By Art Gross – In a groundbreaking development, the U.S. Department of Health and Human Services has reached a settlement with Lafourche Medical Group, a Louisiana-based medical facility, following a phishing cyberattack that compromised the electronic protected health information of nearly 35,000 patients.Read More
By Art Gross – A security risk assessment must be conducted to maintain HIPAA compliance per the Security Rule. A security risk assessment is also referred to as an SRA. It is a requirement for government plans such as Medicare, Obamacare, and Medicaid.
By Art Gross – The National Institute of Standards and Technology has provided updated guidance for the health care industry. Designed to help with electronically protected health information, they have created a new draft titled Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide.
By Art Gross – Patient care in a digital age means that most information is stored electronically. These records, known as electronic Protected Health Information, are collected as EHRs and then stored in a variety of systems. With the HIPAA in mind, how do you maintain security around the ePHI beyond the EHR?
By Art Gross – While mobile devices play a major role in how we stay connected to the world in our personal lives, they are also becoming increasingly popular in our work environments. Not only are mobile devices such as smartphones, tablets and laptops convenient in the workplace, but they can also help increase productivity.
By Jonathan Krasner – HIPAA data breaches can occur if ePHI is posted on an open web site. In that situation, not only is the ePHI available for viewing, it also can be indexed by an Internet search engine such as Google. Many data breaches have been uncovered by finding the unauthorized ePHI via a Google search.
Register today for these two upcoming web events we are hosting; one on cybersecurity and the other on navigating the reimbursement roadmap in a time of industry fluctuation and change.
By Bob Grant – HHS Office for Civil Rights has released new guidance about how HIPAA-beholden entities can better equip themselves to deal with ransomware attacks. Ransomware is a targeted kind of malware attack that takes data ‘hostage.’ The attackers responsible then give the organization a countdown to a time at which they expect to receive a ‘ransom’ in exchange for restored access to the withheld data.
By Gene Fry – The HIPAA conduit exception rule is only applicable to providers of purely conduit services who do not have access to protected health information (PHI) other than infrequently or randomly. For this reason, conduit providers do not have to sign a Business Associate Agreement (BAA). But what exactly is a conduit service, and when does the HIPAA conduit exception rule apply?