January 15th, 2019
Have you just experienced a ransomware attack or other cybersecurity incident, you may be wondering what to do next? Fortunately, the HHS, Office for Civil Rights (OCR) has provided a quick response checklist that explains step by step what a HIPAA covered entity or its business associate should do in response to an incident.
In the event of a cyber-attack or similar emergency an entity should:
December 4th, 2018
According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties as high as $1,500,000 from state attorneys general and the HHS’ Office for Civil Rights.
What is a Breach?
October 15th, 2018
As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:
September 20th, 2018
According to the Health Insurance Portability and Accounting Act of 1996 (HIPAA) Security Rule covered entities (CEs) and business associates (Bas) that have access to electronic personal health information (EPHI) are required to implement safeguards necessary to protect it.
Continue reading...
September 6th, 2018
Under the HIPAA security rule, HIPAA covered entities (CEs) and business associates (BAs) are required to protect their electronic personal health information (ePHI), which typically involves identifying and mitigating software vulnerabilities that could put (ePHI) at risk. It also includes conducting a risk analysis, and implementing actions that will reduce these risks.
August 14th, 2018
Healthcare organizations nationwide remain focused on their IT security, as more and more cyberattacks wreak havoc across the industry. Within the last two years, nearly 50% of companies have experienced a data breach, and the severity of these attacks appear to be getting worse.
July 24th, 2018
In 2016, the FBI released a public service announcement warning that “business email compromise (BEC) scams have increased by 1,300% since 2015 and have cost businesses more than $3 billion. Making it a significant threat that businesses should be aware of to reduce the likelihood of becoming a victim.
June 12th, 2018
According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)
May 16th, 2018
Nearly 4 out of 5 healthcare providers use a mobile device for professional purposes. These numbers continue to rise as healthcare organizations place an increased focus on efficiency and productivity. (1) Although mobile devices are incredibly efficient and convenient, they also harbor measurable risks for data breach and the exposure of protected health information (PHI).
May 3rd, 2018
The mobile technology revolution has impacted nearly every industry across the globe, with healthcare being no exception. Hospitals, clinics, and providers have all quickly embraced the use of smartphones and other mobile devices along with the convenience of accessing important medical information quickly.
February 14th, 2018
Another strain of ransomware has wreaked its havoc on the healthcare industry. This time its victims include over 45,000 medical practices and 180,000 physicians that are clients of Allscripts Healthcare Solutions, Inc. Allscripts is a publicly traded American company that provides physician practices, hospitals, and other healthcare providers with practice management and electronic health record technology.
November 29th, 2017
Data breaches and ransomware attacks are among some of the top challenges that healthcare organizations face today. These issues can lead to extensive damage affecting entire organizations. Whether it is the breach of a patient’s privacy or the disruption of operations across an entire system, just one negative event has the potential to destroy a hospital’s reputation.
August 31st, 2017
A failure to understand HIPAA requirements can be a very costly mistake, as CardioNet learned just a couple months ago. In April, the wireless health services provider agreed to a settlement of $2.5 million for a potential noncompliance with the HIPAA Privacy and Security Rules. (1) The violation occurred when a company laptop containing the ePHI of 1,391 individuals was stolen from an employee’s vehicle parked outside their home.
June 20th, 2017
Recently the world’s largest cyber-attack unleashed its havoc across 150 countries crippling more than 300,000 victims and hundreds of organizations worldwide. Hospitals, universities, government offices, and large business were among those affected, including sixteen NHS hospitals in the UK. Many of them had to cancel surgeries, appointments, and send patients elsewhere due to the fallout.
May 24th, 2017
Healthcare data breaches are costing the U.S. healthcare industry nearly $6.2 billion each year. (2) In fact, healthcare has the highest cost per breached record of any other industry. Why?
April 17th, 2017
Last month, Memorial Healthcare System (MHS) agreed to implement a comprehensive corrective action plan and pay a 5.5-million-dollar settlement for the breach of protected health information (PHI) that affected over 100,000 individuals. This is the second largest fine against a covered entity to date, sending a strong message that audit controls will be a key focus for the future. (1)
April 3rd, 2017
In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.
November 15th, 2016
In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.
October 24th, 2016
What is a Business Associate?
Business associates are considered any third-party contractor that performs work or activities on behalf of a healthcare organization or covered entity that involve the use or disclosure of protected health information (1).
October 11th, 2016
In June, the victims of the horrific Orlando shooting at Pulse Nightclub were also victims of a privacy breach when their personal health information was accessed without authorization by a few curious employees at Orlando Health Hospital. The hospital confirmed that employees have previously received HIPAA training on patient privacy. However, they are now retraining staff and increasing auditing and monitoring of patient records in response to the breach. Experts say the hospital could be responsible for penalties up to $100,000 depending on the severity. A high price for personal curiosity.