Show All

Sep 15, 2017 9:00:00 AM

CMS May Want Their Money Back

The old adage, "Money can make you do crazy things," can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered by the U.S. government several years ago to implement electronic health record (EHR) systems at hospitals and other healthcare organizations. In order to qualify for these incentive payments, healthcare organizations were required to carry out regular security risk assessments to show they were meeting the HIPAA Security Rule requirements. While a large number of healthcare organizations properly followed the rules and carried out the security risk assessment required, a select number received the incentives without doing so.

Continue reading >

Topics: Risk Assessment, HIPAA, HITECH

Mar 31, 2016 10:00:00 AM

HIPAA Audits Are Coming!

Please pardon me, but I feel a little like a modern-day Paul Revere alerting you to the start of the second wave of HIPAA compliance audits.

Continue reading >

Topics: Audit, HIPAA, Information Security

Nov 12, 2015 11:00:00 AM

Employee Training is Key to Online Data Security

Your employees are your greatest asset – and your greatest cybersecurity risk. That statement may sound harsh, but hackers often prey on unwary employees because employees can provide easy access to otherwise secure systems.

Remember the Anthem breach earlier this year? Hackers gained access to nearly 80 million consumer records containing personal data, at least in part, by using stolen employee credentials such as user IDs and passwords. It’s likely that Anthem employees unknowingly handed over their credentials online or inadvertently allowed hackers to insert malware into company systems. 

Continue reading >

Topics: HIPAA, Training, Cybersecurity

Oct 22, 2015 10:00:00 AM

10 Tips to Prepare for Electronic Health Records Audits

Has your organization secured all its electronic healthcare records? If not, don’t wait to put the proper policies and procedures in place.

If you’ve already secured your EHR, then make sure that you’re ready for an audit by the Office of Civil Rights.

I wrote in my last blog that the OCR is being more aggressive in ensuring that the HIPAA regulations governing EHR security are being enforced. The OCR’s plan includes conducting audits of both healthcare organizations and their business associates, starting next year. 

Continue reading >

Topics: Electronic Health Records, HIPAA, Cybersecurity

Sep 24, 2015 12:00:00 PM

HIPAA Enforcement of Electronic Security to Increase

Just this year, security breaches for healthcare information have been massive:

Continue reading >

Topics: Electronic Health Records, HIPAA, Cybersecurity

Aug 20, 2015 1:00:00 PM

5 Tips for Managing HIPAA Business Associate Risks

Recently, thousands of medical transcripts detailing the medical histories of children and adults, as well as notes made by doctors and psychiatrists, were publicly listed on an Internet search engine. Without proper encryption, confidential and extremely personal information was exposed to anyone who wanted to access it.

Continue reading >

Topics: HIPAA, IT Risk

Jul 2, 2014 10:00:00 AM

Not All HIPAA Violation Cases Make the News, Here's Why

The recent $4.8 million HIPAA settlement story about New York and Presbyterian Hospital (NYP) and Columbia University (CU) caught my eye for a number of reasons. It’s the largest HIPAA settlement to date and the cause was unusual.

In the NYP and CU case, the breach was caused by a physician who owned a server in a data network where the network and firewall are shared and administered by the two medical centers. Bring your own device (BYOD) policies carry certain technology risks along with it, but those risks are magnified when the device in question is a network server!   

Continue reading >

Topics: Regulations, HIPAA