The HIPAA Security Rule has a set list of requirements for covered entities to adhere to, all of which aim to ensure that organizations housing sensitive personal health information (PHI) are able to secure themselves against potential hackers. One of the conditions for being considered HIPAA compliant is to identify and protect against reasonably anticipated threats. 2017 was a year full of international cyber attacks, which heavily affected health care functions worldwide. Consequently, a new tactic that emerged and is currently being adopted by a growing number of healthcare entities is the use of military war-games to test the strength of cyber security barriers. This consists of a simulation of events that are controlled by the players in the game (in this case, hackers VS defenders).

[Read More]

Even though HIPAA awareness and training is in abundance all across the US, the Department of Health and Human Services received 1,996 breaches in only the first half of 2017. It seems that no matter how hard organizations try, they continue to fall victim to breaches and attacks and do not take sufficient corrective measures to avoid future issues. In response, we have compiled a list of some of the most important lessons learned from 2017 HIPAA violations:

[Read More]

Presence Health, a healthcare network based in Illinois, earlier in 2017 acceded to pay a $475,000 fine after not reporting a breach of unsecured protected health information in a timely fashion. Officials of the Office for Civil Rights (OCR) are noting that the length of time it took Presence to report the breach was not in accordance with HIPAA standards. This action represents the first HIPAA enforcement by the OCR on a healthcare provider for lack of timely notification of a breach.

[Read More]

The number of breaches of unsecured protected health information (PHI) on record in the United States is over 2000 and counting. Significantly, these records only cover breaches affecting 500 or more individuals. One can only wonder how many more breaches have occurred on a smaller scale. The types of breaches range from theft and hacking, to improper disposal and unauthorized access as a result of negligence. Such incidents can be avoided if covered entities (companies involved in healthcare) ensure that all of their business associates are secured. There are many reasons why it is important to have secure business associates. Being aware of these reasons may prompt covered entities to take the necessary measures to protect their clientele's information:

[Read More]

For healthcare organizations, remaining HIPAA compliant can be both necessary and challenging. In the United States, healthcare organizations are required to abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This act provides guidelines pertaining to the handling of patient information across a number of platforms.

In an article by Kristen Lee, titled Q&A: The main reason healthcare organizations violate HIPAA, an interview is conducted with Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital in Trinidad, Colorado. It is within this interview that Archuleta recommends two important items that can ensure HIPAA compliance:

[Read More]

In the United States, healthcare organizations are required to abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This act provides guidelines pertaining to the handling of patient information across a number of platforms. When healthcare organizations are looking for cloud solutions to manage their data, ensuring that it is HIPAA compliant is a necessity.

[Read More]

Long gone are the days when healthcare organizations could not trust cloud security to manage their protected health information. In fact, healthcare organizations are increasing their dependence on cloud technology. What had begun as cloud deployment on back office applications has now expanded into an end-to-end solution that includes analytics and patient facing tools, among many others.

[Read More]

The Health Insurance Portability and Accountability Act (HIPAA) was established in the U.S. in 1996 to protect an individual's personal health care information. Healthcare institutions are required to meet all standards and comply with the appropriate security measures in order to safeguard patient data. These standards became enforceable by law on 21 April, 2005.

[Read More]

The Health Insurance Portability and Accountability Act (HIPAA), which passed in Congress in 1996, outlines protection and security standards for health care data. Although this was passed twenty years ago, it is still very much relevant to companies today. A new acronym you may have heard recently is HITRUST, or the Health Information Trust Alliance. Many are under the impression that HIPAA and HITRUST are at odds with each other and fail to understand how the two are related.

[Read More]