Overcoming Organizational Roadblocks to Cyber Security 

In many organizations, cyber security is perceived as one of those “important-but-not-urgent” issues that keep getting put off in deference to the pressing issues of the day – insurance denials, staffing, readmissions, patient no-shows, supply shortages…the list goes on.  It’s not that organizational leaders are doing nothing. In most organizations, the basic pieces, such as a HIPAA-compliant EHR, firewall, anti-virus software, and staff training, are all in place. It is these very safeguards ...

Cyber Hygiene: Are your systems hardened?

Third Rock performs Risk Assessments (Security Risk Analysis) for very small firms to large organizations in healthcare, technical, financial, insurance, oil and gas, and other industries. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for vulnerabilities and many variants of compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% co ...

Cybersecurity and The Endless List of Compliance

I recently wrote about insurance companies raising the bar on business to protect their valuable data to acquire cyber liability insurance.  But, it's not just insurance companies that are raising the bar. Governments around the globe are now requiring all types of companies to be compliant with some type of standard to better protect the data they possess.  What many people don't realize is these standards are all based on the protection of personal/private/confidential/sensitive/valuable informatio ...

Internet of Medical Things:  Real Security Threat or Hype?

For decades, healthcare medical devices functioned as freestanding tools. Glucometers, lasers, infusion pumps, pressure monitors, neonatal incubators, heart monitors – each serving its unique function independently of the others. With the widespread implementation of electronic health records (EHRs), however, and the push for increased digitization of health information, these devices have increasingly been networked into the patient information ecosystem.  They now transmit PHI between a myriad of syste ...

MACRA Deadline Approaching – Schedule your SRA today!

MACRA Deadline Approaching - Schedule your SRA today! In an effort to help medical practices maximize their Medicare reimbursements by meeting MACRA requirements, Third Rock is offering a 20% discount for our Security Risk Assessment package if you schedule your SRA with Third Rock by December 8th. Our tool, CompassDB, makes doing an SRA fast and easy. Our package offer includes: ✓ Security Risk Assessment and detailed report ✓ A Security Risk Management consultant available onsite or online ...

Third Rock Recognized at Austin Recovery’s 50th Anniversary Event

Third Rock Recognized at Austin Recovery's 50th Anniversary Event Round Rock, TX, July 25, 2017 – On May 5th, Austin Recovery celebrated its 50th Anniversary with a luncheon gala at the Shalom Austin Jewish Community Center in Austin, TX. At the event, they recognized Third Rock, Incorporated and its partner Nivola Healthcare Solutions for their work and donations supporting the organization’s HIPAA compliance activities and related information security practices. Austin Recovery requested Third R ...

Overwhelmed by HIPAA? Compliance is a Process, Not an Event

Like most major change initiatives, HIPAA compliance doesn’t happen in a day. It requires change by every person in the organization. Everyone who touches PHI (protected health information) must develop new work habits to keep PHI secure…Staff who answer phones, schedule appointments, and check patients in have to maintain patient confidentiality in very public work stations…IT staff must implement new technical safeguards and continually monitor systems…Managers must learn the new roles of P ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...

Culture of Compliance Awarded to The Urology Team

Ada and Cindy leading the efforts to protect patient data and The Urology Team practice. Third Rock is pleased to recognize The Urology Team, a well-known and respected Austin-based medical practice, with the Culture of Compliance Award. This is the first time Third Rock has presented this award which recognizes healthcare providers who have embraced HIPAA privacy and security practices so thoroughly that they are engrained in their corporate culture and standard processes. The Urology Team engaged T ...