5 08, 2019

HIPAA Cyber Security Practices

2019-08-05T09:44:32-04:00August 5th, 2019|

The Health Insurance Portability and Accountability Act (HIPAA) mandates safeguards to be in place to secure protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, financial information, and medical history. The incidents of healthcare organization hacks has increased exponentially over the last few years. As the most targeted sector of the U.S. economy, implementing HIPAA cyber security practices is essential to [...]

2 08, 2019

Healthcare Organizations and HIPAA Cybersecurity

2019-08-02T09:25:57-04:00August 2nd, 2019|

Implementing effective HIPAA cybersecurity measures is essential to safeguarding protected health information (PHI). However, according to a recent study conducted by Brigham Women's Hospital and Harvard Medical School, many healthcare organization employees remain undertrained in HIPAA cybersecurity awareness. The study authors analyzed HIPAA cybersecurity awareness by studying the results of phishing simulations ran by six healthcare institutions.  A simulated phishing test is conducted by an organization’s sending deceptive (although [...]

1 08, 2019

AMCA HIPAA Data Breach Claims Another Victim: Clinical Pathology Laboratories

2019-08-01T11:53:41-04:00August 1st, 2019|

The HIPAA data breach that won’t go away has claimed another victim. In June of 2019, business associate (BA) and vendor America Medical Collection Agency (AMCA), which provides billing services to healthcare organizations, notified millions of patients that their protected health information (PHI)  - financial data, Social Security numbers, and medical information - was potentially breached, in violation of the HIPAA Privacy Rule and the HIPAA Security Rule. AMCA [...]

31 07, 2019

Handling Patient Reviews in a HIPAA Compliant Manner

2019-07-31T10:07:19-04:00July 31st, 2019|

When choosing a new doctor many prospective patients look to previous patient reviews to determine if they should schedule an appointment with that practice, or go another direction. Additionally, providing testimonials on your practices website can be a key differentiator. Although reviews and testimonials can be great marketing tools for a doctor’s practice, it is important to keep HIPAA’s Privacy Rule in mind before you post anything.  HIPAA’s Privacy [...]

30 07, 2019

Data Breach Lasting 7 Months Exposed the PHI of 501 Individuals

2019-07-30T10:03:33-04:00July 30th, 2019|

Communities Connected for Kids (CCK), a florida-based organization that provides coordination and oversight of the child-welfare system, recently discovered a hack that lasted 7 months. In March 2019, one of CCK’s vendor’s noticed suspicious activity in one of its databases, and reported the incident to CCK. Subsequently, the CCK hired a third-party forensic investigation team to look into the matter. Through the investigation, it was discovered that an unauthorized [...]

29 07, 2019

The Difference between HIPAA Risk Analysis and Gap Analysis

2019-08-14T13:15:06-04:00July 29th, 2019|

The terms “HIPAA risk analysis” and “HIPAA gap analysis” are commonly confused because they sound the same, and embody similar concepts. However, the two activities are unique, involve processes that are distinct from each other, and target different components of HIPAA compliance - so it’s important to avoid confusing them. What is a HIPAA Risk Analysis? A HIPAA risk analysis is required under the HIPAA Security Rule. [...]

26 07, 2019

Is WordPress HIPAA Compliant?

2019-08-14T13:22:27-04:00July 26th, 2019|

WordPress makes it easier for those without website development knowledge to create their own websites. Having a website that current or prospective patients can view is a key component to running a successful business. However, if you’re a covered entity or healthcare vendor, you need to make sure that the web developer and content management system (CMS) you are using for your site is HIPAA complaint. As WordPress is one [...]

25 07, 2019

HIPAA Audits: 3 Lessons Learned

2019-07-25T13:35:01-04:00July 25th, 2019|

The Health Insurance Portability and Accountability Act (HIPAA) dictates healthcare standards for how protected health information (PHI) is handled and safeguarded. The Department of Health and Human Services (HHS) estimates that 70% of organizations are not HIPAA compliant. There’s a lot of confusion on who needs to be HIPAA compliant, but the easiest way to explain this is if you are dealing with PHI in any capacity, you need [...]

24 07, 2019

Double Trouble: Indiana Engineering Company Hit with Federal AND Multistate Data Breach Fines

2019-07-24T10:34:59-04:00July 24th, 2019|

Medical Informatics Engineering, Inc. (MIE) is an Indiana-based company that develops and offers solutions enabling the exchange of electronic protected health information (ePHI). In May of 2019, the company paid the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) $100,000 to settle potential HIPAA Privacy Rule and Security Rule violations.  The events causing the violations are now commonplace: MIE had discovered suspicious activity on one [...]

23 07, 2019

Lack of Access Management Results in GDPR Fine

2019-07-23T13:49:30-04:00July 23rd, 2019|

Similar to the United States’ HIPAA law, the General Data Protection Regulation (GDPR), enacted in 2016, protects Europeans’ personal data. The GDPR requires many of the same safeguards in regards to the handling of protected health information (PHI), one of which is security controls. Employee Snooping Causes GDPR Fine In the Netherlands, a $516,000 fine was issued as a result of an employee accessing the file of a famous [...]