Did you know that the majority of data breaches result from insider actions and not outside hackers? Only five percent of the breaches on the Department of Health and Human Services Wall of Shame are the result of Hacking/IT Incident or Unknown. The other 95 percent of breaches can be prevented through proper controls. Breaches by workforce members include unauthorized access or disclosure, theft, loss, or improper disposal. Watch this informative webinar to learn how to know exactly where your organization stands with the HIPAA Privacy Rule. Learn how to prepare for a Privacy or Breach OCR Audit or Investigation.
Archive | May, 2013
On January 2, 2013, HHS posted a news release announcing the settlement agreement and $50,000 settlement amount assessed to Hospice of North Idaho. Here’s today’s big tip – learn 7 key lessons from this event (spoiler alert: completing a MANDATORY risk analysis is included in the list). Read more.
Are you meeting the HIPAA Security Final Rule requirements for Data Backup and Recovery? Are you confident you can recover exact copies of critical patient data? If you receive, store, process or transmit ePHI, watch this webinar on how to meet the HIPAA-HITECH data backup and recovery requirements. Learn The Truth About HIPAA-HITECH Data Backup Requirements!
It’s that time of year when we make lists about more physical activity, better eating habits, finding a new job, paying off debs, going back to school, etc. For those in healthcare (Covered Entities) or those serving the healthcare industry (Business Associates and their agents/subcontractors), it’s time to make some HIPAA-HITECH compliance resolutions. And, be better prepared for the continued rise in OCR Audits and Investigations. Here’s today’s big tip – Consider Making Your List of HIPAA – HITECH Compliance Resolutions, Starting with Our List!
Healthcare IT News and HIMSS Media joined forces to create and hold The Privacy & Security Forum on December 12-13, in Boston. Among other speakers, Leon Rodriguez, head of the Office for Civil Rights (OCR), spoke and was interviews by Healthcare IT News in a brief 7 1/2 minute segment that’s well worth the listen. The event and interview provided great insight into next enforcement activities and plans by the OCR. Here’s today’s big tip – Listen to Leon’s comments about risk analysis!
There are quite a few tools readily known to the Android reversing community. The primary one is most likely smali/baksmali. It’s an open source tool which will decompile/compile an android dex format which is used by dalvik the native Android VM, into a format known as smali, which is very similar to an assembly language. […]
On Monday, November 26 HHS / OCR issued what some call long-overdue “Guidance Regarding Methods for De-identification of Protected Health Information (PHI) in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule”. I found the guidance not only a deep-dive into what might be considered arcane subject matter, but also a great review of some foundational concepts about Privacy and PHI always helpful in preparing for audits or investigations. Here’s today’s big tip – Have at least a scan at this De-Identification Guidance!
Sitting in the back of a dimly lit conference room for a client team meeting, I listened as each team member introduced themselves. I watched the reactions of their colleagues. Standing at the front of the room, the leader smiled and offered encouragement to everyone. As the line snaked to the front corner, he called […]
Preliminary OCR observations on the first proactive audits highlighted weaknesses in Privacy training, safeguards, policies & procedures, sanctions, training and mitigation. Make no mistake about it, the HIPAA Privacy Rule is well within scope of the HITECH-mandated audits and the findings are interesting, but certainly not surprising. Learn more! Here’s today’s big tip – Do a Privacy Assessment!
HIPAA is considered a non-preemptive Federal Statute and, therefore, only sets a “floor” for privacy, security and breach notification requirements. That is, individual states may pass–and have passed–their own legislation and regulations that exceed HIPAA requirements. At this writing, 46 states, the US Virgin Islands, the District of Columbia and Puerto Rico have passed such laws.