January 20th, 2020
The US Department of Health and Human Services just released an emergency directive to notify the Health and Public Health Sector of significant vulnerabilities identified in the Microsoft Windows Operating Systems.
January 6th, 2020
Cyberterrorism is on the rise, and this includes phishing attacks. According to a recent report from Verizon, 90% of all data breaches are linked to phishing attacks. With the average cost of a successful phishing attack for a medium-sized business totalling $1.6 million, it is critical to ensure employees are educated on how to identify these scams before they cause catastrophic damage.
December 16th, 2019
As the holiday season draws near, MedSafe urges healthcare organizations and employees to be aware of online scams. Phishing attacks are on the rise with the highest rates since 2016, according to the Phishing Activity Trends Report.
December 3rd, 2019
Is texting HIPAA compliant? The answer to this question is not as simple as it may seem. With more and more medical professionals relying on their personal mobile devices for communication, texting has become a significant challenge for healthcare organizations nationwide. Whether or not texting is HIPAA compliant largely depends upon what is texted, who is texted, and what mechanisms are in place to ensure the integrity of Protected Health Information (PHI).
November 14th, 2019
HIPAA Breaches can cost healthcare organizations millions. Healthcare data breaches typically cost more than data breaches in any other industry. In fact, the average cost of a healthcare data breach in the United States is $15 million.
October 15th, 2019
According to a recent study there has been widespread noncompliance with the HIPAA right of access. In fact, more than half of the providers that were assessed in this report were either not fully compliant with the HIPAA law or it took multiple attempts before becoming compliant. (1)
September 30th, 2019
PHI stands for Protected Health Information. According to the HIPAA Privacy Rule, protected health information is identifiable information related to the present, past, or future health status of a patient. It includes all personal health information that is created, collected, transmitted or maintained by a HIPAA-covered entity concerning the provision of healthcare or payment for healthcare services.
September 3rd, 2019
According to the Department of Health and Human Services (HHS), business associates of HIPAA covered entities may be held liable for noncompliance of certain HIPAA rules and requirements. HHS has provided the following list of HIPAA violations that business associates can be held fully liable.
August 20th, 2019
A recent report published by The Poneman Institute/IBM Security released a comprehensive analysis of data breaches reported in 2018. The report indicated that data breach costs have continued to increase, with healthcare organizations experiencing the costliest cases.
July 29th, 2019
The month of April proved to be a busy one for cyberterrorists, with reportedly more breaches than any previous month. The increasing rates of healthcare breaches continued in May, resulting in the exposure of almost 2 million individuals’ protected health information. So far this year, more than 6 million healthcare records have been exposed, which is more than half of the number of records exposed in 2018.
July 22nd, 2019
In order to provide the most current and complete compliance policies and procedures, MedSafe is updating the HIPAA trainings and online HIPAA manuals including new policies and procedures. This change will go into effect on 8/1/2019. Due to these updates, after logging in after August 1st, you will notice new questions that will need to be answered in the HIPAA section of your Survey app. Please review these questions; which will each be clearly labeled as NEW 8/1/19; and type in your answers. Once you have filled in your answers, the HIPAA training and manual is updated automatically with this information. If you do not have our online manuals and would like to purchase please let us know.
July 8th, 2019
In today’s social media era, companies all over the world benefit from the ease of using social networks to communicate quickly and efficiently with their customers. Although slower to adopt, the healthcare industry has also joined the social media craze.
June 14th, 2019
American Medical Collections Agency (AMCA), a company that provides billing collection services to healthcare organizations, confirmed that sometime between August 2018 and March 2019, an unauthorized user accessed its web payment system which included several healthcare clients and held millions of patient’s information.
May 8th, 2019
In today’s digital age, it should come as no surprise that the number of employees working from home has been steadily increasing over the past decade. In fact, in the last 15 years, telecommuting positions have grown by a whopping 140%. (1) While new technologies have made telecommuting more possible through easier and more efficient ways of transmitting data, it has also created increased risk of loss and disclosure of sensitive information.
April 11th, 2019
Constant Contact, Inc. is an online marketing company, headquartered in Waltham, Massachusetts that provides an email marketing solution which makes it easy for companies to stay in contact with their customers through sending newsletters, updates, and email marketing messages. Many medical offices and healthcare facilities utilize constant contact to keep in touch with their patients.
However, one common question that is often asked, is whether or not Constant Contact is HIPAA Compliant?
January 15th, 2019
Have you just experienced a ransomware attack or other cybersecurity incident, you may be wondering what to do next? Fortunately, the HHS, Office for Civil Rights (OCR) has provided a quick response checklist that explains step by step what a HIPAA covered entity or its business associate should do in response to an incident.
In the event of a cyber-attack or similar emergency an entity should:
December 4th, 2018
According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties as high as $1,500,000 from state attorneys general and the HHS’ Office for Civil Rights.
What is a Breach?
October 15th, 2018
As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:
September 20th, 2018
According to the Health Insurance Portability and Accounting Act of 1996 (HIPAA) Security Rule covered entities (CEs) and business associates (Bas) that have access to electronic personal health information (EPHI) are required to implement safeguards necessary to protect it.
Continue reading...
September 6th, 2018
Under the HIPAA security rule, HIPAA covered entities (CEs) and business associates (BAs) are required to protect their electronic personal health information (ePHI), which typically involves identifying and mitigating software vulnerabilities that could put (ePHI) at risk. It also includes conducting a risk analysis, and implementing actions that will reduce these risks.