MACRA 2017 deadlines are coming. Do you have a Security Risk Assessment scheduled before December 31st?

Right now the healthcare industry is in the final race to complete the requirements for MACRA, the new reimbursement scheme for Medicare. Thousands of dollars are at risk – failing to satisfy the MACRA requirements in 2017 will result in payment reductions for all of 2019!Submerged within the 2,398 pages of MACRA lies a key requirement for eligibility - completing a security risk assessment (SRA). The SRA is a “core requirement.”  Without an SRA, a healthcare practice can undo all their other eff ...

Check out our own Robert Felps, CEO Third Rock, speaking at two events in November

Robert is taking his  acclaimed “Cure for the HIPAA Headache” presentation on the road this month and presenting at the Developmental Services Network Annual Meeting  on November 6th in La Quinta, California.He then heads to Dallas on November 16th for the IQSC First Annual Healthcare Data Seminar.Contact us at info@thirdrock.com if you would like a copy of the presentation or would be interested in us presenting at one of your events.  Bio - Robert Felps, CEO/CISO - is a trusted advi ...

Too Many Passwords and Too Little “Personal” Memory!

I began my morning by starting up my PC and getting the message “Your password has expired. You must change it now!” Temporarily frozen at my keyboard, my mind is churning to think up a new password that I have a decent chance of remembering.  Should I tweak the old password by a digit or create a new one?  Luckily NIST has phased out the requirement to regularly change passwords.  But every website seems to require a password.  I have about 200 passwords to manage, what a pain!  I can’t begin to ...

Don’t Click the Download Button!

I thought about naming this blog "Would the Real Download Link Expose Yourself."  But, a few people said that wasn't a great title.  Go figure!I'm sure you've visited a website to download something, maybe an image or install software or maybe some template to design a cool new flyer.  You've probably also clicked on a large green or teal or blue or some other lovely color button that said, "Download", only to find out it was an ad to some trash item you're not interested in nor do you want.  It ...

National Health IT Week – FREE Assessment

It's National Health IT Week and Third Rock is promoting the value of Health IT and its role in protecting your patients, your practice and yourself with a FREE assessment. Just click below to take your free risk assessment to better understand your practice's security risk from cyber threats. It only takes a few minutes! Let's Get StartedJoin the movement to improve Health IT to improve patients' health.  Checkout our HIPAA and Cybersecurity Resources page at https://thirdrock.com/resources/ ...

It is Time for Us to Take Control of Our Data!

The EquiFax breach really has me angry.  Mostly because I have no control over any aspect of this mess.  EquiFax scoops up data on all of us without our consent.  They seem unaccountable and untouchable.   With a last name like mine, I’ve had many opportunities to dispute incorrect data on my credit reports, which is always time consuming and irritating.  They make it known how unimportant you are and assume you are “guilty” unless you prove otherwise.  They collect data on all the people in th ...

Thank Goodness! NIST says, “No more difficult passwords!”

Just when you thought all hope was lost of remembering your 16 character password with upper and lower case letters, numbers, and special characters; NIST comes to the rescue. That's right!  The National Institute of Standards and Technology wrote a brief addendum to SP 800-53 which simplifies Strength of Memorized Secrets.  You and I refer to those "secrets" as passwords.  It's a light read, only 50 or 60 pages.  I don't really know because I didn't want to print it and kill four trees.  Anyway, the ...

Congress Addresses Medical Device Vulnerabilities

The Medical Device Cybersecurity Act of 2017 was introduced on August 1, 2017 by Senator Richard Blumenthal (D-CT).  The new bill is intended to improve the security of medical devices and increase transparency. If passed, it would make healthcare organizations aware of the cyber capabilities of devices and the extent to which those devices have been tested.  Is this another law adding burden to a strained healthcare industry or a vital piece of legislation designed to protect the public?  Let’s se ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck!This series has emphasized:Being risk management proficient rather than being a "HIPAA Expert". Being accountable, which means ...

1 2