Health Care Cybersecurity Update on Guidance The National Institute of Standards and Technology (NIST) has provided updated guidance for the health care industry. Designed to help with electronically protected health information (ePHI), they have created a new draft titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special...
Cloud Hosting & HIPAA Compliance When you think of trends in healthcare, what comes to mind? Maybe it’s a particular EMR system, new machines in the office, ways in which you communicate with patients… the list goes on. One thing is for sure when we think about all the ways that healthcare has changed over...
We’re halfway through this year’s Cybersecurity Awareness Month and never has it been more important to make sure that you are informed and making smart cyber choices in both your personal and professional life. With the pandemic providing cybercriminals ample opportunity to take advantage of our uncertainties in many aspects, and with online activity through...
While we have all had to adjust in obvious ways to the pandemic, the reality is that after the panic subsides, and after the immediate emergency vibe in the air passes, we will never return to the way things once were. We are in a new reality, or as many keep saying, a new normal....
Remember ransomware, the malicious software that blocks computer access until a ransom demand is paid? The threat was huge and dominated headlines in the past but seems to have slowed down in recent months. Could the decline in publications citing ransomware as the cause of a data breach or loss of data indicate that...
It’s no secret that employees violate security policies. Whether we’d like to admit it or not, there’s a good chance we have all violated a security policy once upon a time. Sometimes, employees violate policies to save time or make their job easier, and sometimes, they don’t even know they’re doing it. How do you...
HIPAA is often described as dealing with CIA – the Confidentiality, Integrity and Access to patient records. In the past, access to patient records often required a written request, accompanied by a response in the mail that could take several weeks. However, in today’s world where electronic systems can provide almost instant action to data,...
According to an article over on tripwire, a covered entity is facing serious penalties after the Office for Civil Rights issued them a hefty fine for their failure to comply with audit procedures including review, modification and termination of users’ access. In the scope of the investigation, it was discovered that more than 100,000 individuals...
According to an article on HIPAA Journal, over a 27 month period an employee of St. Charles Health System in Oregon accessed nearly 2,500 patient records without authorization. All it took to discover the unnamed employee had been inappropriately accessing patient records was one incident that sparked further review, occurring on January 16, 2017. The...
In the January, 2017 edition of the OCR Cyber Newsletter (PDF), OCR gives guidance to what is required from Covered Entities and Business Associate regarding auditing / monitoring of access to PHI. Covered Entities and Business Associates should make sure that they appropriately review and secure audit trails, and they use the proper tools to...
© 2023 · HIPAA Secure Now!
Recent Comments