By Steve Spearman – When we look at all of the high profile HIPAA breaches that happened in the past year, it’s easy to think that HIPAA breaches only happen at large practices, or at least that they only happen to other large practices. it’s easy to think that a security breach cannot happen to your practice until after the breach has happened.Read More
By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.
By Steve Spearman – Aaron Hayden is one of CliftonLarsonAllen’s 40 penetration testers, ethical hackers who try to gain access into your company’s computer network just like a malicious hacker would in order to test your company’s network security, identify your network’s most glaring weaknesses, and then report their findings to you so you can address the issues more effectively.
By Steve Spearman – In a recent article titled How One Hospital Made a Security Framework Work for Them, security consultant Brian Evans says that it is common for organizations in the healthcare industry to have such a hard time compensating for the weaknesses of its current security framework, that it does not have the time needed to select a new one.
By Steve Spearman – The Office of Civil Rights (OCR) has issued a press release saying that following a security breach, Massachusetts-based Lahey Hospital and Medical Group has agreed to a settlement with OCR that requires it to pay $850,000 and make a “robust” corrective plan to restructure its HIPAA compliance strategy.
By Steve Spearman – Cyber security news site Dark Reading recently posted an article outlining data breaches from the last decade. They reported that the healthcare industry has had more security breaches than any other industry in the past ten years.
By Steve Spearman – Access controls are mechanisms that appropriately limit access to resources. Having and maintaining access controls are a critical and required aspect of HIPAA compliance, They also help authenticate and ensure the integrity of your EHR,
By Steve Spearman – Last week, in Washington, D.C., NIST and OCR held their 8th annual Safeguarding Health Information: Building Assurance through HIPAA Security seminar. Here are some of the major takeaways and big announcements that came out of that conference.
By Steve Spearman – Earlier this summer, the Journal of the American Medical Informatics Association (JAMIA) published a paper titled Impact of the HITECH act on physicians’ adoption of electronic health records, that analyzed how well HITECH has incentivized doctors to make the leap into EHR.