October 15th, 2019
According to a recent study there has been widespread noncompliance with the HIPAA right of access. In fact, more than half of the providers that were assessed in this report were either not fully compliant with the HIPAA law or it took multiple attempts before becoming compliant. (1)
September 30th, 2019
PHI stands for Protected Health Information. According to the HIPAA Privacy Rule, protected health information is identifiable information related to the present, past, or future health status of a patient. It includes all personal health information that is created, collected, transmitted or maintained by a HIPAA-covered entity concerning the provision of healthcare or payment for healthcare services.
September 3rd, 2019
According to the Department of Health and Human Services (HHS), business associates of HIPAA covered entities may be held liable for noncompliance of certain HIPAA rules and requirements. HHS has provided the following list of HIPAA violations that business associates can be held fully liable.
August 20th, 2019
A recent report published by The Poneman Institute/IBM Security released a comprehensive analysis of data breaches reported in 2018. The report indicated that data breach costs have continued to increase, with healthcare organizations experiencing the costliest cases.
July 29th, 2019
The month of April proved to be a busy one for cyberterrorists, with reportedly more breaches than any previous month. The increasing rates of healthcare breaches continued in May, resulting in the exposure of almost 2 million individuals’ protected health information. So far this year, more than 6 million healthcare records have been exposed, which is more than half of the number of records exposed in 2018.
July 22nd, 2019
In order to provide the most current and complete compliance policies and procedures, MedSafe is updating the HIPAA trainings and online HIPAA manuals including new policies and procedures. This change will go into effect on 8/1/2019. Due to these updates, after logging in after August 1st, you will notice new questions that will need to be answered in the HIPAA section of your Survey app. Please review these questions; which will each be clearly labeled as NEW 8/1/19; and type in your answers. Once you have filled in your answers, the HIPAA training and manual is updated automatically with this information. If you do not have our online manuals and would like to purchase please let us know.
July 8th, 2019
In today’s social media era, companies all over the world benefit from the ease of using social networks to communicate quickly and efficiently with their customers. Although slower to adopt, the healthcare industry has also joined the social media craze.
June 14th, 2019
American Medical Collections Agency (AMCA), a company that provides billing collection services to healthcare organizations, confirmed that sometime between August 2018 and March 2019, an unauthorized user accessed its web payment system which included several healthcare clients and held millions of patient’s information.
May 8th, 2019
In today’s digital age, it should come as no surprise that the number of employees working from home has been steadily increasing over the past decade. In fact, in the last 15 years, telecommuting positions have grown by a whopping 140%. (1) While new technologies have made telecommuting more possible through easier and more efficient ways of transmitting data, it has also created increased risk of loss and disclosure of sensitive information.
April 11th, 2019
Constant Contact, Inc. is an online marketing company, headquartered in Waltham, Massachusetts that provides an email marketing solution which makes it easy for companies to stay in contact with their customers through sending newsletters, updates, and email marketing messages. Many medical offices and healthcare facilities utilize constant contact to keep in touch with their patients.
However, one common question that is often asked, is whether or not Constant Contact is HIPAA Compliant?
January 15th, 2019
Have you just experienced a ransomware attack or other cybersecurity incident, you may be wondering what to do next? Fortunately, the HHS, Office for Civil Rights (OCR) has provided a quick response checklist that explains step by step what a HIPAA covered entity or its business associate should do in response to an incident.
In the event of a cyber-attack or similar emergency an entity should:
December 4th, 2018
According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties as high as $1,500,000 from state attorneys general and the HHS’ Office for Civil Rights.
What is a Breach?
October 15th, 2018
As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:
September 20th, 2018
According to the Health Insurance Portability and Accounting Act of 1996 (HIPAA) Security Rule covered entities (CEs) and business associates (Bas) that have access to electronic personal health information (EPHI) are required to implement safeguards necessary to protect it.
September 6th, 2018
Under the HIPAA security rule, HIPAA covered entities (CEs) and business associates (BAs) are required to protect their electronic personal health information (ePHI), which typically involves identifying and mitigating software vulnerabilities that could put (ePHI) at risk. It also includes conducting a risk analysis, and implementing actions that will reduce these risks.
August 14th, 2018
Healthcare organizations nationwide remain focused on their IT security, as more and more cyberattacks wreak havoc across the industry. Within the last two years, nearly 50% of companies have experienced a data breach, and the severity of these attacks appear to be getting worse.
July 24th, 2018
In 2016, the FBI released a public service announcement warning that “business email compromise (BEC) scams have increased by 1,300% since 2015 and have cost businesses more than $3 billion. Making it a significant threat that businesses should be aware of to reduce the likelihood of becoming a victim.
June 12th, 2018
According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)
May 16th, 2018
Nearly 4 out of 5 healthcare providers use a mobile device for professional purposes. These numbers continue to rise as healthcare organizations place an increased focus on efficiency and productivity. (1) Although mobile devices are incredibly efficient and convenient, they also harbor measurable risks for data breach and the exposure of protected health information (PHI).
May 3rd, 2018
The mobile technology revolution has impacted nearly every industry across the globe, with healthcare being no exception. Hospitals, clinics, and providers have all quickly embraced the use of smartphones and other mobile devices along with the convenience of accessing important medical information quickly.