Archive | May, 2013

How to Prepare for a Privacy/Breach OCR Audit or Investigation

Did you know that the majority of data breaches result from insider actions and not outside hackers? Only five percent of the breaches on the Department of Health and Human Services Wall of Shame are the result of Hacking/IT Incident or Unknown. The other 95 percent of breaches can be prevented through proper controls. Breaches by workforce members include unauthorized access or disclosure, theft, loss, or improper disposal. Watch this informative webinar to learn how to know exactly where your organization stands with the HIPAA Privacy Rule. Learn how to prepare for a Privacy or Breach OCR Audit or Investigation.

Continue Reading

The Truth About HIPAA-HITECH Data Backup Requirements

Are you meeting the HIPAA Security Final Rule requirements for Data Backup and Recovery? Are you confident you can recover exact copies of critical patient data? If you receive, store, process or transmit ePHI, watch this webinar on how to meet the HIPAA-HITECH data backup and recovery requirements. Learn The Truth About HIPAA-HITECH Data Backup Requirements!

Continue Reading

HIPAA Audit Tips – HIPAA New Year 2013 Resolutions

It’s that time of year when we make lists about more physical activity, better eating habits, finding a new job, paying off debs, going back to school, etc. For those in healthcare (Covered Entities) or those serving the healthcare industry (Business Associates and their agents/subcontractors), it’s time to make some HIPAA-HITECH compliance resolutions. And, be better prepared for the continued rise in OCR Audits and Investigations. Here’s today’s big tip – Consider Making Your List of HIPAA – HITECH Compliance Resolutions, Starting with Our List!

Continue Reading

HIPAA Audit Tips – Key Points from OCR Head 12-13-2012 Talk in Boston

Healthcare IT News and HIMSS Media joined forces to create and hold The Privacy & Security Forum on December 12-13, in Boston. Among other speakers, Leon Rodriguez, head of the Office for Civil Rights (OCR), spoke and was interviews by Healthcare IT News in a brief 7 1/2 minute segment that’s well worth the listen. The event and interview provided great insight into next enforcement activities and plans by the OCR. Here’s today’s big tip – Listen to Leon’s comments about risk analysis!

Continue Reading

Android Security and The Tools I Use – JEB

There are quite a few tools readily known to the Android reversing community. The primary one is most likely smali/baksmali. It’s an open source tool which will decompile/compile an android dex format which is used by dalvik the native Android VM, into a format known as smali, which is very similar to an assembly language. […]

Continue Reading

HIPAA Audit Tips – Know What De-Identification of PHI Really Means

On Monday, November 26 HHS / OCR issued what some call long-overdue “Guidance Regarding Methods for De-identification of Protected Health Information (PHI) in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule”. I found the guidance not only a deep-dive into what might be considered arcane subject matter, but also a great review of some foundational concepts about Privacy and PHI always helpful in preparing for audits or investigations. Here’s today’s big tip – Have at least a scan at this De-Identification Guidance!

Continue Reading

HIPAA Audit Tips – Do a Privacy Assessment!

Preliminary OCR observations on the first proactive audits highlighted weaknesses in Privacy training, safeguards, policies & procedures, sanctions, training and mitigation. Make no mistake about it, the HIPAA Privacy Rule is well within scope of the HITECH-mandated audits and the findings are interesting, but certainly not surprising. Learn more! Here’s today’s big tip – Do a Privacy Assessment!

Continue Reading

HIPAA Texas Style HB 300 is Here

HIPAA is considered a non-preemptive Federal Statute and, therefore, only sets a “floor” for privacy, security and breach notification requirements. That is, individual states may pass–and have passed–their own legislation and regulations that exceed HIPAA requirements. At this writing, 46 states, the US Virgin Islands, the District of Columbia and Puerto Rico have passed such laws.

Continue Reading