If you work in a healthcare organization and you have a laptop it should be encrypted. We have heard many discussions about why a laptop does not need to be encrypted. Some of the reasons include; it doesn’t contain patient information or it never leaves the office or it never leaves our employee’s possession. Laptops...
Gienna Shaw over at FierceHealthIT has an entertaining article on some to the strangest security breaches in 2012. Here are her “highlights” of 2012. 1.) EMR held ransom (We also discussed another EMR ransom case here) In the Lake County case, an unauthorized remote user posted a message on the practice’s server stating that its...
The HHS Office for Civil Rights (OCR) has fined the Hospice of North Idaho (HONI) $50,000 for a breach resulting from a stolen laptop. What makes this unique is it represents the first time an organization has been fined for a breach of less than 500 patients. We will take a look at the details...
The most dangerous HIPAA action you can do is very simple: DO NOTHING You may be under a false sense of security because none of these events have happened to your organizations: You haven’t had a HIPAA breach You haven’t received a HIPAA fine You didn’t need to use a Security Incident Response Plan You...
Leon Rodriguez, director of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) recently conducted an interview with HealthcareInfoSecurity. Click on the link to listen to the full interview. Rodriguez gave some valuable insight into OCR’s plans for 2013 and beyond as well as guidance that organizations should follow to protect...
Dom Nicastro over at HCPro gives insight into the status of the OCR audit program for 2013. Top OCR officials have made it clear the audit program will continue next year, says Mac McMillan, FHIMSS, CISM, cofounder and CEO of CynergisTek, Inc., in Austin, Texas. There will be more audits going forward; HITECH requires them,...
The Office of Inspector General (OIG) is criticizing CMS’ oversight of the Meaningful Use incentive program. They worry that CMS might be paying organizations who do not qualify for Meaningful Use incentives. This study is an early assessment of CMS’s oversight of the Medicare electronic health record (EHR) incentive program, for which CMS estimates it...
When people think of the HIPAA Security Rule many think about protecting the privacy / confidentiality of patient information. Privacy is a major part of HIPAA security but also ensuring the availability of patient information is equally important. Let’s take a look at the HIPAA Security General Rules: § 164.306 Security standards: General rules. (a)...
Below is an awesome testimonial from David Grossman, M.D. at Main Line Emergency Medicine Associates (MLEMA) I am the Compliance officer, for Main Line Emergency Medicine Associates (MLEMA), We are an emergency medicine practice, conducting provider services for Main Line Health hospitals, in southeasternPennsylvania. In February, 2012, our practice decided to get Breach insurance and...
We are very excited to announce that Healthcare Providers Insurance Exchange (HPIX) and HIPAA Secure Now! have created a partnership to provide HIPAA risk assessments to all of HPIX clients. HPIX will pay for the risk assessment and provide the service free to their clients. HPIX will utilize our HIPAA Secure Now! service to perform...
Recent Comments