Is Your Org HIPAA Smart?

Personally Identifiable Health Information (PHI) has value on the black market. The hacking community has continued to demonstrate increased sophistication and stealth with regards to obtaining that information. The HIPAA Privacy and Security Rule provide Healthcare Entities direction and regulation for minimizing reputational and financial risk. Yet, given these facts, a recent survey of HIPAA compliance conducted by NueMD revealed nearly half of the responders haven’t taken this situation seriously.

Only 58% of the responders indicated they had a compliance ...

Continue Reading
0

Lessons Learned from the Sony Hack

The recent Sony hack demonstrates again, what can happen to an organization who doesn’t take a more serious approach to information security. This latest breach has significant financial consequences. Exposed executive communications, publication of prerelease films and the cost to respond all negatively affect Sony’s bottom line. The lessons learned from the Sony breach apply to all businesses, including healthcare providers.

In his recent post, Timothy B. Lee of Vox discusses what we’ve learned from this hack.

Invest in network security. Most ...

Continue Reading
0

Six Ways to Stay HIPAA Compliant

Keeping HIPAA compliant is just as important as your original HIPAA Security Compliance kickoff. HIPAA Security Compliance is an ongoing process- not a destination. One way to keep the ball rolling is to follow the recommendations from a recent HealthITSecurity post.

  1. Enlist professional help.
  2. Conduct an annual risk assessment.
  3. Conduct frequent penetration testing and vulnerability scans.
  4. Ensure application security.
  5. Educate employees.
  6. Review your Business Associate Agreements.

Orion Group Managed Services offers HIPAA, PCI and Meaningful Use consulting support and can assist you in all six areas described ...

Continue Reading
0

Holiday Scams

Help your associates be particularly vigilant this holiday season, reminding them of what is sure to be a scam-filled and risky couple of months.

The HIPAA Security Rule requires “security awareness and training program for all members of the workforce (including management).” Part of creating that awareness may include regular or targeted reminders of the best practices you’ve put in place in terms of IT Acceptable Use Policies. Use the article recently published by Christine DeGangi from Credit.com as an email ...

Continue Reading
0

So Sue Me!

“Failing to collect payment for treatment, a medical group sent a patient to collections. In providing the unpaid bills to the collections attorney, practice staff failed to redact sensitive information. When the attorney filed the bills with the court as part of the collection action, the patient’s HIV status became public record. The patient sued the practice and won. The jury awarded $1.25 million in damages.”

What struck me in this recent Journal of AHIMA article, HIPAA Violation? Sue Me, ...

Continue Reading
0

Audited? OCR Will Look First for Your Risk Assessment

If you’re audited, the first piece of documentation the OCR auditor will ask for is your risk assessment. The second thing they’ll require is your risk mitigation action plan. Will you be able to produce these documents in any meaningful form?

At a recent NIST (National Institute of Standards and Technology) and OCR (Office of Civil Rights) conference, OCR Director, Jocelyn Samuels, reviewed key requirements for CE (Covered Entities) and BA (Business Associates). OCR will “want to see … policies and ...

Continue Reading
0

Who’s Watching the Shop?

Like traffic cops, compliance managers make sure their employers understand and conform to all relevant industry laws and regulations. As a healthcare provider, there are multiple laws and regulations you must address. For instance, if you take credit card information for payment, you are obligated to comply with Payment Card Industry, Data Security Standards. DHHS has mandated that HIPAA privacy and security standards be adopted and Meaningful Use objectives Stage 2 are in effect that include compliance to health information ...

Continue Reading
0

Is HIPAA Doing What It’s Supposed To Do?

Many general managers still view HIPAA compliance as an unwanted and unneeded overhead cost – a distraction from providing quality patient care and bolstering the bottom line. They resent the federal ‘big stick’ and would rather have the autonomy to implement security as they see fit.

The problem with this approach is twofold. First, like many other industries, investment in information security is usually poorly planned and funded. Today’s sophisticated cybercriminal has easy pickings on the global internet smorgasbord. Second, the ...

Continue Reading
0

Preventing Deliberate Theft of ePHI

All the security tools in the world won’t stop a determined employee from stealing ePHI. You can dramatically lower the risk, however, by taking the following precautions described in a recent posting at Data Breach Today.

Like all information security actions, take a multi-pronged approach. Restrict access on a need-to-know basis, do background checks, create ‘secure zones’ where electronic-protected health information cannot be accessed, implement data loss-prevention technology to restrict the use of USB ports and email, have ...

Continue Reading
0

How Does $20 per EMR Sound?

All of you are working on HIPAA Security Compliance initiatives, primarily driven by Federal and State requirements.  You are motivated by the penalties and remediation costs you could incur with an exposed breach.  While HIPAA Security Compliance makes for a reasonable baseline goal, HIPAA security does not go far enough in our mind to lower your risk substantially.

ePHI represents a substantial revenue stream for driven, organized, international  hacker groups.  According to a recent article, BitSight Technology indicates that a patient ...

Continue Reading
0
Page 5 of 6 «...23456