Blog Posts Tagged with "HHS"
Network Exposure and Healthcare Privacy Breaches
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
Comments (0)
Lack of Basic Security Practices Results in $1.7 Million Sanction
July 02, 2012 Added by:Rebecca Herold
“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...
Comments (0)
Is a W-2 Considered PHI Under HIPAA?
March 25, 2012 Added by:Rebecca Herold
The question was framed as meaning the entire W-2 form was being “submitted” for financial assistance to pay for healthcare, so with this in mind, we will consider it as one document containing several information items that are necessarily grouped together...
Comments (0)
Do Subpoenas Trump HIPAA or Trample Security of PHI?
January 12, 2012 Added by:Rebecca Herold
I’ve spoken to many business leaders over the years, and most have gotten serious about ensuring safeguards are in place when putting their signatures on attestations and other types of legally binding documents. So, you need to have documented procedures in place...
Comments (0)
HIPAA Tool Helps Organizations Meet Security Requirements
November 30, 2011 Added by:Headlines
A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...
Comments (0)
Find Out Who Has Accessed Your Health Records
June 07, 2011 Added by:David Navetta
Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...
Comments (0)
HHS: HIPAA Privacy Rule Accounting of Disclosures
June 01, 2011 Added by:Rebecca Herold
Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...
Comments (0)
HIPAA - HITECH Compliance: Avoid the Wall of Shame
March 24, 2011 Added by:Jack Anderson
Free Webinar on HIPAA and HITECH Compliance: Join us to find out how easy it can be to take your practice from zero to compliant with our easy-to-use online system that combines all the pre-drafted policies, procedures and forms you need plus assistance from a HIPAA compliance expert..
Comments (0)
Auditors: Prepare for the "Year of Healthcare Privacy"
March 03, 2011 Added by:Rebecca Herold
Most of the lawyers and regulatory analysts I’ve spoken with have indicated that they anticipate most, if not all, of the proposed changes will be enacted into the Final Rule as law by the end of March 2011. Many changes will result, and eight areas will be significantly impacted...
Comments (0)
Privacy Enforcement Storm: HHS, FTC and FINRA Act
March 03, 2011 Added by:David Navetta
If your organization does not have a privacy program in place, now is the time to act. Legal compliance function, vendor management and appropriate security provisions in vendor and customer agreements are just a few of the hallmarks of a program that could help avoid enforcement actions...
Comments (0)
Proving HIPAA HITECH Compliance
January 30, 2011 Added by:Jack Anderson
There is no third party authorized by HHS to attest to their compliance such as The Joint Commission or JCAHO can attest to accreditation. Even if they could prove to your satisfaction that they were compliant in January, how would you know that they were compliant in February, or March, etc...
Comments (2)
Medical Server Hacked by Call of Duty Gamers
January 14, 2011 Added by:Headlines
A network server at Seacoast Radiology was illegally accessed by hackers intent on using it to host "Call of Duty: Black Ops" gaming sessions. The server provides storage for records for over 230,000 individuals...
Comments (0)
HIPAA-HITECH Final Rule To Be Published in March
January 06, 2011 Added by:Rebecca Herold
On December 20, 2010, the federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” Within it is the long-awaited HHS time line for when they would publish the final rule...
Comments (0)
Identity Theft Resource Center 2010 Breach Report
January 04, 2011 Added by:Headlines
Breaches happen. Consumers, government and the business community need to stop acting like ostriches with their heads in the sand. Second, the concept of “risk of harm” is not acceptable for determining notification. This is true especially if the company involved is allowed to define risk of harm...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers