Overwhelmed by HIPAA? Compliance is a Process, Not an Event

Like most major change initiatives, HIPAA compliance doesn’t happen in a day. It requires change by every person in the organization. Everyone who touches PHI (protected health information) must develop new work habits to keep PHI secure…Staff who answer phones, schedule appointments, and check patients in have to maintain patient confidentiality in very public work stations…IT staff must implement new technical safeguards and continually monitor systems…Managers must learn the new roles of P ...

Missing the Target of HIPAA – Part 3

If you haven't read my previous two blogs on this topic I encourage you to do so.  The first blog stresses the importance of being risk management proficient over being a HIPAA “expert”. The second blog deals with being accountable in your work actions, which means not only are you responsible for your actions, but your actions can be independently verified.  These two “factors” can go a long way to protecting your organization from the risks of a breach and from substantial penalties and fine ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...

HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

  Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later. Ther ...

Experian predicts more pain and suffering for healthcare industry

Experian released their fourth annual 2017 DATA BREACH INDUSTRY FORECAST. It covers several industry specific predictions, including Healthcare.  If you haven't heard, healthcare is under attack and it's going to be full on war in 2017.  The cyber attackers are expected to re-invest funds to create more sophisticated software and better targeting of data to steal. A few points made in the report: Protected Healthcare Information (PHI) or patient records are one of the most valuable sources of data ...

Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign. The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE   Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf. The overarching focus of CompassDB™ is to reduce the cost ...

Third Rock Announces CompassDB™ – A Comprehensive Compliance Management Platform

Austin, TX, - Aug. 3, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced CompassDB™ their compliance management platform.  CompassDB™ is designed to significantly reduce the cost and burden of HIPAA compliance for all parties involved.  Consulting firms who provide compliance services, and the clients, Covered Entities and Business Associates on which HIPAA regulations are focused, all will benefit. CompassDB™ is a cloud solution that provides safe, secure, web based s ...

1 2 3 4