HIPAA Compliance is a Business Decision

A couple of weeks ago, I was talking with a technology vendor who is starting to move into the healthcare space. Their technology isn’t used in the creation or manipulation of patients’ protected health information (PHI), but they do store information on behalf of healthcare organizations that could potentially include PHI. They wanted to know, “Are we required to comply with HIPAA?” Technically – yes. On the other hand, there are hundreds of healthcare organizations and healthcare vendors who act ...

National Health IT Week – FREE Assessment

It's National Health IT Week and Third Rock is promoting the value of Health IT and its role in protecting your patients, your practice and yourself with a FREE assessment. Just click below to take your free risk assessment to better understand your practice's security risk from cyber threats. It only takes a few minutes! Let's Get Started Join the movement to improve Health IT to improve patients' health.  Checkout our HIPAA and Cybersecurity Resources page at https://thirdrock.com/resources/ ...

Could this breach have been prevented? – A new series

Could this breach have been prevented? – A new series One of the first lessons of process improvement is that preventing errors is much less expensive and time-consuming than remedying the damage after the fact. The same is true for an information breach. The time and cost for installing new software, training staff members, and reinforcing policies and procedures pales in comparison to cleaning up the damage of an information privacy or security breach. Recent headlines of multi-million-dollar ...

Thank Goodness! NIST says, “No more difficult passwords!”

Just when you thought all hope was lost of remembering your 16 character password with upper and lower case letters, numbers, and special characters; NIST comes to the rescue. That's right!  The National Institute of Standards and Technology wrote a brief addendum to SP 800-53 which simplifies Strength of Memorized Secrets.  You and I refer to those "secrets" as passwords.  It's a light read, only 50 or 60 pages.  I don't really know because I didn't want to print it and kill four trees.  Anyway, the ...

Think you can take your time when breached? Think Again!

In January of this year, the HHS Office of Civil Rights levied a $475,000 fine against Presence Health for taking too long to notify their patients - as well as the OCR - after discovering the breach of PHI (protected health information). The incident occurred in October 2013 when Presence Health, based in Illinois, discovered that hundreds of physical documents containing patient names, birth dates, medical record numbers, and surgery details for 836 patients were missing.  They did not report the breach ...

What happens when someone submits a HIPAA complaint?

You may not realize how easy it is for someone to submit a complaint about your organization. However, if you are not prepared, what happens after that submission is not something you will soon forget! This is why HIPAA compliance must be a culture and not just a piece of paper. While someone WILL submit a complaint against you at some point, if you have a culture of compliance in place, there should be little to no effect on your business. If you just run through a simplified checklist once a year, howeve ...

An Ounce of Prevention – Why HIPAA Guidelines should be your standard operating procedures

The American Heart Association lists heart disease as the #1 cause of death in the US with nearly 800,000 deaths per year. In comparison, more than 3.1 million patients have been impacted in the first half of 2017 by a data breach that led to the theft of protected health information (PHI). That's right — in half the time, nearly four times as many people have been impacted by an information breach as have died from heart disease! Yet an estimated two thirds of medical practices remain at risk of bei ...

Focus on Security: In plain sight

Sometimes we tend to focus strictly on the technical side of security and compliance and fail to notice the very important issues hiding in plain sight. While a hacker breaking into your network and stealing ePHI is the threat that is being talked about the most, it is sometimes the overlooked old-fashioned threats that present the greater risk. Think about how many times a patient record has been sitting somewhere and how long does it actually take for someone to pick it up and walk off? What about allo ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Is a new Healthcare Cybersecurity Framework the answer?

The Healthcare Industry Cybersecurity Task Force has asked the U.S. government to create new policies that would help healthcare providers improve their cybersecurity.  You can read about it in this article Cybersecurity task force seeks new security framework, exemption to the Stark law on Modern Healthcare. First let me state, I am all for a Cybersecurity Framework and I appreciate KLAS-CHIME and their work to survey the industry.  They are primarily focusing on the large and very large enterprise h ...

1 2 3 4 5 6 7