HIPAA Self-Assessment Validity

HIPAA Risk Assessment: Third party vs self-assessment Although the U.S. government allows healthcare providers under $5 million in annual revenue to perform a risk assessment themselves as part of the HIPAA requirements, is it a good idea?  The alternative is to pay an independent third party to perform the risk assessment. Many consider the Risk Assessment a necessary evil to avoid potential HIPAA fines.  It is important to remember the fundamental intent of HIPAA; protect the patient’s data, maint ...

HIPAA: Get off Windows XP Now! Seriously!

Ok, HEALTHCARE world, you have GOT to get with the program and MOVE forward.  We continue to go into healthcare providers of all kinds; hospitals, clinics, doctors, dentist, optometrist, dermatologist, etc and find these old, slow, archaic systems running Windows XP.  Here are a few reasons why you should PULL THE PLUG on Windows XP. Reasons to part ways with Windows XP No longer officially supported by Microsoft. If you want any support, be prepared to open your wallet in a big way. Has know ...

The Breach is Only The Beginning

The scary thing about a cyber breach, is according to reports (Fire Eye Report), 97% of all networks have been breached. Think about that for a moment and realize that there is a good chance that your organizations network has been breached at some point. Now whether that breach was successful at gaining sensitive data, like ePHI, or not it is hard to tell. Which in its self is even more concerning than the fact that you had been breached. You just don't know and that is bad! You want to know what is tr ...

HIPAA/HITECH Security Risk Analysis Myths and Facts

As we continue to work with more health care providers, covered entities, and business associates we see confusion about HIPAA/HITECH compliance requirements. Some providers are even in denial. They believe they are being compliant by just having staff take short on-line "HIPAA" training courses.  But that falls well short of what is required to be compliant, and many of these on-line training courses are not up to date with current HIPAA regulations, nor do they cover cyber-security, which is now a must h ...

Just how HIPAA compliant are you? HIPAA Quick Check Stats

Healthcare organizations are focused on the health and welfare of their patients.  It is the very reason for their existence.  Today, patient “welfare” increasingly means protecting patient data.  It is daunting task given the complexity and ever-evolving requirements.  The industry and HIPAA regulations struggle to keep up with the rapidly evolving cyber thieve. Over a year ago we setup a HIPAA Quick Check site where organizations can take a few minutes to see just how well they actually stack ...

HIPAA: What was Reasonable and Appropriate is not Today!

If you are scared of the blunt truth, you really should read this anyway. You can no longer simply cover your ears and close your eyes. I’m sure HHS and OCR wish the phrase “reasonable and appropriate” wasn’t ever written into the HIPAA CFRs.  I can’t think of a vaguer and more meaningless phrase, except possibly “indescribably delicious”.  An attempt to instruct providers and business associates to install and maintain security safeguards that protect patient data within your practice’ ...

Healthcare Information Security: Have you been breached?

The Ponemon Institute1 reports that approximately 91% of healthcare organizations (“covered entities”) have experienced an information breach in the past year and an additional 38% have suffered more than five data breaches in the past two years! During the same time period, 59% of business associates have been breached, and 15% have been breached five or more times.* It is estimated that 20 to 30% of providers have been breached and may not yet even be aware that a breach has occurred. According to ...

Security Advisory: LastPass Compromised

According to LastPass their team found and blocked suspicious activity on their network. They claim that no evidence that any encrypted user vault data (where the passwords are stored) was taken. However they said that the investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authent ...

They’re Here! OCR Launches Phase 2 HIPAA Audits. Are You Ready?

The Office of Civil Rights (OCR) is about to launch the next round of HIPAA audits, designated as Phase 2.  The initial phase of audits in 2011 and 2012 established that security compliance was woefully poor and expectations for these next round of audits are compliance hasn’t improved significantly.  Statistics recently published state that 90% healthcare providers have experienced a breach within the past year! It gets worse.  In 2014, 8 million healthcare records were improperly disclosed or stolen. ...

29 Million Health Records Exposed in 4 Years

If you had any shred of doubt that health care data breaches are a legitimate and major problem, those doubts have been laid to rest. Medical researchers published a study (link) showing that an astounding 29.1 million health records were compromised between 2010 and 2013. That DOES NOT INCLUDE the major breaches in 2014 and early 2015!! The majority of them (58%) were exposed through theft, but the rest were through hacks and un-authorized access. Providers are not happy, as seen in the opinion pi ...

1 9 10 11 12 13 14 15 16 17