Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE  Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf.The overarching focus of CompassDB™ is to reduce the cost ...

HHS Releases New Guidance on Ransomware

One of the top newsmakers of 2016 has been ransomware.  During the first half of this year, ransomware grew 300% to 4,000 daily attacks! But several high profile attacks of hospitals really put it in the spotlight.  Although it has been around for several decades, in the past 4 years, Russian groups have further developed its capabilities and propagated its use worldwide. The dark web or darknet also significantly contributed to the increase in ransomware attacks due to its black market for such products. ...

OCR Levies fine for lack of business associate agreements

$1.55 million settlement and remediation  According to the HHS Office of Civil Rights, North Memorial Health Care of Minnesota failed to complete a security risk assessment or risk analysis nor did it have compliant business associate agreements.  The OCR considers these major cornerstones of HIPAA compliance.  The important thing to understand about the security risk analysis is that it now focuses on IT infrastructure.  Which means you must make sure you perform several key steps in the risk assessme ...

After the Risk Assessment, Then What? How Often Do I Need to Check?

As we noted previously, there are numerous requirements for HIPAA compliance.  A follow-up question often heard is “How often do I have to do these things?”Risk assessments officially need to be performed on an annual basis but regularly reviewing your risk remediation plan throughout the year is a business “best practice” for any organization.Policies and Procedures need to be reviewed and changed depending upon federal law changes and changes in your organization.  New processes, new tec ...

After the Risk Assessment, Then What? Planning for Emergency Events

As we noted previously, there are numerous requirements for HIPAA compliance.  Being prepared for future emergency events is often identified in the Risk Assessment as a HIPAA compliance requirement that needs to be addressed.Preparing for future events is often overlooked by many healthcare entities.  Just dealing with the issues of the day can take up the majority of your time.  However, being prepared for future events, besides being a HIPAA requirement, also makes good business sense.What HIP ...

HIPAA/HITECH Security Risk Analysis Myths and Facts

As we continue to work with more health care providers, covered entities, and business associates we see confusion about HIPAA/HITECH compliance requirements. Some providers are even in denial. They believe they are being compliant by just having staff take short on-line "HIPAA" training courses.  But that falls well short of what is required to be compliant, and many of these on-line training courses are not up to date with current HIPAA regulations, nor do they cover cyber-security, which is now a must h ...

Road Blocks to Creating Your Contingency Plan

Why Everyone Needs Help Creating a BC/DR (Contingency) Plan Creating a contingency plan is a huge undertaking.  It’s a major project for any company, small or large.  It’s a major project for any company, small or large; an integration effort which requires a large amount of time from experts across the company and often outside the company, including executives, managers, staff, vendors and consultants.While creating a contingency plan for a large health care provider I realized part of the pro ...