Stay in the know
Lack of Awareness – Still a Barrier to Cybersecurity Effectiveness
A recent study conducted by HIMSS Analytics and reported in the HIPAA Journal indicated that more than 78% of the IT executives, managers, and staff surveyed identified employees’ lack of security awareness as a primary concern – despite 85% of the same survey...
Cybersecurity: Have you hardened your systems?
We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies. We know the focus of the assessment needs to be security;...
The greatest threat comes from within
Sometimes it is easy to forget that the greatest threat is from within. In today’s focus on cyber-security world, we tend to focus on keeping people out of our network as a primary method to keep our sensitive data, such as ePHI, safe. While that is incredibly...
Why your Meaningful Use SRA is not enough
Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement. The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to...
Missing the HIPAA Target – Part 2
In my previous blog, I stressed compliance is not about being an expert on HIPAA regulations, but being risk management proficient ― the ability to identify vulnerabilities and threats facing your organization, and to take steps to eliminate, minimize or manage...
5 Tips for Creating an Information Security Culture
Engaging clinical staff in information security can be an uphill challenge. For people doing the tangible, social, and physical work of healthcare, a Security Officer’s cautions regarding the invisible threat of cyber-theft can seem like science fiction paranoia....
One small step for man, one giant leap for privacy!
“To err is human”… a pretty obvious statement. So if we all know we are going to make mistakes, why not add an extra level of security to mitigate the effects of the mistake? I am sure we have all been in the predicament of sending John C. an email, but when we...
Focus on Security: Special Cyber Security Briefing Event
PLEASE JOIN US ON FRIDAY, MARCH 24TH, 7:30 am -8:30 am Kerby Lane Round Rock, 2120 N Mays St, Round Rock, Tx for a BUSINESS OWNER AND LEADERSHIP BRIEFING on CYBER SECURITY ISSUES THAT ARE IMPACTING SMALL AND MID-SIZED BUSINESSES IN CENTRAL TEXAS Here’s why we think...
HIMSS17 – Are medical devices the weak link in cyber security?
According to a post on HIPAA Journal, 60% of healthcare organizations have already introduced networked medical devices into their technical infrastructure. Networked medical devices are the healthcare version of the “internet of things” (IoT) – smart devices that...
Missing the Target of HIPAA
Universally when working with new clients, they tell me, “I can’t learn all these HIPAA regulations and requirements. I don’t have the time or the desire to be an expert on HIPAA!” My response is, “That is absolutely correct! You shouldn’t be an expert on HIPAA;...