Missing the Target of HIPAA – Part 3

If you haven't read my previous two blogs on this topic I encourage you to do so.  The first blog stresses the importance of being risk management proficient over being a HIPAA “expert”. The second blog deals with being accountable in your work actions, which means not only are you responsible for your actions, but your actions can be independently verified.  These two “factors” can go a long way to protecting your organization from the risks of a breach and from substantial penalties and fine ...

Cybersecurity: Have you hardened your systems?

We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies.  We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the ...

The greatest threat comes from within

Sometimes it is easy to forget that the greatest threat is from within. In today’s focus on cyber-security world, we tend to focus on keeping people out of our network as a primary method to keep our sensitive data, such as ePHI, safe. While that is incredibly important, we should make sure not to overlook the threat posed by those we do grant access. How much of a threat is it? Well, roughly half of all attacks originate from inside the company - and not all are with malicious intent. Part of the prob ...

Missing the Target of HIPAA

Universally when working with new clients, they tell me, “I can’t learn all these HIPAA regulations and requirements.  I don’t have the time or the desire to be an expert on HIPAA!”  My response is, “That is absolutely correct!  You shouldn’t be an expert on HIPAA; that is my job.  What you and all your staff should be is risk management proficient.” Most times that draws the deer-in-the-headlights stare.  Not much comfort is taken from my response. Usually the conversation proceed ...

HIMSS17 – OCR’s Expectations for HIPAA Compliance

Lessons Learned at HIMSS17 The Office for Civil Rights (OCR) made it clear at HIMSS17 - it’s time for the healthcare industry to take action NOW.  Here are the top messages we heard across multiple presentations by HHS (OCR, CMS), FDA, FTC, law firms, and cyber security firms. The following were made very clear to attendees.  Please note, these are not all from HHS, some were heard multiple times from various sources.  The point is, learn and take action. Ignorance of the HIPAA law is no e ...

Culture of Compliance Awarded to The Urology Team

Ada and Cindy leading the efforts to protect patient data and The Urology Team practice. Third Rock is pleased to recognize The Urology Team, a well-known and respected Austin-based medical practice, with the Culture of Compliance Award. This is the first time Third Rock has presented this award which recognizes healthcare providers who have embraced HIPAA privacy and security practices so thoroughly that they are engrained in their corporate culture and standard processes. The Urology Team engaged T ...

Rentsys, Third Rock to Offer Guidance for HIPAA Compliance in DRJ Webinar

FOR IMMEDIATE RELEASE Rentsys, Third Rock to Offer Guidance for HIPAA Compliance in DRJ Webinar College Station, TX – February 07, 2017 – With cybersecurity concerns increasing the urgency for healthcare organizations to comply with the Health Insurance Portability and Accountability Act (HIPAA) security requirements, Brandon Tanner, senior manager for Rentsys Recovery Services, and Robert Felps, CEO/CISO for compliance and risk management firm Third Rock, will be offering guidance for HIPAA compli ...

HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Third Rock is seeking HIPAA partners and consultants

Third Rock is seeking HIPAA partners and consultants! If you are a HIPAA guru like us, working to help physicians, covered entities, and business associates complete their HIPAA requirements in a simple and worry-free manner, we would love to talk with you! Our CompassDB platform combines annual security risk analysis (SRA), remediation tracking and guidance, customized policies and procedures, BA Management, training logs and other HIPAA necessities in one easy-to-use portal for each of your customers. ...

HIPAA’s “Last Mile” Challenge

The phrase “last mile” is commonly used across many industries to denote the final leg of a project or process - reaching the goal! More often than not, it’s referring to the most difficult part of the journey.  In logistics, it is delivering your iPhone made in China to your doorstep in rural Texas.  In the communications industry, it is installing the last few hundred yards of new optical fiber cabling for high speed internet to your home or office that is extremely costly and disruptive.  And li ...

1 2 3 4 5 6 7