Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

Third Rock Welcomes Dr. Julie Rennecker to the Executive Team

Round Rock, TX, June 7, 2017 – Third Rock, a compliance software and consulting firm in Round Rock, announces the addition of Dr. Julie Rennecker to the Executive Team. Dr. Rennecker, a nurse and former healthcare management consultant, holds a PhD in Organizational Behavior from the MIT Sloan School of Management, where she studied technology adoption and organizational change. She joins Third Rock as the Chief Experience Officer with responsibility for the customer experience, from initial contact throu ...

MACRA/HIPAA: Ignorance of the Law Is No Excuse

  Many physicians believe HIPAA is a total waste of their time and money.  That's because they think it's the federal government trying to force them to do something that they don't need to be doing.  But, that's not the intent of the HITECH and OMNIBUS rulings.  Much of the compliance that was put into place was because of the implementation of EMR/EHR systems in the healthcare industry.  The federal government's Meaningful Use program even paid covered entities to transition from paper to ...

Buckle Up, It’s Going to be a Wild Cyber Ride!

Breathing a sigh of relief that the WannaCry ransomware attack didn’t hit your organization?  Thinking you’ve dodged that bullet?  Well, think again!  If trends are any indication, and they typically are, I think it’s going to get a lot bumpier.  Below are some incidents that lead me to to this conclusion.  So, buckle up and hold on tight! January 2015 – Largest Single Healthcare Breach - Anthem Insurance breach affecting over 80 million people.  Investigations point to state sponsored cybe ...

HHS OCR: PHI Security is your top priority

If you haven't noticed, cybersecurity is a major issue in the world, politically, economically, and even personally.  No one wants their identity stolen.  No business wants to deal with customer (patient) retaliation caused from losing their personal health information, whether it's boycotting, bad press, negative social media or a class action lawsuit. In general the U.S. government is taking action to help protect small businesses by requesting a new standard cybersecurity guide be written by the Nat ...

Leadership Briefing on Cyber Security

You're invited!  McLane Intelligent Solutions is hosting a Business Owner Briefing on Cyber Security breakfast in Temple, Texas on Friday, May 12, 2017 at 7:30 AM.  There is plenty of news about cyber breaches, but what small and medium businesses may not realize is that they are targeted more and are usually less prepared to deal with a cyber threat or breach. McLane would like to share their insight with you on the 12th. Specifically: How to properly protect your business from external threats ...

Cybersecurity: Have you hardened your systems?

We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies.  We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...

Missing the HIPAA Target – Part 2

In my previous blog, I stressed compliance is not about being an expert on HIPAA regulations, but being risk management proficient ― the ability to identify vulnerabilities and threats facing your organization, and to take steps to eliminate, minimize or manage them.  I usually refer to the next step as "ownership", but I’m not really a fan of the term.  A common synonym is "possession".  You can own something, but it doesn’t mean you are committed to taking care of it or ensuring a positive ou ...

Focus on Security: Special Cyber Security Briefing Event

PLEASE JOIN US ON FRIDAY, MARCH 24TH, 7:30 am -8:30 am Kerby Lane Round Rock, 2120 N Mays St, Round Rock, Tx for a BUSINESS OWNER AND LEADERSHIP BRIEFING on CYBER SECURITY ISSUES THAT ARE IMPACTING SMALL AND MID-SIZED BUSINESSES IN CENTRAL TEXAS Here’s why we think it’s important you attend: We’re seeing story after story of large corporations falling victim to cyber-attacks, but not enough attention is being placed on how small and mid-sized businesses are impacted at even greater freque ...

1 2 3 4 5