Below is an awesome testimonial from David Grossman, M.D. at Main Line Emergency Medicine Associates (MLEMA) I am the Compliance officer, for Main Line Emergency Medicine Associates (MLEMA), We are an emergency medicine practice, conducting provider services for Main Line Health hospitals, in southeasternPennsylvania. In February, 2012, our practice decided to get Breach insurance and...
We are very excited to announce that Healthcare Providers Insurance Exchange (HPIX) and HIPAA Secure Now! have created a partnership to provide HIPAA risk assessments to all of HPIX clients. HPIX will pay for the risk assessment and provide the service free to their clients. HPIX will utilize our HIPAA Secure Now! service to perform...
The Alaska Department of Health and Social Services (DHSS) was handed a $1.7 million fine by the Office of Civil Rights (OCR). The fine is one of the largest imposed on an organization. A closer look reveals why the fine was so large. Healthcare Info Security gives an in-depth look at the fine. The Alaska...
OCR released the details of the HIPAA audit protocol. There aren’t a lot of surprises in their list of items they look for during an audit. The protocol looks like a summary of the HIPAA Privacy and Security Rules with the addition of the Breach Notification Rule. There are 77 items for HIPAA Security and...
We wrote about LinkedIn having 6 million passwords stolen. eHarmony has also been a victim of 1.5 million passwords being stolen. The clear message here is that if these large websites can be victims of cyber-criminals, much smaller organizations stand little chance in defending its information. Both LinkedIn and eHarmony are well funded companies that...
By now you may have heard about the 6 million passwords that were stolen from LinkedIn. The passwords were posted on a Russian online forum. The passwords were encrypted but through the use of password cracking programs many of the passwords have been cracked. An article over at IT security company Qualys goes into details...
There are many tools available to organizations that help them perform the required HIPAA and Meaningful Use Risk Assessment. The problem with an organization doing their own Risk Assessment revolves around the saying What you put in is what you get out In order to get an accurate analysis of risks to patient information it...
You have been driving 45 mph on the same 25 mph road for years. There are never any police on the road and there is really no reason to drive 25 mph. Then after years of ignoring the posted speed limit, one day a police officer is waiting behind a tree and pulls you over...
There is a good article over at the Vormetric Security Blog that looks at restricting employee access to patient information. They argue that not all employees need full access and unless an employee can demonstrate that access is needed to perform their job function, no access to patient data should be given. The below paragraph...
The office of National Coordinator for Health Information Technology (ONC) has published a useful guide to Privacy and Security of Health Information (PDF). One of the sections looks at common myths and facts about a security risk analysis / assessment. Let’s take a look at it in more detail. Below are ONC’s myths and facts: Let’s look...
Recent Comments