HIPPA

What every organization should know about HIPAA

What Is The HIPAA Privacy Rule? Accoprding to HHS.gov, "The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically." In other words, the privacy rule sets forth standards to protect health related information specifically controlled by organizations that handle electronic forms of medical records. What is the HIPAA Security Rule? Also according to HHS.gov, "The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or [...]

By | 2014-09-30T08:25:37+00:00 September 30th, 2014|Compliance, Data Breach, HIPPA, Information Security, Research|0 Comments

HHS Enforces Penalties for Losing Less Than 500 Patient Records

The Hospice of Northern Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Source: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.html HONI reported that an unencrypted laptop was stolen in 2010 and that it contained 441 patient records.  HHS began an investigation and discovered that HONI had not performed a risk analysis to safeguard their PHI nor did it have any policies or procedures in place regarding mobile device security which is required by HIPAA. The HITECH breach notification rule requires covered entities [...]

By | 2014-09-17T08:59:20+00:00 September 16th, 2014|Compliance, Data Breach, HIPPA, Information Security|0 Comments

Is the healthcare industry a target?

Many of the clients we work with are either a medical service provider or a vendor to medical service providers.  If they are creating, transmitting or storing patient data, then they are a covered entity and therefore liable for compliance to HIPAA.  What we often find is that clients are under the impression that HIPAA provides a set of specific instructions for how to secure a network and protect data.  What they find out is there isn't a yellow brick road leading to compliance.  HIPAA lays out the results of information security efforts that are expected, but the clients are [...]

By | 2014-09-18T12:57:21+00:00 September 10th, 2014|Compliance, HIPPA, Information Security|0 Comments

Study: Cost of Data Breaches Increasing

A study published by Ponemon Institute, and sponsored by IBM, purported that the average total cost of data breaches increased 15% in the last year to $3.5 million, or $145 per record containing protected information.  The study included participants from 314 companies in at least 10 countries.  There are a number of key facts that the study shows regarding reduction factors in the cost of a breach, as well as factors that increase the cost.  The study found that appointing CISO, maintaining a business continuity management program, and developing an incident response program can reduce the cost per record of a [...]

Apple iOS and Email Attachment Encryption: A Question of Compliance

UPDATED: 7/1/2014 Apple has released iOS 7.1.2 which is supposed to resolve the issue where a user can access unencrypted mail attachments.  We recommended updating all Apple mobile devices as soon as possible. It was reported a few days ago by Andreas Kurtz, that since iOS 7.0.4  and including the most recent Apple iOS 7.1.1 email attachments using the native mail clients are not encrypted.  He was able to access these files even though the device's disk is encrypted.  What does this mean for compliance?  How many users are emailing patient information (HIPPA), finance data or other protected data thinking that their devices [...]

Missing Thumb Drive Compromises User Data

Do you have policies in place to protect your client's data?  Do you verify that your employees are following those policies?  It was reported that nearly 19000 users were compromised because someone lost a thumb drive that was not encrypted, even though there was a policy in place saying it should have been.  Read More Do you need help creating or reviewing your policies?  Do your policies meet regulations? [av_button label='We can help' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']