HIPAA Antivirus Software

The HIPAA Security Rule contains administrative safeguards in the form of security standards. One of these standards requires covered entities and business associates to implement a security awareness and training program for all workforce members. Implementation consists of (among other activities) developing procedures for guarding against, detecting, and reporting malicious software. The government has not “certified” any particular antivirus software program as the “HIPAA Antivirus [...]

2022-05-06T14:38:19-04:00November 5th, 2019|

19,500 UAB Medicine Patients Affected by Healthcare Phishing Attack

The University of Alabama (UAB) Medicine is the latest victim of a healthcare phishing attack, affecting 19,500 patients. A phishing attack occurs when a hacker disguises themselves as a trusted entity, prompting email recipients to click on a malicious link, allowing unauthorized access to their system. Healthcare phishing attacks have become more prevalent as protected health information (PHI) is more valuable on the darkweb than [...]

2022-05-06T14:38:19-04:00November 1st, 2019|

HIPAA Firewall Controls

The HIPAA Security Rule and HIPAA Firewall Controls Under the technical safeguard requirements of the HIPAA Security Rule, covered entities must implement policies and procedures to protect electronic protected health information (ePHI) from improper alteration or destruction. HIPAA firewall controls are used to provide such protection. Proper firewall use can help to ensure that a covered entity’s network does not fall victim to unauthorized access [...]

2022-05-06T14:38:19-04:00October 24th, 2019|

HIPAA Cybersecurity – Zero Day Exploits

Covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction) and business associates must comply with the HIPAA Security Rule. They must do so by developing security safeguards that protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic [...]

2022-05-06T14:38:20-04:00October 14th, 2019|

HIPAA Cyber Security – Advanced Persistent Threats (APTs)

Covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates must comply with the HIPAA Security Rule by developing security safeguards that protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic [...]

2022-05-06T14:38:20-04:00October 1st, 2019|

HIPAA Security Risk Analysis: Wrapping it All Up

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a [...]

2022-05-06T13:36:54-04:00September 25th, 2019|

HIPAA Security Risk Analysis Step 6: Determining the Level of Risk to ePHI

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2022-05-06T14:25:56-04:00September 23rd, 2019|

Emergency Access Procedures Under the HIPAA Security Rule

Under the HIPAA Security Rule, covered entities (CEs) and business associates (BAs) are required to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). The Security Rule technical safeguards contain a series of standards whose requirements CEs and BAs must meet. Under the first of these standards, the Access Control standard, covered entities and business associates must [...]

2020-10-26T16:34:33-04:00September 20th, 2019|

Automatic Logoff Procedures Under HIPAA

Under the HIPAA Security Rule, covered entities (CEs) and business associates (BAs) are required to implement appropriate technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). The Security Rule technical safeguards contain a series of standards whose requirements CEs and BAs must meet.  Under the first of these standards, the Access Control standard, covered entities and business associates must, [...]

2020-10-26T11:33:21-04:00September 13th, 2019|

HIPAA Security Risk Analysis Step 4: Determining the Likelihood of Threat Occurrence

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2022-05-06T13:36:54-04:00September 10th, 2019|