fact that ePHI is worth $500 per record and a credit card number is worth $0.50 (50 cents), it's time for healthcare providers and their business associates to batten down the hatches on their ePHI.  Cyber criminals want it and will find it.  Me ...

Data Hemorrhage – Find and Stop the Bleeding

We bleed data constantly. Data hemorrhage! Why? Because it is self-propagating. The more important the data, the faster it seems to reproduce. Important data has to be backed up. It will end up in the cloud, actually multiple clouds. I’ll print a copy and store it in my file cabinet, just in case. Probably be good to burn it on a CDROM as well for my long term records. High quality data is used for analysis via a spreadsheet, to project future business trends, revenue, and sales projections. You can make ...

Reduce the Burden of HIPAA While Increasing Your Protection

If you missed our recent webinar on Reduce the Burden of HIPAA While Increasing Your Protection you can watch it on-line now. Ed Jones, Third Rock's Chief Compliance Officer, keeps this presentation updated to help your stay current on HIPAA and cyber-security.  We offer the course to professional associations and local healthcare societies, board of directors and executives and as a Continuing Education (CE) course.  Contact us if you're interested in a private webinar with Q&A. Please join Ed ...

ePHI – Defend, Detect, Defeat

Healthcare covered entities and business associates can reduce their cyber security risks by focusing on three areas – defend, detect, and defeat.  The cyber security industry refers to these areas with different words, but the same basic meaning.  Sometimes you’ll hear prevent, detect, respond, but we like defend to remind us we’re at war and defeat so we have a goal to stop data loss. Defend begins with governance, compliance and organization.  It involves assessing what you need to p ...

Healthcare Breaches Caused By Criminal Attacks

Last year the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data revealed a shift in the root cause of data breaches from accidental to intentional.  This is worth noting for all healthcare providers, large and small.  It’s not enough to provide good, current cyber security training to all of your employees, but you must improve your overall cyber security to protect your highly valuable ePHI. FierceHealthIT wrote up a good summary on the report, read it ...

1 2 3 4 5 6 7 8 9 10 11