Focus on Technology: ePHI Encryption

Five years ago encryption was not common, nor cheap.  Today, it's everywhere and inexpensive to implement. Yet, healthcare still considers it a nuisance, ignores it or assumes their EHR or patient management software provides complete encryption. Consider the fact that ePHI is worth $500 per record and a credit card number is worth $0.50 (50 cents), it's time for healthcare providers and their business associates to batten down the hatches on their ePHI.  Cyber criminals want it and will find it.  Me ...

Reduce the Burden of HIPAA While Increasing Your Protection

If you missed our recent webinar on Reduce the Burden of HIPAA While Increasing Your Protection you can watch it on-line now.Ed Jones, Third Rock's Chief Compliance Officer, keeps this presentation updated to help your stay current on HIPAA and cyber-security.  We offer the course to professional associations and local healthcare societies, board of directors and executives and as a Continuing Education (CE) course.  Contact us if you're interested in a private webinar with Q&A.Please join Ed ...

Is 2016 going to be “The Sequel” for Healthcare?

We all love sequels of our favorite movies. Unfortunately, when it comes to healthcare breaches, there is not much to love about the likelihood of a 2016 sequel to a record breaking 2015. At the end of 2014, which was recognized as the “The Year of the Cyber Breach”, many industry leaders, including Third Rock, predicted 2015 to be the year of the “Healthcare Breach.” It didn’t take long to for the prediction to come true. By the end of the first quarter, an estimated 91 million healthcare record ...

Third Rock Introduces Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! CE course for Free to HealthCare Associations and Members

# # # FOR IMMEDIATE RELEASE Contact: Robert Felps rjf@thirdrock.com 512-310-0020Third Rock Introduces Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! CE course for Free to HealthCare Associations and Members Austin, Tx, Mar 8, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, is offering a free continuing education (CE) course to any Healthcare Association or Organization on Cyber Security and HIPAA Compliance: Practical Steps to Protect Your Practice! T ...

After the Risk Assessment, Then What? How Often Do I Need to Check?

As we noted previously, there are numerous requirements for HIPAA compliance.  A follow-up question often heard is “How often do I have to do these things?”Risk assessments officially need to be performed on an annual basis but regularly reviewing your risk remediation plan throughout the year is a business “best practice” for any organization.Policies and Procedures need to be reviewed and changed depending upon federal law changes and changes in your organization.  New processes, new tec ...

After the Risk Assessment, Then What? Planning for Emergency Events

As we noted previously, there are numerous requirements for HIPAA compliance.  Being prepared for future emergency events is often identified in the Risk Assessment as a HIPAA compliance requirement that needs to be addressed.Preparing for future events is often overlooked by many healthcare entities.  Just dealing with the issues of the day can take up the majority of your time.  However, being prepared for future events, besides being a HIPAA requirement, also makes good business sense.What HIP ...

HIPAA Compliance – After the Risk Assessment, Then What? Data Protections

As we noted previously, there are numerous requirements for HIPAA compliance.  One such item is the protection of your data – while in use, at rest, in motion, or at its disposal.PHI data can exist in many forms and is generally categorized in one of four states:Data in Use (data that is being created, retrieved, updated, or deleted) Data in Motion (data that is moving through networks, including wireless transmission) Data at Rest (data that exists in databases, file systems, and other sto ...

HIPAA Compliance – After the Risk Assessment, Then What? Breach Detection

As we noted previously, there are numerous requirements for HIPAA compliance.  A top priority after the risk assessment is cyber security to prevent and detect cyber breaches.In this age of data breaches – from cyber breaches to equipment theft/loss, addressing the issue of continuous monitoring of your network and your networked devices might be the second item to address on your list of HIPAA compliance activities.  The Office of Civil Rights (DHHS) states that security is now 80% of the requireme ...

HIPAA Compliance – How to Get Started?

You may have asked yourself – how HIPAA compliant are we really?  What constitutes HIPAA compliance?  How often do I need to check?There are numerous requirements for HIPAA compliance – performing an annual risk assessment, up-to-date training, maintaining current policies and procedures, having a contingency plan, having your data encrypted at rest and in motion, continuous monitoring of all networks and networked devices, just to name a few.Those are a lot of things to contend with but where ...

ePHI = Money = Thieves

Our compliance officer created this slide for a presentation recently and I thought, what a simple way to get the point across about Protected Health Information (PHI).  An individual's complete  ePHI records are worth up to $500 on the black market.  Cyber-criminals are not longer focused on credit cards as they can be readily cancelled.  They now want ePHI as evidenced by the fact that over 10 times more PHI records were stolen in the first three months of 2015 than were stolen in all of 2014! I bel ...

1 2 3 4