HIPAA

The Human Factor

Effective security management combines technical protection with human factor engineering. Would you be surprised to learn that exploiting human flaws contributes to a greater majority of system hacks than technical breaches? That’s right. If you’re only focusing on system-level protection, you’re leaving a huge gap in your security framework.

According to a recent report from Proofpoint, The Human Factor 2015, “most advanced attacks rely as much on exploiting human flaws as on exploiting system flaws.” End users, who use email, interact ...

Continue Reading
0

Are Your BC/DR Plans Ready?

Business continuity and disaster recovery (BC/DR) planning is important for mitigating potential issues like natural disasters, in-house theft, and targeted cyber-attacks. Any service outage or data loss can affect sales and the future of your enterprise. In addition, this is a requirement for HIPAA Security compliance.

At a minimum, you can address this requirement by following these steps:

  • Define the potential business impact of downtime and/or data loss
  • Examine existing requirements
  • Develop and prioritize a plan of action
  • Commit (funding, resources, etc.) to executing that ...
Continue Reading
0

Data Privacy Fails at the U.S. Government

The U.S. government recently discovered that up to 14 million government employee records were hacked by sophisticated Chinese agents. The extent and root cause of the breach is still under investigation. The implications for these employees and the U.S. government are serious. Lawmakers are berating the government for allowing such a breach to occur and for ignoring repeated warnings about weaknesses in the government’s computer networks. Many privately owned businesses have been just as negligent with data protection ...

Continue Reading
0

The Insider Threat

Of all the threat vectors an organization can experience, the insider threat is one of the most overlooked. Employees may either by accident or through malicious intent cause a security breach. Read the following real-life scenarios to determine if they could occur in your organization.

Malicious theft from airline

A case cited in a paper titled ‘Security beyond the firewall’ highlights the danger of not fully depriving former employees of access to IT systems. A senior employee left Air Canada and ...

Continue Reading
0

Focus on ePHI to achieve HIPAA security compliance

For all practical purposes, conducting a HIPAA security risk assessment is typically accomplished in layers. Initially, the first step takes a first pass at each HIPAA security compliance requirement. While this puts a CE (covered entity) on the path of security management and compliance, efforts to reduce risk shouldn’t stop there. With each successive iteration of the risk assessment (most CEs do this annually), improved security is addressed by defense in depth analysis. One approach is to focus on the ...

Continue Reading
0

See Your Company Through the Eyes of a Hacker

HIPAA security compliance is only one approach to protecting your data- as I’ve stated in prior posts, it is foundational only. It’s a start. It doesn’t fully represent a proactive approach to information security management. Covered Entities, even if HIPAA security compliant, do not do an adequate job of protecting their ePHI. One approach to improve this performance gap is to evaluate your security posture through the eyes of a hacker.

In a recent Harvard Business Review article, Nathaniel ...

Continue Reading
0

A View from the Top (OCR)

Did you know you can keep your finger on the pulse of HIPAA breach activity in the U.S.? Understanding other CE breach events, their discovery, remediation actions and fines will help move your HIPAA compliance program along.

The U.S. Department of Health & Services (HHS.gov) Office of Civil Rights (OCR) publishes a variety of metrics regarding their HIPAA compliance enforcement – Enforcement Results by Calendar Year, Enforcement Results by State, and the Continue Reading

0

Is Your Org HIPAA Smart?

Personally Identifiable Health Information (PHI) has value on the black market. The hacking community has continued to demonstrate increased sophistication and stealth with regards to obtaining that information. The HIPAA Privacy and Security Rule provide Healthcare Entities direction and regulation for minimizing reputational and financial risk. Yet, given these facts, a recent survey of HIPAA compliance conducted by NueMD revealed nearly half of the responders haven’t taken this situation seriously.

Only 58% of the responders indicated they had a compliance ...

Continue Reading
0

Lessons Learned from the Sony Hack

The recent Sony hack demonstrates again, what can happen to an organization who doesn’t take a more serious approach to information security. This latest breach has significant financial consequences. Exposed executive communications, publication of prerelease films and the cost to respond all negatively affect Sony’s bottom line. The lessons learned from the Sony breach apply to all businesses, including healthcare providers.

In his recent post, Timothy B. Lee of Vox discusses what we’ve learned from this hack.

Invest in network security. Most ...

Continue Reading
0

Six Ways to Stay HIPAA Compliant

Keeping HIPAA compliant is just as important as your original HIPAA Security Compliance kickoff. HIPAA Security Compliance is an ongoing process- not a destination. One way to keep the ball rolling is to follow the recommendations from a recent HealthITSecurity post.

  1. Enlist professional help.
  2. Conduct an annual risk assessment.
  3. Conduct frequent penetration testing and vulnerability scans.
  4. Ensure application security.
  5. Educate employees.
  6. Review your Business Associate Agreements.

Orion Group Managed Services offers HIPAA, PCI and Meaningful Use consulting support and can assist you in all six areas described ...

Continue Reading
0
Page 1 of 3 123