Sep 2017

Facing your first HIPAA Risk Assessment? Here’s what you should know.

By Chris Lyons HIPAA compliance can be a daunting endeavor, especially if your organization has never faced this challenge. A HIPAA risk assessment can help you achieve compliance. If you are considering your first HIPAA risk assessment, there are a few things you should know. Here are four points to get you on your way: Understand your security environment Prepare for the assessor’s visit by gathering...

Read More


Sep 2016

Introducing a New Comprehensive HITRUST Solution

Nearly 90 percent of all healthcare organizations have suffered at least one data breach in the past two years with an average cost of $2.2 million per attack. Even just an allegation of a breach can result in an investigation of your organization by the U.S. Department of Health and Human Services’ Office for Civil Rights. But, for most, it is virtually impossible to claim...

Read More


Jul 2016

Federal Regulators Fine First Business Associate for HIPAA Breach

In October of 2013 The Office for Civil Rights implemented the Omnibus Rule that made all Business Associates directly accountable for HIPAA compliance. On June 29, 2016, the OCR announced the first HIPAA enforcement fine levied on a Business Associate. A nonprofit organization was hit with a $650,000 fine for a breach that affected just 412 patients. The company was also put on a corrective...

Read More


Apr 2016

OCR Issues New HIPAA Audit Protocol

Last week, federal regulators released a revamped protocol to use in phase two of HIPAA compliance audits of covered entities and business associates. The Department of Health and Human Services’ Office for Civil Rights posted this updated protocol on its website with a request for feedback. “It is refreshing to see that the OCR has refined many of the outdated or “grey area” controls found...

Read More


Mar 2016

Healthcare Data Security is More Than Just HIPAA

Nearly three-quarters of healthcare organizations have suffered some kind of data breach or security incident in the past 12 months and more than 19 million people have had their health information compromised since the breach notification rule went into effect. Hospitals and other healthcare organizations can be fined up to $1.5 million per year for serious security incidents under the HITECH Act, but the full...

Read More


Feb 2016

Healthcare Organizations Also Need a PCI Compliance Plan

While many healthcare organizations are very familiar with their roles in maintaining HIPAA compliance, many aren’t as certain about where they stand regarding Payment Card Industry (PCI) regulations. These organizations have spent years with HIPAA regulations as their primary focus and they don’t always see the same volume of payment card use as retailers, so the maturity of their PCI compliance programs aren’t as robust....

Read More


Feb 2016

You Need a Security Assessment to be HIPAA Compliant

But, Does That Make You Secure? Security assessments aren’t just a cost of doing business for those in the healthcare profession – they are a requirement to meet HIPAA compliance. The Department of Health and Human Services requires all organizations handling Protected Health Information (PHI) to have a risk assessment as the first step toward implementing the safeguards specified in the HIPAA Security Rule. This ultimately leads...

Read More


Jul 2015

Don’t Let Your Laptop Give up Your Patients’ PHI – Security is More than Encryption

As more physicians, nurses and other healthcare workers rely on their smartphones, laptops and tablets to perform their duties and access instant information, the risk of becoming a target for cyber thieves increases. But understanding best practices for securing your company’s mobile devices and employing them should allow you to stay HIPAA compliant while keeping your patients’ personal information secure. Many healthcare organizations are unsure about...

Read More