From Meaningful Use to MACRA – Security Risk Analysis is still first requirement

  The Department of Health and Human Services (HHS) issued its final rule implementing the Quality Payment Program (QPP) that is part of the Medicare Access and CHIP Reauthorization Act (MACRA).  The QPP will reform Medicare payments for more than 600,000 clinicians across the country, and is a major step in improving care across the entire health care delivery system.  As a provider you can choose how you want to participate in the QPP based on your practice size, specialty, location, or pat ...

Value Proposition of a Next-Generation Compliance Platform (2 of 2)

This is the second in a two part series concerning the value of compliance.  Our mission is, Worry-Free Compliance, to help you obtain a culture of compliance through normal business operations.  Our vision is to reduce the complexity, cost and burden of HIPAA compliance using a next-generation compliance management platform. What does a next-generation management platform provide?  Here's a list: Complete Manages the entire compliance process Maintains custom policies and procedure ...

Value Proposition of HIPAA Compliance (1 of 2)

If you've been reading our blog very long you know we've discussed Is HIPAA worth it?, What's the ROI?, etc, etc.  This article is really another way to think about why you need to start working on your HIPAA compliance today. What is the Value Proposition of HIPAA Compliance? Identifies weaknesses that make your business vulnerable and liable Improves protection of your patients’ valuable PHI Protects your business from disruptive events – natural and man-made Fortifies your cyber ...

PHI – Who Really Owns It?

Let's just start off this blog by saying, we're not going to solve the legal question here or today.  However, it is a very important topic to understand.  Here's my feeble attempt to help covered entities (CEs) and business associates (BAs) think about PHI in a new way. PHI at its core is the patient's data. It is to be used to provide healthcare services to the patient and keep them healthy and prevent medical injury or death. The Healthcare industry is supposed to make it readily avail ...

Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

Focus on Technology: HIPAA Quick Fixes

While meeting all the HIPAA requirements for your technology (computer, network, etc.) requires some planning, there are some quick fixes that can greatly reduce the odds of your organization being breached while at the same time starting you on your path to compliance. Below are some common issues that we see at all sizes of organizations. How you go about correcting some of them is determined by the size and resources of your organization. Quick Fix #1 Issue: The operating system (i.e. Windows) on ...

Misconceptions Lead to False Sense of Security

In mid-August, The National Law Review reported the Office for Civil Rights (OCR) announced it would focus more on smaller breaches, those affecting less than 500 individuals.  I think this reflects the growing concern that Small to Medium Business (SMB) are more vulnerable.  They are also less capable of detecting, responding to and reporting breaches.  IBM estimates that 80% of cyber thefts suffered by SMBs go unreported.  This is due to lack of detection, embarrassment, and fear of social media backl ...

HIPAA Violation leads to jail time

An east Texas man, Joshua Hippler, was sentenced to 18 months in jail for violating HIPAA regulations. Basically, he was trying to sell PHI for personal gain.  He worked in a hospital and obtained PHI that he planned to sell.  The story here is not about Mr. Hippler, it's about you being held accountable for the protection of PHI.  It's important to understand that you can now serve jail time for NOT being HIPAA compliant. Yes, it's true, Hippler had criminal intent, but if you take HIPAA lightly and ...

OCR HIPAA Audits: Don’t gamble your organization’s solvency

Risk of Random Selection for an OCR Audit: 1%-5% In July of this year, the OCR began Phase II of their HIPAA Compliance Audit process. They randomly-selected 167 Covered Entities for a “desk audit” and plan to conduct an additional 50-75 onsite audits over the course of the year. A similar process will be used to select and audit a sample of Business Associates beginning in September. Given the hundreds to thousands of Covered Entities and Business Associates in any particular category, the risk o ...

Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign. The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

1 2 3 4 5 6 7 8 12