Steve Spearman

How to Respond to a Stolen Device

By Steve Spearman – When we look at all of the high profile HIPAA breaches that happened in the past year, it’s easy to think that HIPAA breaches only happen at large practices, or at least that they only happen to other large practices. it’s easy to think that a security breach cannot happen to your practice until after the breach has happened.

Read More

8 Questions about Vendors Auditors Ask

By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.


A Hacker’s Thoughts on How to Build Stronger Network Security

By Steve Spearman – Aaron Hayden is one of CliftonLarsonAllen’s 40 penetration testers, ethical hackers who try to gain access into your company’s computer network just like a malicious hacker would in order to test your company’s network security, identify your network’s most glaring weaknesses, and then report their findings to you so you can address the issues more effectively.


Finding a New Security Framework

By Steve Spearman – In a recent article titled How One Hospital Made a Security Framework Work for Them, security consultant Brian Evans says that it is common for organizations in the healthcare industry to have such a hard time compensating for the weaknesses of its current security framework, that it does not have the time needed to select a new one.





Random HIPAA Audits are Coming

By Steve Spearman – Last week, in Washington, D.C., NIST and OCR held their 8th annual Safeguarding Health Information: Building Assurance through HIPAA Security seminar. Here are some of the major takeaways and big announcements that came out of that conference.


Debating HITECH’s Influence on EHR Use

By Steve Spearman – Earlier this summer, the Journal of the American Medical Informatics Association (JAMIA) published a paper titled Impact of the HITECH act on physicians’ adoption of electronic health records, that analyzed how well HITECH has incentivized doctors to make the leap into EHR.