July 13, 2016 | by John Dimaggio
Do your employees ever use mobile devices for work related functions? If so, keep in mind that failure to comply with HIPAA mobile device regulations can result in significant fines. Non-compliance can also generate negative publicity and reputational damage that can be difficult to recover from, as well as instigate Office for Civil Rights investigations and corrective action plans.
June 29, 2016 | by John Dimaggio
Healthcare Providers are legally and ethically obligated to ensure patient privacy. And with the 2016 OCR audits currently underway, now is the time to ensure your organization is compliant with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules. This article will focus on best practices to ensure compliance with the Security Rule.
June 22, 2016 | by John Dimaggio
OCR’s 2016 Audit protocol encompasses 180 requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. While the primary audit objective is to assess compliance of the HIPAA regulated industry, a secondary objective is to discover industry-common vulnerabilities that have remained undetected during routine OCR complaint investigations and compliance reviews. Based on the broad scope of potential audit topics and on OCR’s stanch audit objectives, indications point to substantial failure rates.
June 14, 2016 | by John Dimaggio
The Office for Civil Rights (OCR) is currently auditing Covered Entities and Business Associates to assess compliance with HIPAA mandated processes, controls, and policies. Organizations selected for an audit will have 10 business days to provide the requested audit information. Could your organization respond in 10 days?
June 1, 2016 | by John Dimaggio
The new HIPAA audits are currently underway, targeting healthcare organizations as well as Business Associates. Conducted by the Office for Civil Rights (OCR), the audits are intended to assess compliance of the HIPAA regulated industry, with a focus on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules. Every Covered Entity and Business Associate is eligible for an audit. So how will you know if your organization has been selected?
May 25, 2016 | by John Dimaggio
Will your organization face a HIPAA audit in 2016? If you are a Covered Entity or Business Associate, now is the time to test, analyze and remediate any vulnerabilities in your HIPAA Security, Privacy and Breach compliance. The Office for Civil Rights (OCR) has recently announced a new 2016 audit program targeting selected Covered Entities and Business Associates, with protocol that could likely result in significant enforcement actions.
May 18, 2016 | by John Dimaggio
The number of healthcare breach incidents that evade traditional security defenses are increasing at an alarming rate. Motivated by lucrative pay-offs for stolen health information, hackers are developing increasing proficiency in identifying and exploiting security vulnerabilities in healthcare IT. So how can you best fortify your organization’s security controls to defend against cyber threats?
May 10, 2016 | by John Dimaggio
Healthcare organizations operating without a strong HIPAA compliance plan are playing a very risky game of Russian roulette. Now more than ever, the Office for Civil Rights (OCR) is serious about HIPAA enforcement, and expects full compliance with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules.
April 6, 2016 | by John Dimaggio
HIPAA law requires covered entities to safeguard against “reasonably anticipated” threats to protected health information. With healthcare security breaches making all too frequent headlines, the threat of malicious hacking can certainly be reasonably anticipated. In fact, according to a May 2015 Ponemon Institute study, criminal attacks on healthcare data are up 125% compared to five years ago. In this cyber-war landscape, healthcare organizations have a legal and ethical responsibility to identify and mitigate the likelihood of real-world threats to IT assets and physical security. Penetration testing can strategically position your organization to repel cyber-attacks.
March 30, 2016 | by John Dimaggio
Hackers are becoming increasingly proficient in detecting and exploiting security vulnerabilities in healthcare IT security. In response, many healthcare organizations are preemptively working to identify and eliminate security vulnerabilities in operating systems, applications and configurations. But in this quest for robust security controls, end-user practices can sometimes be overlooked. Employee carelessness, forgetfulness and lack of knowledge can create a huge gap in an otherwise secure setting. This gap can make an organization highly susceptible to cyber-attack, security breach, and ransomware. It can also put an organization at risk for costly HIPAA violations that could generate negative publicity and reputational damage.