Thank Goodness! NIST says, “No more difficult passwords!”

Just when you thought all hope was lost of remembering your 16 character password with upper and lower case letters, numbers, and special characters; NIST comes to the rescue. That's right!  The National Institute of Standards and Technology wrote a brief addendum to SP 800-53 which simplifies Strength of Memorized Secrets.  You and I refer to those "secrets" as passwords.  It's a light read, only 50 or 60 pages.  I don't really know because I didn't want to print it and kill four trees.  Anyway, the ...

Think you can take your time when breached? Think Again!

In January of this year, the HHS Office of Civil Rights levied a $475,000 fine against Presence Health for taking too long to notify their patients - as well as the OCR - after discovering the breach of PHI (protected health information). The incident occurred in October 2013 when Presence Health, based in Illinois, discovered that hundreds of physical documents containing patient names, birth dates, medical record numbers, and surgery details for 836 patients were missing.  They did not report the breach ...

Congress Addresses Medical Device Vulnerabilities

The Medical Device Cybersecurity Act of 2017 was introduced on August 1, 2017 by Senator Richard Blumenthal (D-CT).  The new bill is intended to improve the security of medical devices and increase transparency. If passed, it would make healthcare organizations aware of the cyber capabilities of devices and the extent to which those devices have been tested.  Is this another law adding burden to a strained healthcare industry or a vital piece of legislation designed to protect the public?  Let’s se ...

Picking up the pieces after Hurricane Harvey

While some of our Texas friends and neighbors began trickling back to their water-logged homes and businesses this week, others who have weathered the storm are just starting their evacuation journey as the continued rain, Harvey's second landfall, and flooding from overflowing reservoirs continue to wreak havoc.  Our thoughts and prayers go out to each of you. Online resources abound for everything from insurance filing to accessing your personal health records. Here are a few we thought would be m ...

Flooding: Are You Prepared?

Here in Texas, the Gulf Coast is about to take a direct hit from a hurricane that is expected to dump up to 30 inches of rain in some locations and up to 10 inches across large areas. That kind of rain will definitely cause serious flooding.  It's a little late for the Texas coastal bend area and the large inland areas that will be hit the hardest to take planning steps for disaster recovery. They're in emergency evacuation mode already, protecting life and reducing property damage. What we can learn from ...

What happens when someone submits a HIPAA complaint?

You may not realize how easy it is for someone to submit a complaint about your organization. However, if you are not prepared, what happens after that submission is not something you will soon forget! This is why HIPAA compliance must be a culture and not just a piece of paper. While someone WILL submit a complaint against you at some point, if you have a culture of compliance in place, there should be little to no effect on your business. If you just run through a simplified checklist once a year, howeve ...

An Ounce of Prevention – Why HIPAA Guidelines should be your standard operating procedures

The American Heart Association lists heart disease as the #1 cause of death in the US with nearly 800,000 deaths per year. In comparison, more than 3.1 million patients have been impacted in the first half of 2017 by a data breach that led to the theft of protected health information (PHI). That's right — in half the time, nearly four times as many people have been impacted by an information breach as have died from heart disease! Yet an estimated two thirds of medical practices remain at risk of bei ...

Texas Healthcare Privacy, Security Focus in Recent Partnership

HealthITSecurity August 16, 2017-Texas covered entities will now have assistance in working toward healthcare privacy and security compliance measures through a recent partnership between the Texas Health Services Authority (THSA) and Third Rock Incorporated. THSA will utilize Third Rock’s cloud-based compliance management platform, which “streamlines and automates the privacy and security compliance process,” according to a THSA statement.     ...

World War III via Pacemakers

We're all smart enough to know the U.S. and the American way of life is under continuous threat by terrorist and underdog countries.  What we probably don't think about is ways those countries are fighting us on a regular basis.  It's not with bullets and bombs; it's with cyber crimes!  They have already stolen Federal employee information, including those employees' health records.  Foreign governments have incriminating evidence on many of these people's private lives. Do you remember the Allison ...

Incidental Exposures – What are they and what is their impact?

A number of customers contacted me recently concerning possible breaches and what they should do.  After reviewing their situations, these were actually incidental exposures.  What is an incidental exposure? It is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.  Typical examples of such in the healthcare setting include conversations between patients and doctors where comp ...

1 2 3 4 5 6 7 8 9 20