Tag: Compliance

Compliance

Vendor Management Lessons from Aetna’s $20 Million Lawsuit

You likely use third-party vendors to outsource your payroll, HR or IT infrastructure — all essential business functions. Unfortunately, in doing so, you’re giving multiple companies access to sensitive data, including private patient or customer information. In the event of a breach or leak of said sensitive information, it’s important to know where the chips fall and what liability you’re assuming when you outsource business efforts. Let’s take a look at how outsourcing significantly impacted the health insurer Aetna to assess opportunities and risks involved with hiring a third-party vendor. Aetna’s settlement If you’re unfamiliar with the backstory, Aetna made news for paying about $20 million in legal settlements from a case in 2017 concerning privacy violations of about 12,000

Read More »
Audit

BAI Security at HIMSS18

Healthcare providers face a unique challenge when it comes to data protection. Cybercriminals take one look at their assets  — valuable personally identifiable information (PII) like social security numbers and medical information — and throw all they’ve got at their IT security systems. If you’re not doing everything you can to maintain and strengthen your IT security, then your organization is at risk. Let’s talk. Meet us at this year’s HIMSS Annual Conference and Exhibition in Las Vegas, Nevada, to hear how BAI Security’s award-winning suite of compliance, audit and IT security solutions can help you keep even the most advanced cybercriminals at bay. HIMSS18 is set to bring together over 40,000 health IT professionals, clinicians, executives and vendors from around the world, and

Read More »
Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »
Banking

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward

Read More »
Compliance

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the

Read More »
Audit

PCI DSS 3.0: Are You In Compliance Yet?

The new Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) that went into effect on January 1 contains significant changes.  Some of the requirements will remain suggested best practices until July 1, 2015. After that, they too become mandatory. PCI 3.0 will have the greatest impact on e-commerce merchants who partner with third parties for payment card data collection, along with third party service providers who remotely manage merchant systems and networks.  Up to version 2.0 of the PCI DSS, fully outsourcing an e-commerce payment system via a redirect payment company put the web environment out of scope. The web environment didn’t touch payment card data, and therefore did not have to meet PCI requirements. But now, under

Read More »
Audit

GET READY NOW FOR 2015 HIPAA AUDITS

A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and procedural documents to ensure they are current and comprehensive. Your documentation should cover the scope of your HIPAA compliance program and demonstrate how you have updated your policies and practices in

Read More »