HIPAA – Enemy #1 = Do Nothing

What is the biggest obstacle to HIPAA Compliance? Do Nothing! It’s the #1 enemy of HIPAA compliance and Healthcare practices.Anyone that has checked into HIPAA in the past few years can see that action is necessary to address new requirements and fend off potentially harsh fines. With minimal cost and effort, a practice can deploy cyber-breach detection software and perform a risk assessment that will drastically improve their compliance and greatly reduce their likelihood of losing valuable ePHI. Ho ...

HIPAA/HITECH, Is your practice compliant?

The new HIPAA/HITECH law has been in force for over two years.  However, most healthcare providers have yet to start addressing the new requirements.  It’s a daunting task for a risk assessment expert, professional project manager or even a CCO, CIO or COO, much less a practice manager.  There are various reasons for the delay: confusion, misinformation, cost and time.One of the most common sources of misinformation we've encountered in our clients is a belief that they are already in compliance!  ...

HIPAA Self-Assessment Validity

HIPAA Risk Assessment: Third party vs self-assessment Although the U.S. government allows healthcare providers under $5 million in annual revenue to perform a risk assessment themselves as part of the HIPAA requirements, is it a good idea?  The alternative is to pay an independent third party to perform the risk assessment.Many consider the Risk Assessment a necessary evil to avoid potential HIPAA fines.  It is important to remember the fundamental intent of HIPAA; protect the patient’s data, maint ...

HIPAA/HITECH Security Risk Analysis Myths and Facts

As we continue to work with more health care providers, covered entities, and business associates we see confusion about HIPAA/HITECH compliance requirements. Some providers are even in denial. They believe they are being compliant by just having staff take short on-line "HIPAA" training courses.  But that falls well short of what is required to be compliant, and many of these on-line training courses are not up to date with current HIPAA regulations, nor do they cover cyber-security, which is now a must h ...

HIPAA Compliance – The Moving Finish Line

The overarching goal of HIPAA compliance is to protect the individual; both the patients’ health and their finances. Protection of the patients’ health is ensuring their medical records are not corrupted or lost, and readily available when needed. The financial protection is prevention of identity theft and other cyber-crimes.HIPAA began as a law to enable an individual to maintain health insurance when changing jobs but with the addition of federal and state regulations, and the HITECH act, it has ...

Outgrowing the “As Needed” Technology

All organizations have been there, that start-up company that is more worried about making a profit than what its technology plan is for the next year, let alone three plus years. When you are a small company with a few employees or maybe even just yourself, it is easy to get in to the routine of simply grabbing a solution to fit the need you have at that moment.Honestly, there is no reason to even try to change someone’s mind that is going about their technology purchases in an “as needed” basis. ...

BCDR is the operations plan

I have been involved with assessing Business Continuity and Disaster Recovery (BCDR) plans and their development for over 25 years.  It always seems that DR planning is an afterthought and starts with system backups.   Typically, companies build out their IT infrastructure based on the business requirements. When it's finished someone asks, "How do we recover this if something bad happens?"  That's not 100% true, but most companies don't really plan well for a major disaster.  The proliferation of netw ...

Press Release: Third Rock and Tippet Industries Team to Create ACES

Round Rock, Tx, Feb 19, 2014 – Third Rock, a business technology consulting firm in Round Rock, and Tippet Industries, a professional consulting firm in Round Rock, have teamed up to create Austin Consortium of Executive Services (ACES).  ACES provides enterprise level consulting services, software as a service solutions and application development to small and medium sized businesses, ranging from $20M to $500M in size.  What makes ACES unique is the company’s experience which ranges from helping ent ...