Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

Is HIPAA Worth It?

HIPAA is yet another government mandate for American healthcare businesses to address.  We all know it's time consuming, requires a lot of effort to learn, stay current on and to implement.  Plus, it's costly.  But, is it worth it?  Does it truly help the covered entity or business associate in the long run.  You might be surprised by the answer. The simple answer is ABSOLUTELY. First, let's look at HIPAA goals. Basic Goals of HIPAA Portability: To allow patients to transfer their records ...

Third Rock Announces CompassDB™ – A Comprehensive Compliance Management Platform

Austin, TX, - Aug. 3, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced CompassDB™ their compliance management platform.  CompassDB™ is designed to significantly reduce the cost and burden of HIPAA compliance for all parties involved.  Consulting firms who provide compliance services, and the clients, Covered Entities and Business Associates on which HIPAA regulations are focused, all will benefit. CompassDB™ is a cloud solution that provides safe, secure, web based s ...

OCR Levies fine for lack of business associate agreements

$1.55 million settlement and remediation  According to the HHS Office of Civil Rights, North Memorial Health Care of Minnesota failed to complete a security risk assessment or risk analysis nor did it have compliant business associate agreements.  The OCR considers these major cornerstones of HIPAA compliance.  The important thing to understand about the security risk analysis is that it now focuses on IT infrastructure.  Which means you must make sure you perform several key steps in the risk assessme ...

Third Rock CEO serves as panelist for ISC(2) Challenges in Healthcare IT

Robert Felps, Third Rock CEO, was one of four panelist for the ISC(2) Austin Chapter in Austin, TX on March 14 discussing Challenges in Healthcare IT.  There were over 50 security experts in attendance.  The focus was on the state of Healthcare cyber-security.  HIPAA compliance was a primary focus from the panelist.  You must do a [Security] Risk Assessment to know what issues you have and prioritize the remediation of those issues.  The changes brought about by HITECH and later updates to HIPAA mak ...

Third Rock Introduces Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! CE course for Free to HealthCare Associations and Members

# # # FOR IMMEDIATE RELEASE Contact: Robert Felps rjf@thirdrock.com 512-310-0020 Third Rock Introduces Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! CE course for Free to HealthCare Associations and Members Austin, Tx, Mar 8, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, is offering a free continuing education (CE) course to any Healthcare Association or Organization on Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! T ...

Building a Privacy & Security Culture: Training is just the beginning!

The privacy and security practices required by HIPAA run counter to decades of habit! Paper charts stored in unsecured racks in public hallways, unsecured computer workstations, and open discussion of patient information in public areas have been the norm in many healthcare facilities despite the 1996 and 2003 HIPAA privacy requirements. The additional risks to patient information posed by new technologies also run counter to decades of thought. Caregivers accustomed to thinking of their facility as a rel ...

HIPAA Compliance – After the Risk Assessment, Then What? HIPAA Education

As we noted previously, there are numerous requirements for HIPAA compliance.   The next step we would suggest is HIPAA Training.  The Education of your staff regarding what is HIPAA and what does it require is top priority and government requirement.  This education can be training classes as well as knowledge of your organization’s policies and procedures. Staff Training: HIPAA Privacy and Security Training, for all employees, is required to be done soon after initial employment and then period ...

HIPAA Compliance – After the Risk Assessment, Then What? Breach Detection

As we noted previously, there are numerous requirements for HIPAA compliance.  A top priority after the risk assessment is cyber security to prevent and detect cyber breaches. In this age of data breaches – from cyber breaches to equipment theft/loss, addressing the issue of continuous monitoring of your network and your networked devices might be the second item to address on your list of HIPAA compliance activities.  The Office of Civil Rights (DHHS) states that security is now 80% of the requireme ...

ePHI = Money = Thieves

Our compliance officer created this slide for a presentation recently and I thought, what a simple way to get the point across about Protected Health Information (PHI).  An individual's complete  ePHI records are worth up to $500 on the black market.  Cyber-criminals are not longer focused on credit cards as they can be readily cancelled.  They now want ePHI as evidenced by the fact that over 10 times more PHI records were stolen in the first three months of 2015 than were stolen in all of 2014! I bel ...

1 2