July 28, 2016 | by John Dimaggio
Does your organization perform routine HIPAA Security Risk Analyses? If so, are those analyses “good enough”? With the 2016 Office for Civil Rights (OCR) audits currently underway, and more audits looming for 2017, healthcare organizations would be wise to shore up their security regimens to ensure compliance with the HIPAA Security Rule.
July 13, 2016 | by John Dimaggio
Do your employees ever use mobile devices for work related functions? If so, keep in mind that failure to comply with HIPAA mobile device regulations can result in significant fines. Non-compliance can also generate negative publicity and reputational damage that can be difficult to recover from, as well as instigate Office for Civil Rights investigations and corrective action plans.
June 29, 2016 | by John Dimaggio
Healthcare Providers are legally and ethically obligated to ensure patient privacy. And with the 2016 OCR audits currently underway, now is the time to ensure your organization is compliant with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules. This article will focus on best practices to ensure compliance with the Security Rule.
June 22, 2016 | by John Dimaggio
OCR’s 2016 Audit protocol encompasses 180 requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. While the primary audit objective is to assess compliance of the HIPAA regulated industry, a secondary objective is to discover industry-common vulnerabilities that have remained undetected during routine OCR complaint investigations and compliance reviews. Based on the broad scope of potential audit topics and on OCR’s stanch audit objectives, indications point to substantial failure rates.
June 14, 2016 | by John Dimaggio
The Office for Civil Rights (OCR) is currently auditing Covered Entities and Business Associates to assess compliance with HIPAA mandated processes, controls, and policies. Organizations selected for an audit will have 10 business days to provide the requested audit information. Could your organization respond in 10 days?
June 1, 2016 | by John Dimaggio
The new HIPAA audits are currently underway, targeting healthcare organizations as well as Business Associates. Conducted by the Office for Civil Rights (OCR), the audits are intended to assess compliance of the HIPAA regulated industry, with a focus on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules. Every Covered Entity and Business Associate is eligible for an audit. So how will you know if your organization has been selected?
May 25, 2016 | by John Dimaggio
Will your organization face a HIPAA audit in 2016? If you are a Covered Entity or Business Associate, now is the time to test, analyze and remediate any vulnerabilities in your HIPAA Security, Privacy and Breach compliance. The Office for Civil Rights (OCR) has recently announced a new 2016 audit program targeting selected Covered Entities and Business Associates, with protocol that could likely result in significant enforcement actions.
May 18, 2016 | by John Dimaggio
The number of healthcare breach incidents that evade traditional security defenses are increasing at an alarming rate. Motivated by lucrative pay-offs for stolen health information, hackers are developing increasing proficiency in identifying and exploiting security vulnerabilities in healthcare IT. So how can you best fortify your organization’s security controls to defend against cyber threats?
May 10, 2016 | by John Dimaggio
Healthcare organizations operating without a strong HIPAA compliance plan are playing a very risky game of Russian roulette. Now more than ever, the Office for Civil Rights (OCR) is serious about HIPAA enforcement, and expects full compliance with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules.