It is Time for Us to Take Control of Our Data!

The EquiFax breach really has me angry.  Mostly because I have no control over any aspect of this mess.  EquiFax scoops up data on all of us without our consent.  They seem unaccountable and untouchable.   With a last name like mine, I’ve had many opportunities to dispute incorrect data on my credit reports, which is always time consuming and irritating.  They make it known how unimportant you are and assume you are “guilty” unless you prove otherwise.  They collect data on all the people in th ...

Healthy Skepticism – Your Best Cyber Defense

It's no longer news that most of us are uber-connected. We use phone apps for weather, meditation, mapping, games, travel, texting, and more.  Online management of home devices, including thermostats, coffee makers, and alarm systems make it possible for us to remotely control many aspects of our lives. These technologies offer previously unthinkable convenience – and a great deal of risk to their owner's physical and information security.Healthcare, too, is becoming more connected for all the s ...

Missing the Target of HIPAA – Part 3

If you haven't read my previous two blogs on this topic I encourage you to do so.  The first blog stresses the importance of being risk management proficient over being a HIPAA “expert”. The second blog deals with being accountable in your work actions, which means not only are you responsible for your actions, but your actions can be independently verified.  These two “factors” can go a long way to protecting your organization from the risks of a breach and from substantial penalties and fine ...

Cybersecurity: Have you hardened your systems?

We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies.  We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the ...

One small step for man, one giant leap for privacy!

“To err is human”… a pretty obvious statement. So if we all know we are going to make mistakes, why not add an extra level of security to mitigate the effects of the mistake?I am sure we have all been in the predicament of sending John C. an email, but when we clicked on our contacts list we accidentally sent it to John B. I have conversations constantly with clients and friends about encrypting their email to protect themselves and often get the same set of questions…“Isn’t that e ...

HIMSS17 – OCR’s Expectations for HIPAA Compliance

Lessons Learned at HIMSS17 The Office for Civil Rights (OCR) made it clear at HIMSS17 - it’s time for the healthcare industry to take action NOW.  Here are the top messages we heard across multiple presentations by HHS (OCR, CMS), FDA, FTC, law firms, and cyber security firms. The following were made very clear to attendees.  Please note, these are not all from HHS, some were heard multiple times from various sources.  The point is, learn and take action.Ignorance of the HIPAA law is no e ...

HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance.HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Why Physicians should never use public Wi-Fi

We all enjoy the convenience of being somewhere, like a coffee shop, airport, hotel room, or lobby of a building waiting, and hopping on the free Wi-Fi to catch up on some work. Unfortunately, all healthcare workers should avoid free Wi-Fi at all costs.  It is very important to realize that if you can access the free Wi-Fi, so can anyone else. They can even leave devices behind that stay on the Wi-Fi, breach other systems and transmit the data back to their "home" base.  If you share a local Wi-Fi net ...

Advocate Health Care Fined $5.5 Million for HIPAA Violations

Advocate Health Care Network, of Illinois, reported three breaches in 2013.  Four desktop computers containing approximately four million patients' ePHI.    The OCR stated "This significant settlement, the largest to-date against a single entity, is a result of the extent and duration of the alleged noncompliance (dating back to the inception of the Security Rule in some instances), the involvement of the State Attorney General in a corresponding investigation, and the large number of individuals wh ...

Focus on Security: Printer Security

We all know we need to improve our computer and network security.  But we often forget that printers are now smart and connected.  Basically, they're another computer on the network. Therefore, we all need to take notice and insure we improve security on our printers.  The exact steps will vary depending on the brand, size, complexity, connection type and features of each printer.  But, below are several steps you can take to get started.Network - secure it Make sure you have a strong password on ...

1 2 3