Could this breach have been prevented? – A new series

Could this breach have been prevented? – A new seriesOne of the first lessons of process improvement is that preventing errors is much less expensive and time-consuming than remedying the damage after the fact. The same is true for an information breach. The time and cost for installing new software, training staff members, and reinforcing policies and procedures pales in comparison to cleaning up the damage of an information privacy or security breach.Recent headlines of multi-million-dollar ...

Flooding: Are You Prepared?

Here in Texas, the Gulf Coast is about to take a direct hit from a hurricane that is expected to dump up to 30 inches of rain in some locations and up to 10 inches across large areas. That kind of rain will definitely cause serious flooding.  It's a little late for the Texas coastal bend area and the large inland areas that will be hit the hardest to take planning steps for disaster recovery. They're in emergency evacuation mode already, protecting life and reducing property damage. What we can learn from ...

Incidental Exposures – What are they and what is their impact?

A number of customers contacted me recently concerning possible breaches and what they should do.  After reviewing their situations, these were actually incidental exposures.  What is an incidental exposure? It is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.  Typical examples of such in the healthcare setting include conversations between patients and doctors where comp ...

Missing the Target of HIPAA – Part 3

If you haven't read my previous two blogs on this topic I encourage you to do so.  The first blog stresses the importance of being risk management proficient over being a HIPAA “expert”. The second blog deals with being accountable in your work actions, which means not only are you responsible for your actions, but your actions can be independently verified.  These two “factors” can go a long way to protecting your organization from the risks of a breach and from substantial penalties and fine ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

 Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later.Ther ...

Value Proposition of HIPAA Compliance (1 of 2)

If you've been reading our blog very long you know we've discussed Is HIPAA worth it?, What's the ROI?, etc, etc.  This article is really another way to think about why you need to start working on your HIPAA compliance today.What is the Value Proposition of HIPAA Compliance?Identifies weaknesses that make your business vulnerable and liable Improves protection of your patients’ valuable PHI Protects your business from disruptive events – natural and man-made Fortifies your cyber ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE  Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf.The overarching focus of CompassDB™ is to reduce the cost ...