States Enact Even Tougher Breach Notification Laws than Federal HIPAA Requirements

Starting September 1, 2018, Colorado’s new Protections For Consumers Data Privacy law will require organizations to notify victims of breaches containing personal information within 30 days of determining that a breach occurred — 30 days before current federal HIPAA requirements. Like other state laws, Colorado’s newest approved bill signals to healthcare organizations that you can […]

Vendor Management Lessons from Aetna’s $20 Million Lawsuit

You likely use third-party vendors to outsource your payroll, HR or IT infrastructure — all essential business functions. Unfortunately, in doing so, you’re giving multiple companies access to sensitive data, including private patient or customer information. In the event of a breach or leak of said sensitive information, it’s important to know where the chips […]

Healthcare Breaches: The Newest Round of HIPAA Fines

A new HIPAA fine has been released, and it’s significant. Federal regulators have issued one of the largest HIPAA settlements ever in favor of 521 impacted individuals over Massachusetts-based healthcare organization Fresenius Medical Care (FMCNA). Cited specifically for a lack of risk analysis, FMNCA now ranks among one of the costliest HIPAA penalties issued, paying […]

Go Beyond HIPAA: Strengthening IT Security by Sharing Information

HIPPA compliance for healthcare organizations is crucial – yet many still struggle with meeting even the most basic requirements. Furthermore, merely employing a security profile that just meets regulations does not provide adequate protection. But what does it mean in real-life terms to not meet these requirements, and what steps can you take right now to […]

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. […]

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently […]

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and […]

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, […]

HIPAA, Health Technology Trends, and Security Threats

Most people in the U.S. say that care more about protecting the privacy of their healthcare data than they do about being able to conveniently access that information. That said, according to a recent PwC Health Research Institute report, privacy will be sacrificed to apps/services that collect and analyze personal health information. Do-it-yourself healthcare is […]

Get Ready Now for 2015 HIPAA Audits

A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation […]