By Matt Fisher – A common area of HIPAA that receives a lot of attention by organization is the Security Rule. The focus is driven by the requirement to implement various policies, procedures, and processes to secure the protected health information in each organization’s possession.
Read More
By Art Gross – Patient care in a digital age means that most information is stored electronically. These records, known as electronic Protected Health Information, are collected as EHRs and then stored in a variety of systems. With the HIPAA in mind, how do you maintain security around the ePHI beyond the EHR?
By Matt Fisher – The aim of the recent Getting Back to Basics post was to re-establish the key fundamentals of how HIPAA operates. To summarize in a sentence, HIPAA applies to certain defined entities working or interacting with healthcare information related to an individual.
An SRA is a requirement under the HIPAA Security Rule, which directs covered entities and business associates to conduct a thorough and accurate assessment on the risks and vulnerabilities to ePHI. Join us and register for this event to learn more.
By Matt Fisher – At some point in time most group practices, hospitals or other provider organizations will receive a letter from the OCR. The letter will state that OCR received a complaint from a patient, employee or some other party with knowledge or information as to alleged acts at the healthcare organization.
By Matt Fisher – The Breach Barometer published monthly through the joint effort of Protenus and Databreaches.net provides a fair amount of insight into data breach happenings.
By Matt Fisher – A healthcare organization compare a number of vendors, product features and gets close to choosing one. Just before making the ultimate decision, someone asks, what about HIPAA?
HITRUST announced the creation of a Threat Catalogue to aid healthcare organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF risk factors and controls.
By Art Gross – In a cruel twist of fate, health care entities are being phished using an OCR (HHS Office of Civil Rights) email as the bait. Here is the context: HHS/OCR is the governmental entity in charge of enforcing the HIPAA statutes.