MSP Security Rule Compliance

A managed service provider (MSP) is an entity that remotely manages a covered entity’s  IT infrastructure, and/or end-user systems. Managed service providers who work with clients in the healthcare sector must comply with the HIPAA Security Rule.  Under the HIPAA Security Rule, MSPs must perform a security risk analysis. What Does MSP Security Rule Compliance Consist of? MSP Security Rule compliance has several components. One [...]

2022-05-06T13:36:53-04:00January 7th, 2020|

HIPAA Security Rule: Risk Analysis Review and Updating

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing [...]

2022-05-06T13:36:53-04:00December 24th, 2019|

Updated HHS SRA Tool Issued

In 2011, the Department of Health and Human Services (HHS), the federal agency for enforcing HIPAA, issued a Security Risk Assessment (SRA) tool through its Office for Civil Rights (OCR). In 2019, after several updates, OCR is offering its newest updated HHS SRA tool, version 3.1. The updated HHS SRA Tool contains several features that the prior tools did not contain. What is the Updated HHS SRA Tool? [...]

2022-05-06T13:36:54-04:00November 18th, 2019|

HIPAA Compliant Laptops

HIPAA regulations require healthcare organizations and individual care providers to take measures to keep patient data secure. Failure to do so can result in fines, if an organization suffers a breach of unsecured PHI.  The HIPAA Security Rule requires that mobile devices be rendered secure. Security Rule requirements needed for HIPAA compliant laptops are discussed below. What is a Security Risk Assessment? The [...]

2022-05-06T13:55:41-04:00November 13th, 2019|

HIPAA Security Risk Analysis: Wrapping it All Up

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a [...]

2022-05-06T13:36:54-04:00September 25th, 2019|

HIPAA Security Risk Analysis Step 6: Determining the Level of Risk to ePHI

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2022-05-06T14:25:56-04:00September 23rd, 2019|

HIPAA Security Risk Analysis Step 5: Determining the Potential Impact of Threat Occurrence

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a [...]

2022-05-06T14:25:56-04:00September 17th, 2019|

HIPAA Security Risk Analysis Step 4: Determining the Likelihood of Threat Occurrence

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2022-05-06T13:36:54-04:00September 10th, 2019|

HIPAA Security Risk Analysis Element 3: Assessing Current Security Measures

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a [...]

2022-05-06T13:36:54-04:00September 3rd, 2019|

HIPAA Security Risk Analysis Element 2: Identifying and Documenting Potential Threats and Vulnerabilities

The HIPAA Security Rule requires covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction) and business associates to implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2022-05-06T13:36:55-04:00August 23rd, 2019|