Archive | March, 2011

Seriously, are your business associates HIPAA-HITECH compliant?

 A few weeks ago I predicted that covered entities will soon require business associates and subcontractors to meet minimum HIPAA-HITECH compliance standards in order to be considered for a contract.  And, after the largest breach so far under the HITECH Act breach notification was reported last week, other security experts are speaking in the same […]

Continue Reading

Missing the goal

One of the things that we are faced with is meeting goals that often change depending on lots of different things. Current threats, business goals/needs, projects, etc… We all have the ultimate goal of securing the data and systems that we are responsible for, at least I’d hope that we all shared that common goal. […]

Continue Reading

HITECH=Hey It’s Time to End Your Compliance Holiday!

It seems that the pending finalization of the Notice of Proposed Rulemaking (NPRM) – Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under HITECH is not enough to cause action on the part of Covered Entities (CEs), Business Associates (BAs) and their subcontractors to ensure the privacy and security of Protected Health Information (PHI).  This […]

Continue Reading

HITECH Means Hey It’s Time to End Your Compliance Holiday!

It seems that the pending finalization of the Notice of Proposed Rulemaking (NPRM) – Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under HITECH is not enough to cause action on the part of Covered Entities (CEs), Business Associates (BAs) and their subcontractors to ensure the privacy and security of Protected Health Information (PHI).  This […]

Continue Reading

…and then there’s complete paranoia

Here’s some common sense advice on how to implement your firewalls. These are some vendor’s best practices; these are words of wisdom from someone who’s been there, done that, and learned the hard way what works, and what doesn’t. It might make an auditor’s head spin; it might make paper-CISSP tsk-tsk, but it will also make your job a lot easier, and won’t violate any RFCs.

Continue Reading

Security Must be a Priority

The Ponemon Institute just released a new benchmark report on health data security and the findings are troubling. Health Data Management reports that the survey focused on adherence to HITECH Act privacy and security requirements; senior managers indicate that adherence is low. In fact, leaders at 65 provider organizations indicated that a significant number of […]

Continue Reading