Third Rock Welcomes Timothy Sullivan to its Board of Advisors

Round Rock, TX,  September 21, 2017 – Third Rock, a compliance management software and consulting firm, announces the addition of Timothy Sullivan to its Board of Advisors. As a technology innovator and entrepreneur spanning four decades, Mr. Sullivan has created constructive disruptive technologies, products and services. He has grown more than a half-dozen companies in several industry sectors including software, medical devices, and biotech. Three of these companies were acquired by major corporations ...

Picking up the pieces after Hurricane Harvey

While some of our Texas friends and neighbors began trickling back to their water-logged homes and businesses this week, others who have weathered the storm are just starting their evacuation journey as the continued rain, Harvey's second landfall, and flooding from overflowing reservoirs continue to wreak havoc.  Our thoughts and prayers go out to each of you. Online resources abound for everything from insurance filing to accessing your personal health records. Here are a few we thought would be m ...

An Ounce of Prevention – Why HIPAA Guidelines should be your standard operating procedures

The American Heart Association lists heart disease as the #1 cause of death in the US with nearly 800,000 deaths per year. In comparison, more than 3.1 million patients have been impacted in the first half of 2017 by a data breach that led to the theft of protected health information (PHI). That's right — in half the time, nearly four times as many people have been impacted by an information breach as have died from heart disease! Yet an estimated two thirds of medical practices remain at risk of bei ...

Incidental Exposures – What are they and what is their impact?

A number of customers contacted me recently concerning possible breaches and what they should do.  After reviewing their situations, these were actually incidental exposures.  What is an incidental exposure? It is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.  Typical examples of such in the healthcare setting include conversations between patients and doctors where comp ...

Third Rock Recognized at Austin Recovery’s 50th Anniversary Event

Third Rock Recognized at Austin Recovery's 50th Anniversary Event Round Rock, TX, July 25, 2017 – On May 5th, Austin Recovery celebrated its 50th Anniversary with a luncheon gala at the Shalom Austin Jewish Community Center in Austin, TX. At the event, they recognized Third Rock, Incorporated and its partner Nivola Healthcare Solutions for their work and donations supporting the organization’s HIPAA compliance activities and related information security practices. Austin Recovery requested Third R ...

What to do if you are a Ransomware victim – latest guidance from HHS

In an earlier post, Clint Eschberger explained that the Best Defense Against Ransomware is a Good Backup. So hopefully your backups are in order - multiple, off-site, and tested. In addition to your internal processes for getting your organization back online, the HHS just issued the following guidance for reporting ransomware incidents and obtaining guidance. If  your organization is the victim of a ransomware attack, HHS recommends the following steps: Please contact your FBI Field Office ...

Is a new Healthcare Cybersecurity Framework the answer?

The Healthcare Industry Cybersecurity Task Force has asked the U.S. government to create new policies that would help healthcare providers improve their cybersecurity.  You can read about it in this article Cybersecurity task force seeks new security framework, exemption to the Stark law on Modern Healthcare. First let me state, I am all for a Cybersecurity Framework and I appreciate KLAS-CHIME and their work to survey the industry.  They are primarily focusing on the large and very large enterprise h ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

Third Rock Welcomes Dr. Julie Rennecker to the Executive Team

Round Rock, TX, June 7, 2017 – Third Rock, a compliance software and consulting firm in Round Rock, announces the addition of Dr. Julie Rennecker to the Executive Team. Dr. Rennecker, a nurse and former healthcare management consultant, holds a PhD in Organizational Behavior from the MIT Sloan School of Management, where she studied technology adoption and organizational change. She joins Third Rock as the Chief Experience Officer with responsibility for the customer experience, from initial contact throu ...

1 2 3 4 5 6