Nov 2018

The Importance of Configuration Standards for Regulatory Compliance

Developing and implementing strong configuration standards for regulatory compliance is an important aspect of an organization’s cybersecurity strategy. Privacy regulations commonly require configuration standards. Therefore, knowing how to create strong ones is an important part of achieving and maintaining regulatory compliance for frameworks such as HIPAA/HITECH, PCI DSS, and NIST. What Are Regulatory Compliance Configuration Standards? All technology comes with a default configuration and, in...

Read More


Oct 2018

Does HIPAA Apply to Me?

Over the course of Sword & Shield’s years of HIPAA compliance consulting, we have been asked many times, “Does HIPAA apply to me?” In this post, we describe how your organization can determine whether or not you are required to be compliant with the HIPAA regulations for privacy and security of protected health information (PHI). Introduction to HIPAA The Health Insurance Portability and Accountability Act (HIPAA)...

Read More


Jul 2018

Lessons Learned from the MD Anderson Breaches

The MD Anderson Cancer Center at the University of Texas was recently fined $4.3 million by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) concerning data breaches that resulted in the loss of the health information of 33,500 patients. In this article, we called on one of our healthcare experts, Security Consultant Jeremy Bess, to explain what lessons can...

Read More


Jun 2018

HITRUST Introduction: Getting Started

Sword & Shield offers this HITRUST introduction to take some of the mystery out of this comprehensive compliance tool and to explain what you need to know in order to get started with HITRUST compliance. Let’s start with the basics: What is HITRUST? The Health Information Trust Alliance (HITRUST) is a United States company that has partnered with leaders in the healthcare, technology, and information security...

Read More


May 2018

Complying with HIPAA encryption standards; what you need to know

By Jeremy Watson Have you encrypted your electronic protected health information (ePHI) data at rest (being stored in persistent storage) and in transit (flowing from one point to another, whether it be the over the internet or a private network)? If so, you’re compliant with the HIPAA encryption standard and, therefore, covered by the Safe Harbor Rule in case of a breach. This means you’re...

Read More


Apr 2018

Understanding HIPAA Today

Look back into the Healthcare Privacy and Security Standard’s growth to understand where we are today. By Chris Lyons When the Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August of 1996, the intent was to provide an improved method of allowing employees to ensure they were able to retain healthcare coverage between jobs, combat waste and fraud in healthcare, and...

Read More


Sep 2017

Facing your first HIPAA Risk Assessment? Here’s what you should know.

By Chris Lyons HIPAA compliance can be a daunting endeavor, especially if your organization has never faced this challenge. A HIPAA risk assessment can help you achieve compliance. If you are considering your first HIPAA risk assessment, there are a few things you should know. Here are four points to get you on your way: Understand your security environment Prepare for the assessor’s visit by gathering...

Read More


Sep 2016

Introducing a New Comprehensive HITRUST Solution

Nearly 90 percent of all healthcare organizations have suffered at least one data breach in the past two years with an average cost of $2.2 million per attack. Even just an allegation of a breach can result in an investigation of your organization by the U.S. Department of Health and Human Services’ Office for Civil Rights. But, for most, it is virtually impossible to claim...

Read More


Jul 2016

Federal Regulators Fine First Business Associate for HIPAA Breach

In October of 2013 The Office for Civil Rights implemented the Omnibus Rule that made all Business Associates directly accountable for HIPAA compliance. On June 29, 2016, the OCR announced the first HIPAA enforcement fine levied on a Business Associate. A nonprofit organization was hit with a $650,000 fine for a breach that affected just 412 patients. The company was also put on a corrective...

Read More


Apr 2016

OCR Issues New HIPAA Audit Protocol

Last week, federal regulators released a revamped protocol to use in phase two of HIPAA compliance audits of covered entities and business associates. The Department of Health and Human Services’ Office for Civil Rights posted this updated protocol on its website with a request for feedback. “It is refreshing to see that the OCR has refined many of the outdated or ‘grey area’ controls found...

Read More

Page 1 of 212