It’s standard practice to remind your patients to schedule an annual checkup.  As a healthcare provider, you should do the same for your business.  Don’t worry or feel overwhelmed at the thought of it! Many of the questions will be the same: what’s working, what isn’t, and what would you do better in the new […]

Introduction As technology booms, healthcare has become increasingly reliant for patient care, record-keeping, and communication. While this digital transformation has brought many benefits, it has also made the healthcare sector a prime target for cyberattacks. Protecting patient data and ensuring the integrity of healthcare systems is of paramount importance. To stay ahead of cyber threats, […]

Introduction: “You’ve been breached”: three words that no business owner ever wants to hear, but for which they should be prepared. Data breaches have become an unfortunate reality for many organizations, especially those in the healthcare industry. Protecting sensitive patient information is not just a matter of compliance; it’s a crucial component of maintaining trust […]

Introduction In a world where health records are considered 50 times more valuable than credit card information on the dark web, the OCR’s basic requirements are no longer sufficient on their own. Covered entities and business associates need comprehensive solutions and cybersecurity training to avoid data breaches and safeguard their patient data. Like pediatrics and […]

Introduction Navigating HIPAA can be an intimidating process, from finding information to documenting completed requirements. According to the training page of the OCR’s website: “The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized […]

Maintaining HIPAA-Compliant Communication Amongst Colleagues Let’s Talk About Oral Privacy In such an intense and impactful field, it’s completely understandable that healthcare professionals often find themselves wanting to share experiences or seek support from colleagues. However, they must navigate a delicate balance due to the stringent regulations imposed by HIPAA. While the spotlight often shines […]

Common Mistakes & Best Practice Recommendations In the fast-paced world of healthcare, safeguarding patient privacy remains paramount. Yet, despite the diligence exercised in patient care, one area where vulnerabilities persist is record disposal. From the cluttered file rooms to the maze of electronic data, mistakes are made that can jeopardize sensitive patient information. In this […]

A Comprehensive Guide Welcome to 2023, where cybersecurity is not just an IT concern, but a vital aspect of business continuity. For small and medium healthcare organizations (SMBs), the stakes are high when it comes to data breaches and ransomware attacks. The consequences can be devastating, with costs exceeding $250,000 for recovery, investigations, customer notifications, […]

IT Experts Fall Victim to Cyberattack Last week, CloudNordic, a prominent Danish cloud provider, became the victim of a devastating ransomware attack. This malevolent intrusion sent shockwaves through the IT company as cybercriminals encrypted their servers, grinding all operations to a halt and endangering the integrity of both company and customer data. Remaining Calm and […]

The Year-Round Commitment to SRA Recommendations A Pillar of HIPAA Compliance As a covered entity or business associate, protecting sensitive patient information is not just a priority—it’s a legal and ethical obligation. HIPAA stands as the guardian of patient data, ensuring its security, privacy, and confidentiality. One of the cornerstones of HIPAA compliance is the […]

5 Vital Plans Every Covered Entity and Business Associate Should Have in Place With cyberattacks and data breaches on the rise in healthcare, safeguarding sensitive information has become paramount for organizations. For covered entities and business associates, proactivity is key to maintaining the integrity and confidentiality of data. Here are five essential plans that every […]

Social engineering attacks involve manipulating individuals into divulging confidential information, providing unauthorized access, or executing actions that compromise the security of systems or data. Attackers exploit psychological and emotional factors to exploit employees’ trust and manipulate them into performing actions that put the organization’s sensitive information at risk. Small healthcare businesses are under a heightened […]

The healthcare industry relies heavily on technology to store, manage, and access patient information. And one fundamental aspect of protecting patient information is using strong passwords or passphrases in line with the National Institute of Standards and Technology (NIST) guidelines. The Significance of Strong Passwords Passwords act as the first defense against unauthorized access to […]

In response to the growing use of online tracking technologies in healthcare, the HHS Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) have issued a joint warning to hospital systems and telehealth providers about the potential threats these tracking technologies pose to patient data security. The Importance of Compliance HIPAA was enacted […]

The healthcare industry has witnessed the integration of technology into many different aspects of patient care and management. The Amazon online community has stepped into this domain with the introduction of Amazon Clinic. While an innovative healthcare solution, it raises questions about its adherence to HIPAA (Health Insurance Portability and Accountability Act) compliance, a crucial […]

It’s finally here! After months of racking up your cart with all the therapy materials, prize reinforcements, and other office odds and ends, it’s time to check out. What you may not have considered is that cybercriminals have also been waiting in anticipation of Prime Day. The increased online activity and sense of urgency are […]

A recent investigation by the Office of Civil Rights (OCR) alleges that several security guards from Yakima Valley Memorial Hospital impermissibly accessed the medical records of 419 individuals.  This incident highlights the importance of maintaining strict protocols and vigilant oversight when it comes to safeguarding sensitive patient information.  The details involving the hospital security guards […]

What is a security risk assessment (SRA) and how can it help your healthcare business? The protection of sensitive patient information and the integrity of critical systems is of paramount importance to any business. With the increase in cybersecurity threats, taking a proactive approach to security measures is far more ideal than being reactive to […]

Recent research conducted by Arete and Cyentia Institute sheds light on the ransomware landscape within the healthcare sector. The study reveals that healthcare organizations are more likely to pay ransoms than other industries. Additionally, the report highlights the low adoption of multi-factor authentication (MFA) and emphasizes the need for improved cybersecurity measures in the healthcare […]

  Simplifying HIPAA compliance for Covered Entities with HIPAA regulations can be complex and challenging for covered entities.  Failure to meet the requirements can lead to severe penalties and reputation damage. This is where we come in. Here are some of the ways that HIPAA Secure Now can help healthcare businesses: Annual Risk Assessment: We […]

HHS Releases Report to Increase Language Access for Persons with Limited English Proficiency Language barriers can pose significant challenges when it comes to delivering quality healthcare to individuals with limited English proficiency (LEP). Recognizing the importance of language access in healthcare settings, the U.S. Department of Health and Human Services (HHS) has recently released a […]

The Office for Civil Rights (OCR) 90-day transition period commenced on May 12, 2023. As a HIPAA compliance company, we understand the importance of staying up-to-date with regulatory changes. Let’s delve into the transition period and its significance, and provide guidance on how your organization can ensure seamless compliance in this evolving landscape. Understanding the […]

A recent incident involving Arkansas-based MedEvolve serves as a reminder of the consequences that arise from the mishandling of PHI and the importance of healthcare businesses ensuring that they and their business associates are HIPAA compliant. The HIPAA Violation On May 16, 2023, the HHS Office for Civil Rights announced the resolution of a HIPAA investigation […]

As a healthcare provider, you are familiar with the Public Health Emergency (PHE) declaration that has been in place since the beginning of the COVID-19 pandemic. This declaration has provided a number of flexibilities and protections for healthcare providers, including increased telehealth access and relaxed HIPAA requirements. Approaching Deadline On May 11, 2023, the PHE […]

As technology continues to evolve, so do the ways in which dental practices communicate with their patients. Text messaging has become a popular method of communication, providing convenience and efficiency for both patients and dental staff. However, it is crucial that any communication is done in a secure and HIPAA-compliant manner. Our team of HIPAA […]

When it comes to HIPAA compliance, it’s easy to feel as if you’re being pulled in a million different directions at once. In part, this could be due to the fact that there are 4 different rules that go into HIPAA: the Privacy Rule, the Security Rule, the Breach Notification Rule, and the Omnibus Rule. […]

While it’s easy to get caught up in the many, many words of policies and procedures, how your space physically looks and functions are just as important. Physical safeguards play a vital role in achieving HIPAA compliance and keeping sensitive data out of the wrong hands.  Let’s look at six physical safeguards that every healthcare […]

Let’s discuss the most bustling room in your healthcare practice- the waiting room. Whether it’s parents waiting for their children to finish their sessions, patients who arrive super early, or you’re having one of those running-behind days, having a HIPAA-compliant space is crucial to maintain patient privacy and security. So, what can you do to […]

Healthcare businesses are increasingly reliant on technology to manage patient information, conduct financial transactions, and communicate with staff and patients. While technology has many benefits, it also presents significant risks, including the threat of cyberattacks.  One of the most common types of cyberattacks is phishing when an attacker impersonates a trusted individual or entity and […]

As a HIPAA-covered entity, it is crucial to understand the importance of protecting the privacy and security of patient personal health information (PHI). And a recent surge in litigation serves as a reminder that healthcare organizations must take adequate measures to safeguard PHI. Recent Cases In one recent case, a healthcare provider was sued for […]

. In healthcare, it is crucial to ensure the security and privacy of electronic health records and all patient data with security policies.  HIPAA provides guidelines for healthcare organizations and covered entities to follow in order to maintain the confidentiality, integrity, and availability of patient health information PHI, or ePHI. What are some of the […]

The Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing and protecting civil rights and privacy rights in the healthcare industry. With the increasing number of complaints and reviews regarding the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act, the […]

Undoubtedly, and whether you’re in healthcare or not, you’ve paused when writing or typing ‘HIPAA’.  Is it HIPPAA? HIPPA?  What does it stand for?  We find that the P trips most people up more often than the rest. It’s something about ‘patient’ right? Not exactly, so let’s learn more about that P and what it […]

The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services is responsible for enforcing compliance with the Health Insurance Portability and Accountability Act (HIPAA). As part of its mandate, the OCR annually releases a report on data breaches in the healthcare industry. The most recent report, which covers the year […]

Data privacy and cybersecurity are paramount concerns for individuals and organizations alike. The Health Insurance Portability and Accountability Act (HIPAA) and cybersecurity standards are in place for both. It’s common to confuse the two critical healthcare business components as the same thing – yet they are very different.  While both HIPAA compliance and cybersecurity address […]

Valentine’s Day is here.  Romance and love are in the air. It’s also a good time to remind your patients to protect their hearts in a different way.  It’s the time of year when we express our love and affection for one another. That may often be with gifts, cards, and romantic gestures. However, this […]

Artificial intelligence (AI) is rapidly transforming many industries and healthcare is no exception. With the advent of AI, healthcare businesses may face different threats to their cybersecurity. As a result, they could find their business in possible violation of HIPAA rules and regulations. There are also important ethical and privacy concerns associated with the use of […]

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that was enacted in 1996 to protect the privacy and security of individuals’ health information. It established requirements for covered entities, such as healthcare providers, insurance companies, and healthcare clearinghouses, to implement reasonable and appropriate administrative, physical, and technical safeguards to protect electronic […]

This week is Data Privacy Week.  This international effort to encourage respect for privacy is encouraged for all industries, but in healthcare, it’s essential. Data privacy in healthcare is a critical issue that affects not only patients, but also healthcare providers, insurers, and researchers. The sensitive nature of personal health information (PHI) and the potential […]

Necessary Technology As technology advances, more healthcare providers adopt digital technologies.  Therefore, HIPAA compliance in regard to text messages and chat services becomes increasingly important. The HIPAA Privacy Rule was created to protect the privacy of personal health information (PHI). And that includes PHI that is transmitted via text message or other electronic messaging services. […]

In today’s digital world, it has become increasingly important to protect healthcare organizations from cyber threats. With the rise of medical data breaches and ransomware attacks, there has never been a more pressing need for healthcare organizations to take their cybersecurity measures seriously. Let’s take a look at why cybersecurity is so critical in the […]

Social Security Scam Alert The beginning of the year provides a new opportunity to scam people. Scams that center around the annual updates and renewals of programs and policies like Social Security are one of the most reported to the government. Be sure to advise your patients that if they are in receipt of Social […]

Let’s wrap up 2022 with some end-of-year tasks you’ll want to check off of your list if you’re in the business of healthcare! Training Program HIPAA compliance requires a training program.  This means ensuring that your existing staff has completed their training annually and making sure that any new hires have been trained as well. […]

AI in Healthcare Artificial Intelligence, or AI, is increasingly used in healthcare.  This can be seen in the form of machine learning which assists in detecting patterns, diseases, learning technologies, and more options to assist with patient care. Though not a failsafe, it can offset the risk of medical errors and allow for treatment that […]

HIPAA & Tracking Technologies Tracking technologies such as Google Analytics and Meta Pixel are designed to collect and analyze user data for online activity.  The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently issued a notification regarding these and the obligation to HIPAA from the covered entities […]

A security risk assessment must be conducted to maintain HIPAA compliance per the Security Rule.  A security risk assessment is also referred to as an SRA.  It is a requirement for government plans such as Medicare, Obamacare, and Medicaid.  It is also required for individual health care plans and employer-sponsored plans. Where to Start Identify […]

The annual open enrollment period for healthcare insurance provides another opportunity for scammers to take advantage of. From gathering personal information to receiving payments for non-existent plans, criminals will try nearly anything to score. The signs of a scam aren’t always easy to spot. Here are some of the tactics that consumers should be on […]

Amazon has launched its latest venture in healthcare with Amazon Clinic. This virtual care platform will provide services and support for nonurgent health and lifestyle needs.  This was created with the goal of providing users with easy access to care that allows them to “skip the waiting room.” Treatments This virtual healthcare service will provide […]

The HIPAA Administrative Simplification provisions are in place to provide consistency in electronic communications within healthcare for Protected Health Information (PHI).  These mandate the usage of standard transactions, code sets, and identifiers for the United States healthcare system. Who Must Comply? The most common organizations which must comply are healthcare clearinghouses, healthcare providers, and health […]

Having an asset management plan is essential to your healthcare business.  Similar to how you’d want a list of your household items for insurance coverage in the event of theft or loss, you need to know the details and access them quickly. Especially if an item goes missing or breaks.  It is likely that your […]

The HIPAA Security Rule includes requirements for a security incident response plan that are important to know especially as the number of reported data breaches continues to rise. The Data Check Point Research provided a mid-year report on cyber attack trends that indicated a 69% increase in targeted healthcare data breaches between 2021 and 2022.  […]

As we wrap up National Cybersecurity Awareness Month, we’re going to take a look at the importance of protecting your physical devices.  The panic that sets in when you misplace your phone or laptop is overwhelming.  But that feeling is amplified if that device contains patient information or access to it. When we mention your […]

As we continue into National Cybersecurity Awareness Month, this week we focus on social media.  Why does what you do in your personal life matter in your professional world?  Aside from the possible personal implications, the risk to your cybersecurity also exists. How Hackers Work A cybercriminal knows how to gain access to your trust.  […]

Phishing is one of the biggest threats to any business or individual. With October being National Cybersecurity Awareness Month, we thought we’d explain what it is, why it is dangerous, and how to avoid falling for it, which are all critical to staying safe. What is Phishing? Officially, phishing is defined as the practice of […]

The HIPAA Security Rule mandates that covered entities must conduct a security risk assessment or SRA.  This includes health care plans for individuals, government plans (Medicare, Medicaid, Obamacare), and employer-sponsored plans.  Providers that conduct electronic health care transactions must comply with the Security Rule.  This means conducting an SRA.  It is recommended that this occurs […]

The HHS Office for Civil Rights (OCR) has announced resolutions regarding three HIPAA violation investigations.  These settlements result from a years-long emphasis on enforcing this regulation by the OCR.  There were three dental practices that were given fines with regard to the potential violation of the HIPAA Privacy Rule’s patient right of access. Recently appointed […]

What Are the Most Common Healthcare Breaches? When it comes to protecting your business, the approach needs to extend beyond the locks on the doors.  Cyber threats are the highest risk to your patient and data security.  So what are the most common healthcare breaches that you should be on the lookout for regularly? Ransomware […]

Is Your Trash a HIPAA Violation? In the case of the New England Dermatology and Laser Center (NEDLC), their trash was a violation.  And a costly one with a $300,640 fee attached.  A security guard found a container with identifying information on the attached label.  As a result, an investigation by the Department of Health […]

Healthcare businesses need to be aware of the requirements that come with a cybersecurity insurance policy. In a world of online profiles, splashy websites, and great social media campaigns, businesses can misrepresent themselves in more ways than one.  A great photo of your team or a full biography may help create patient trust, but it […]

HIPAA Compliant Chat Being available to your patients 24/7 isn’t practical for most healthcare practices.  Chat services can provide a response option or even resolution until normal business hours resume.  Additionally, chats can offer initial patient care or registration services.  As a HIPAA-covered entity or business associate, you must consider compliance when offering this service. […]

An Indirect Hit The NHS, or National Health Service, is the publicly funded healthcare system for the United Kingdom. They are supported by Advanced who is a managed service provider (MSP). Healthcare companies may outsource their IT departments to other companies to manage the cybersecurity and technical aspects of the business. This allows them to […]

Portability in HIPAA There are many aspects of HIPAA.  And sometimes there isn’t a clear understanding of what it covers.  We also find that it is the “P” that often trips people up.  Because of the strong emphasis on confidentiality, security, and safe handling of information, there is an assumption that the word Privacy is […]

Health Care Cybersecurity Update on Guidance The National Institute of Standards and Technology (NIST) has provided updated guidance for the health care industry.  Designed to help with electronically protected health information (ePHI), they have created a new draft titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special […]

This year marks the 32nd anniversary of the signing of the Americans with Disabilities Act, known as ADA.  This Act is in place to prohibit discrimination against any qualified individual.  As outlined on the ADA National Network site, it ‘is a civil rights law that prohibits discrimination against individuals with disabilities in all areas of […]

Are you familiar with the European Union (EU) regulation of GDPR?  There may be some confusion over this policy and those who believe it to be the counterpart to the United States’ HIPAA regulation.  While there may be some overlap, they are not the same. As a US-based business that is a covered entity or […]

The Office for Civil Rights (OCR) isn’t offering leniency just because you’re a small business.  Action will be taken, despite the impact that a HIPAA fine can have on this sector of healthcare. And as eleven recent investigations prove the point, many of those were small practices.  This brings the total to 38 enforcement actions […]

What is a Certificate of Need? A certificate of need, or CON, is a legal document that is required for the construction of a new healthcare facility.  It regulates the healthcare system by requiring approval from regional governments.  However, there are variations within the 35 states and Washington D.C. that need them. What Do They […]

API Adoption and Healthcare  Healthcare faces threats from cybercriminal activity at rates that continue to rise. The patient data that they access and maintain is valuable on the dark web in more ways than one. It can be an access point for a greater breach and then used to manipulate or steal identities and attack […]

Healthcare Breaches on the Rise Don’t shy away from this headline, healthcare businesses cannot put their head in the sand or look the other way when it comes to establishing a strong cybersecurity program.  For many, the focus has been on HIPAA compliance.  This consumes resources both in the workforce and funding.  It has also […]

HIPAA and Audio-Only Telehealth The Department of Health and Human Services (HHS) put clarity recently on how the HIPAA Security Rule applies to telephone technologies.  In the case of telephone lines that are traditional landlines, the rule does not apply.  But it does apply to mobile technologies that utilize electronic media such as WIFI. What […]

Exceptions in a HIPAA Breach In 2007 the Guide to Medical Privacy Law was published.  It indicated that on multiple occasions hospitals, EMT services, schools, and other public agencies were incorrectly withholding news out of a fear of violating HIPAA policy.  Often, there isn’t a clear understanding as to what constitutes exceptions to HIPAA and […]

The traditional way to see your healthcare practitioner was to call the office, schedule an appointment and when the time came, go to the office for your visit.  You’d get there and then open the front door to attend your appointment. Like nearly everything, time, and our increased electronic footprint have brought change to that […]

Whether a change in your business structure came about from the pandemic, or it just makes more sense for your team, remote work is the norm for many more professionals today than it was in years past. If you’re in healthcare, this means that you need to factor in the HIPAA component as well as […]

The HIPAA Omnibus Rule was established to identify and further outline accountability within the entities of healthcare regarding patient data.  To understand the HIPAA Omnibus Rule and how it affects these entities, we need to understand who and what are the “moving parts” that make up the operation.  Once we recap these key components, we’ll […]

18 HIPAA PHI Identifiers HIPAA regulations are in place to ensure that you protect and secure the patient data that as a healthcare business, you have access to and collect.  The Department of Health and Human Services (HHS) has identified 18 patient identifier categories as it pertains to their guidance on satisfying the safe harbor […]

Good Intentions Your workday in your healthcare business may start out with a clear plan of what you have ahead – you have your task list and work items to get through.  But when it comes to cybersecurity, we need to be made aware of things in a timely and efficient manner.  It may be […]

“We’re being audited!” Those words strike fear and uncertainty in most of us – especially if you are in healthcare. But what actually happens in a HIPAA audit?  Will a government official show up unannounced with a briefcase and ask for you to produce every bit of your business’s HIPAA documentation while sequestering your team […]

The process of assessing your business when it comes to HIPAA Compliance will likely present you with the opportunity to review all the components that contribute to your professional structure and setup.  This will likely include a website. Does a Website Fall Under HIPAA Regulations? If a website is used to collect and process protected […]

The Cybersecurity Program within the Department of Health and Human Services (HHS) came out this week with a strong warning for healthcare organizations about an “exceptionally aggressive” ransomware group that is targeting them. The Hive ransomware group is financially motivated and uses various methods to target organizations including phishing and attacking remote access/VPNs. They encrypt and steal data […]

Recently we went over the role of the HIPAA Privacy Officer and what responsibilities that individual would oversee, as well as what qualifications an ideal candidate would bring to the position.  Additionally, HIPAA Regulations require that you formally identify a Security Officer in addition to a Privacy Officer, but they can be the same person. […]

Under the HIPAA Privacy Rule, there must be one individual who is identified as the Privacy Officer.  What does that mean?  Is it a paid job?  What are the requirements?  Are they the ones who will be accountable in the case of a violation or if a data breach should occur? Every covered entity and […]

Many people in healthcare make the incorrect assumption that their business won’t be a target for cybercriminals because they are “just a one-man show” or “aren’t part of a big network”.  Neither way of thinking is wise, because when a cybercriminal is trying to compromise data or an entire network, every organization is valuable, and […]

Are you familiar with the IoT or the Internet of Things?  This is the term that is applied to objects that are connected via the internet to collect and transfer data without any human interaction or intervention.  This includes items like your smart television or even a refrigerator that is connected to an app on […]

Healthcare professionals are gatekeepers to a variety of confidential information about their patients and the businesses that they work for, and for this reason, they are a highly coveted target by cybercriminals. Being on guard and alert all year is critical when you are overseeing the Protected Health Information (PHI) of your patients. Be aware, […]

In your home, it is likely that you have at minimum a pile of paperwork and records that you’ve held onto “just in case you need it” for a possible tax audit, warranty, to make a return, or several other random reasons you’ll need to reference it in the future.  No one ever seems to […]

What Is MFA? Multi-Factor Authentication, or as it has become commonly known, MFA, is the practice of “doubling down” on your login security.  You are using Multiple (more than one) Factors (ways or methods) to Authenticate (verify) your identity when you access an account.  When you hear the term 2FA, this means that you need […]

Even though telephone conversations and answering machines are considered outdated or passe to some people, it remains necessary to sometimes leave a message for the intended call recipient. In healthcare, voice messages are often necessary for appointment reminders, follow-up calls, and communication to patients.  Within the realm of HIPAA, what are you allowed to say? […]

The Health Insurance Portability and Accountability Act, or as it is commonly known as HIPAA, was created to set standards nationally. These are in place to protect the personal health information and medical records of individuals as well as give them access easily. As the March 1st deadline for reporting a breach draws closer, knowing […]

March 1st, 2022 is the deadline for breach reporting for HIPAA-covered entities and their business associates – and the date is fast approaching! The HIPAA Breach Notification Rule requirement means that HIPAA-covered entities, as well as any of their business associates, notify the appropriate parties, including the Office for Civil Rights (OCR) Secretary of Health […]

An astronomical increase of 450% would be a wonderful thing if we are talking about revenues or productivity.  But when it comes to COVID-19 related phishing attacks, that percentage in the jump of attacks from 2019 to 2020 is staggering – and a serious issue that needs to be addressed. According to the ForgeRock 2021 […]

It’s fast and easy, and you can often work more efficiently with an email exchange than if you must make phone calls or schedule appointments to discuss patient care.  But where does that exchange fall when it comes to HIPAA compliance? The HIPAA Security Rule introduced several requirements to consider before an email can be […]

In simple summary, a Business Associate Agreement (BAA) is a legal contract that exists between a Covered Entity and a Business Associate who comes into contact with Protected Health Information (PHI). Sometimes called a Business Associate Contract, it is critical and required to maintain HIPAA compliance. With the main bulk of PHI being stored electronically, […]

What is Phishing? Phishing is the practice of tricking users by imitating reputable companies in order to reveal personal or confidential information which can then be used in a more illicit manner. This is done via a deceptive email or website, and often in a combination of both.  Spear phishing takes the manipulation one step […]

The pandemic pivot that seemed as if it would be temporary a few years ago, those behaviors that redirected how we work and live, is now a seemingly permanent modification.  Remote work, telehealth, and the increasing use of products that are part of the IoT, or the internet of things, have provided us with increased […]

The HIPAA Breach Notification Rule is a requirement put in place that requires HIPAA-covered entities and their business associates to “provide notification following a breach of unsecured protected health information.” The details provide an outline for how healthcare providers, hospitals, and physicians must notify the affected individuals, the Secretary of the U.S. Department of Health […]

Recently the Department of Health and Human Services (HHS) along with the Office for Civil Rights (OCR) issued an announcement regarding extreme risk protection order (ERPO) laws and the disclosure of protected health information (PHI).  This published model was created as a way to provide each state with a framework to consider as they implement […]

As we wrap up another calendar year, getting ready for holiday break means wrapping up more than presents.  Take a moment to go over a few items that you should review to make sure they are done for 2021 or ready to go in the new year. Security Risk Assessment A Security Risk Assessment, or […]

HIPAA Right to Access Initiative is Alive & Well In 2019 we witnessed the Office for Civil Rights (OCR) make it public that they were going to up their efforts when it came to enforcing the rights of an individual to access their health records.  This is known as the HIPAA Right of Access initiative.  […]

No, there isn’t such a rating system, but it might be something to consider. There are many different communication platforms that healthcare providers can use to communicate with each other, such as email, instant messenger systems, and even through social media sites. While these platforms can be very useful for communicating quickly and easily, they […]

Working in healthcare means that you are certainly aware of HIPAA’s existence, but it doesn’t necessarily mean you are the resident expert on what constitutes compliance.  You know what you can or can’t do – generally speaking.  Most likely, you follow the rules as they are explained to you, and don’t deviate much from that. […]

Seasonal Scams in Healthcare We’re entering the time of year that we pause and reflect on what we have to be thankful for, especially this year, as more of us are able to gather in person.  We can stop, slow down, and appreciate what we have.  But this doesn’t necessarily mean a break for those […]

The HIPAA Security Rule requires healthcare providers and their business associates to implement physical, technical, and administrative safeguards to protect the electronic Protected Health Information (PHI) that they utilize. It establishes national standards to protect that information. These standards apply not just to covered entities, but any organization that handles PHI – including subcontractors and business associates.   Administrative safeguards (also called […]

Cloud Hosting & HIPAA Compliance When you think of trends in healthcare, what comes to mind? Maybe it’s a particular EMR system, new machines in the office, ways in which you communicate with patients… the list goes on. One thing is for sure when we think about all the ways that healthcare has changed over […]

Before you buy a home, an inspection is completed as a way of exposing any potential issues to you as a buyer.  This can give you leverage when it comes to purchasing price negotiation since these liabilities can often present risks to you as a resident.  Those risks can come in the form of cost […]

October. That time of year when we have pumpkin spice everything and when tricks, treats, and terrors are given front-page billing.  And for some people, it is the ideal time to binge-watch scary movies on repeat.  We stare at the screen with one eye open, begging the main characters not to go into the woods, […]

The History A trip into any card store or venture onto social media will alert or remind you that there is a holiday for nearly everything.  Who got to decide that April 23rd was National Talk Like Shakespeare Day? Or that Squirrel Appreciation Day would fall on January 21st? Some of them might make you […]

The Federal Trade Commission (FTC) recently released a new policy statement that requires health apps and connected device companies that collect health information to comply with the Health Breach Notification Rule.   Yes, that means those very apps that so many of us use to collect our heart rate, weight, sleep, fertility, height, or any other sensitive […]

The terms protected health information (PHI) and personally identifiable information (PII) are often used interchangeably.  But while they may sound like the same thing, there are differences that set them apart, and that is especially true when it comes to HIPAA. What’s the difference? PII is any information that can be traced to a person’s […]

Recently The HHS Office for Civil Rights (OCR) shared a comprehensive list of resources for any HIPAA-regulated entity to assist them in the prevention, detection, and mitigation of data breaches of protected health information that occurs because of hacking or ransomware. As a covered entity or business associate under HIPAA compliance, an attack on your […]

Accessibility is Here to Stay Health Information Technology (Health IT) is an always evolving realm, with new tools coming to market as fast as we can master the old ones. With the advancement of technology comes a need for new software and security to maintain these systems. This past year has been one example of […]

There was a time when you would walk into any doctor’s office and the sliding walls or file cabinets of patient folders seemed endless.  Guarded like vaults, all the information safely under lock and key.  And in addition to patient data, there is employee data, which likely contained personal and banking records.  The “really” important […]

It’s easy to find a news story with someone misappropriating what HIPAA is, what it means, and what it does.  Most people incorrectly assume how it protects their health records and information from ‘the world at large’.  It does protect private health information, and it was created to allow for easy access to one’s health […]

Bigger business, bigger problems, right?  Not necessarily true when it comes to the cost of a cyberattack within the healthcare industry. A recently published survey brings unexpected results when it comes to comparing large and medium-sized businesses.  Surprisingly, medium-sized businesses are hit with cyberattack costs that are nearly 4x that of their larger counterparts at […]

Patient care in a digital age means that most information is stored electronically.  These records, known as electronic Protected Health Information (ePHI), are collected as electronic health records (EHR) and then stored in a variety of systems.  With the Health Insurance Portability and Accountability Act (HIPAA) in mind, how do you maintain security around the […]

The healthcare industry is always a top target for cybercriminals, but cybersecurity doesn’t always take the top spot when it comes to business concerns or plans in this sector.  While we hear about breaches happening on a regular basis, we don’t seem to act at the same rate.  What are the challenges that healthcare faces […]

As healthcare continues to be a prime target for cybercriminals, understanding what is happening as an employee is equally, if not more, important than just being aware of the risk.  Having insight into how the attack can play out will help you understand the threat and the outcome if a hack occurs. Ransomware is one […]

Cybercrime.  It has become a regular part of the conversation around healthcare.   We are regularly presented with the stats, and we know that the risk is greater for our businesses when it comes to cybercriminal activity.  WHY is that the case?  While some factors may seem obvious, let’s look at some of the other issues […]

This summer many of us are taking long overdue vacations that were put on hold or delayed because of the pandemic.  As healthcare workers, you are certainly due time off – especially after the brunt of COVID-19 was dealt with by your industry. While you’re checking out and hoping that you won’t have to check […]

  As a parent, you might recall the first time that the doctor asked you to leave the room because your “baby is now a teenager” (ugh, cry, sigh…. joy?) and they have a few questions for them that they would like to conduct one-on-one and in private.  Suddenly your brain races, ‘what do they […]

As the Health Insurance Portability and Accountability Act of 1996 (HIPAA), approaches the 25th anniversary of its enactment, we thought we’d look into the history of this game-changer in the healthcare industry. Signed into law by President Clinton on August 21, 1996, this federal statute was enacted to modernize the flow of healthcare information as […]

As a person who works within the healthcare industry, understanding HIPAA is a necessity, even if it is knowing just the basic rules.  These rules and regulations are complex and ever-changing so that they can keep up with the fluid landscape of healthcare, so unless you are an expert, it is unlikely that you know […]

The Background Wolfe Eye Clinic is a healthcare provider located in Iowa. In business since 1919, they specialize in medical eye care and have 11 main eye care clinics across the state, and various other locations that offer treatments. According to their website, they treat approximately 700,000 patients. This seems to be a solid and […]

This month a memo went out from the White House and Cybersecurity and Infrastructure Agency (CISA) to industry leaders that emphasized the threat posed by ransomware within their businesses as well as emphasizing just how important it was to the current administration to prioritize the awareness.  The memo also is putting the responsibility on the […]

June 21st is fast approaching, and to most of us, that means the official start of summer.  But to a group of 178 healthcare workers in Houston, it could mean the end of their employment. We’ve been discussing the various mandates and situations concerning getting the COVID-19 vaccine.  The more public of these scenarios include […]

Far too often, and in just about every industry, those of us who are “in it” assumes that certain aspects of what we know are obvious to the general public. For example, in healthcare, we know the basics of HIPAA and what information can and cannot be shared. This thought came to me again while […]

Whether you choose to get a vaccine for COVID-19, it is your decision.  We aren’t here to provide personal medical guidance or tell you what is right for you.  But with regard to informing you about the healthcare landscape, well, that’s part of our program here at HIPAA Secure Now.  And we would be remiss […]

Meticulous Research released a market research report “Healthcare Cybersecurity Market”, that indicated a number that anyone in healthcare would want to be aware of. They expect that by 2027 – which sounds far off but is NOT – the cybersecurity market within healthcare will reach $26.1billion with a compound annual growth rate (CAGR) of 19.8% […]

The recent attack on the Colonial Pipeline has (hopefully) reawakened any slumbering notion that cybersecurity isn’t everyone’s problem.  Not sure what we mean?  To recap at a high level, a cybercrime group identified as DarkSide hacked Colonial Pipeline’s infrastructure.  As a result, the company acknowledged that they were the “victim of a cybersecurity attack” that […]

While the world is moving to electronic storage as a standard, there are still physical documents within healthcare that need to be protected and fall under HIPAA regulations.  Let’s take a look at how that should be handled. As paper can pile up, how long do you have to store HIPAA documents?  And what do […]

  Your patients arrive in your office with injuries and ailments that threaten their health. You review the situation and prescribe a plan of action and perhaps medication that will remedy the situation at best and alleviate pain or risk as well. You give them a prescription for health. Because that’s what you do. When […]

Many people are getting their vaccines for their own safety, for the general well-being of the public, for their jobs, and some are getting it so that they can safely travel again.  In fact, many people are doing this because they know that they won’t be able to leave their home base if they don’t […]

Telehealth Is Not Everyone’s First Choice With regard to telehealth statistics, we saw a great rise in the number of participants during the past year with COVID-19.  It was a perfect solution for many people, especially if leaving their homes meant putting them in danger due to their high-risk factors linked to the virus. Equally […]

Last week we covered the different ways that social media is playing a role in deploying healthcare messages.  From patient experience to alerting the public about the pandemic, individuals and corporations are taking to the ‘digital airwaves’ of TikTok, Facebook, Instagram, and other platforms to spread awareness and messaging. This sounds like a great idea.  […]

The social media platform TikTok has become a mainstream method of learning dance moves. And some recipes.  And maybe a silly dog video here and there.  But what we didn’t expect it to become was a healthcare platform. No, surgeries aren’t being performed via the application – although we won’t be surprised if and when […]

Fake Supplements Buying a knockoff purse or jersey is one thing, and we can take you down a rabbit hole of “why you shouldn’t do that” that would occupy you for hours.  But when it comes to items you ingest and don’t simply wear, you need to pay attention. Supplementing your healthcare regime with vitamins, […]

Last week, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) announced that there would be a 45-day extension of the comment period for the public with regard to the Notice of Proposed Rulemaking (NPRM) on modifying the HIPAA Privacy Rule that was originally posted in December of […]

A Year of Heroic Feats The healthcare industry has been called to task this year in ways that make them heroic in the eyes of the world.  As a global community, words can’t accurately convey the gratitude they deserve from all of us. Today we’re going to talk about another way, one that is less […]

With healthcare being a top target in the world of cybercrime, it never hurts to do a review every so often of the landscape and of the players in the game. We’ll also take a look at how you might be compromised without even knowing it or suspecting it could happen. A Lay of the […]

With healthcare being a huge target of cybercrime, the immediate concern is likely with regard to how it will coincide with any HIPAA regulation – or revealing any failure to comply.  First thoughts usually go to the business side of a situation. How much will this cost?  Will we be fined?  Will we have to […]

We couldn’t call them fun facts, because there’s really not a lot that one could label “fun” when it comes to HIPAA, but we thought we’d take a look at some of the statistics and facts in a summary fashion. HIPAA, often misspelled HIPPA, stands for the Health Insurance Portability & Accountability Act. This federal […]

With romance in the air for the upcoming Valentine’s Day holiday, we thought we’d shine a light on the ways that HIPAA can be affected by love in the workplace and what rules are in place to address it.  Are there ethical repercussions to dating your doctor?  Can my significant other access my medical records? […]

We have seen the healthcare industry rise to the occasion this past year.  Stepping up in more ways than can be counted and doing so under extraordinary conditions.  Telehealth does offer a viable solution for many people who cannot travel outside of their homes, and at the same time, it offers a safe solution to […]

This week in HIPAA news we are shining a light on two rules that display the spectrum of ‘bending’ from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).  The first, showing flexibility, announced that penalties with regard to HIPAA, as it pertains to the COVID-19 vaccination, will not be […]

In healthcare, we want to assume that we are collectively working to advance medicine and whatever the latest developments are, well we want “in”. What if that development is the COVID-19 vaccine and as it turns out, someone on your team isn’t interested? According to a survey done by the Pew Research Center, not all […]

The office for Civil Rights gathered information at the end of 2020 that is important for any covered entity or business associate that operates under HIPAA guidelines.  Summarized in the U.S. Health and Human Service (HHS) HIPAA Audits Industry Report, this data should be regarded as a useful tool for any business that deals with […]

Ideally, we have a health physical once a year.  We assess what we are doing right, what we are doing wrong, and make modifications to our overall wellness plan as needed.  Hopefully, nothing is wrong, and we can proceed with the usual cautions and goals of maintaining a long and productive life. The same could […]

In our blog earlier this year that provided an overview of 2009’s Health Information Technology for Economic and Clinical Health (HITECH Act) we discussed how this was designed to promote the use of electronic health records (EHR) within the healthcare system and its providers. As is with most things, time goes on and often reveals […]

It hasn’t even been available for a minute and we’re already being warned about scams surrounding the COVID-19 vaccination.  With healthcare being a huge target for cybercrime already, this isn’t surprising. Consumers should be aware of phone calls, text messages, social media links and posts, emails, and even in-person tactics that will be used to […]

The Health and Human Services Office for Civil Rights has proposed changes to the HIPAA Privacy Rule that could be substantial. The Notice of Proposed Rulemaking (NPRM) proposal stated it was to “remove barriers to, coordinated care and individual engagement” and was issued last week. Addressing standards of the rule may limit and/or discourage care […]

We have had quite a year so far in 2020, and if you are in healthcare, you were hit especially hard with something that you likely didn’t adequately prepare to deal with.  However, according to a recent report from Black Book Market Research LLC, the healthcare industry has no idea what could hit them in […]

Can a journalist reveal an individual’s COVID-19 diagnosis or are they in violation of HIPAA laws by doing so? Healthcare and the diagnosis of a person’s well-being are private information in general, but when it comes to reporting, and doing so in a pandemic, suddenly ‘who has what and where are they?’ becomes a matter […]

This week we’re taking a look at the HITECH Act and an overview of what it is and how it relates to HIPAA. Formed in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was introduced as part of an economic stimulus package to promote and expand the awareness and adoption of […]

The human factor is something of huge consideration within the HIPAA and healthcare landscape. With that industry being a huge target already within the world of cybercrime, where do medical devices as well as their manufacturing companies, fall within HIPAA regulations? When the Department of Health and Human Services (HHS) created HIPAA guidelines, there were […]

It Happens Everywhere While the world might still be in varying states of chaos with regard to a multitude of topics, when it comes to HIPAA fines and enforcement of regulations, things are getting back on track. As the global pandemic settled into our daily lives and it became clear that the sharing of information […]

Timing is Everything A data breach within your business. You think it won’t happen, you hope it doesn’t happen, but what if it does happen? What are your next steps? Like most things in healthcare, timing is essential. You need to think quickly and act swiftly during a time when your head might not be […]

The saying goes that you’re never fully dressed without a smile, but the reality for many people today is that you’re never fully dressed until you put on your smartwatch.  Or your phone in your pocket.  Or your health and fitness monitor at the gym.  These component pieces are now standard in our attire and […]

We’re halfway through this year’s Cybersecurity Awareness Month and never has it been more important to make sure that you are informed and making smart cyber choices in both your personal and professional life. With the pandemic providing cybercriminals ample opportunity to take advantage of our uncertainties in many aspects, and with online activity through […]

The story narrative varies slightly from episode to episode, but the outcome is generally the same.  Pay a fine, make a plan, regret not doing this all in the first place.  This isn’t some soap opera or Netflix binge-worthy series; this is real life and the characters are the healthcare industry and Office for Civil […]

Coming in second can sometimes be a good thing. But not when you’re on the receiving end of a HIPAA fine and have to pay out $6.9 million like Premera Blue Cross. The insurer is the largest health plan in the Pacific Northwest, serving more than 2 million people. This fine is the second-largest payment […]

In 2019, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced an initiative that they would make it a priority to enforce an individual’s right to access their health records in a timely manner and at a reasonable cost. This falls under the HIPAA Privacy Rule. While […]

At times, it feels as if we could start every week with this sentence: “There’s a new tactic being used by cybercriminals to trick unsuspecting victims.” And the sophistication level of the new tactics is off the charts. So, what are we dealing with as of late? Well, where should we start… Hidden text is […]

You walk into your healthcare provider’s office and are usually handed a clipboard with papers that need to be filled out, updated, and wrapped up with your signature. We mindlessly take our task to the nearest seat and complete, sign, initial, and update whatever we’ve been given. This information goes into our file and continues […]

Is your practice prepared to securely operate during the COVID-19 crisis? Are you facing new challenges with telehealth, your remote workforce, or with the growing cybersecurity threat to healthcare? Watch this webinar to get instant insight into how your practice can prepare and prevent losing time, money, and your good reputation because of a HIPAA […]

Three universities recently conducted a joint study of participants that aimed to explore their likelihood of being monetarily incentivized to violate HIPAA regulations. The pilot study involved medical residents or individuals in an executive MBA program, with some of those participants already in health care executive roles.  Of the 64 medical students and 32 executive […]

The term “new normal” is something I think we would all enjoy hearing less of at this point.  We’re at a point where this is how we are going to be operating and we need to pause, assess what happened, where we are, and how we move forward. As we reflect back, we know first […]

How many unexpected and unforeseen circumstances can 2020 present us with? Each month we think that we’ve likely seen it all, considered it all, and readied ourselves for whatever comes our way. This year has provided us with plenty to panic over, and many things that we never thought we’d face. Take for example the […]

It’s always nice to get a postcard from friends or family who are away on vacation. But this week we learned of a new kind of postcard being sent out with not-so-well wishes. The Department of Health & Human Services’ (HHS) Office for Civil Rights (OCR) sent out a warning that fraudulent postcards are being […]

Was it made of gold? Encrusted in diamonds? No. Read on to learn how one laptop ended up being worth a massive one million dollars. The U.S. Department of Health and Human Services (HHS) recently closed an investigation into Lifespan Health System Affiliated Covered Entity for a stolen laptop incident reported back in 2017. That […]

COVID-19 has had a profound impact on the healthcare industry. Many day-to-day operations have changed, like how organizations provide care to patients and handle business functions behind the scenes. While these changes were required to be made quickly, some organizations found themselves far less prepared than others. – Was your organization prepared for the quick […]

For every moment in time, there is an opportunity to create good from it, and likewise, to create bad or negative reactions. COVID-19 has given us both. While of course, we wouldn’t wish it to happen again, we have seen people come together, new businesses arise, and an overall re-evaluation of our priorities. Then there’s […]

COVID-19 has ushered in the mass acceptance of telehealth, with so much optimism and excitement around the technology. But like many new technologies, the initial use is rushed and not well thought out with many providers trying to figure out the right technology, best practices, and optimal patient experience. We have seen temporary waivers to […]

Mask Mandate Whatever your opinion is of wearing, or not wearing a mask, there are in increasing number of mandates being put in place by governments or independent establishments in an effort to mitigate the spread of COVID-19.  This mask mandate means that most people over a certain age need to have their face covered, […]

A year of credit monitoring along with identity theft monitoring services. That’s what most of us settle for when we find out that our personal data has been compromised. We are alerted, we change our password, we read the letter that offers these services and may or may not sign up for them. Some individuals […]

We all know (or should know) that human error accounts for the majority of breaches. Phishing gives hackers entry to a business’s front door by manipulating the employees who work there. Phishing is when a cyberattack is disguised and delivered using email as the carrier or weapon. Through very convincing and cleverly designed messages, the […]

As businesses like shops, restaurants, and others that were previously closed as a result of COVID-19 begin to open, precautions of various kinds are now in place.  As the state or perhaps local government encourages and sometimes requires protective gear, employers must take into consideration how it will affect their workforce. One outward-facing and immediate […]

Employee Privacy in a Pandemic COVID-19 has presented businesses with a new challenge in keeping their company safe and it starts with employee health. As they re-open in the wake of the pandemic, they must keep track of individual health with regard to who is sick and how it might affect the company as a […]

Let’s Recap The Health Insurance Portability & Accountability Act (HIPAA) was created in 1996 to protect patients and their privacy, and if you are in healthcare, you already know this and are familiar with what it means.  With a goal to ensure that people could maintain health insurance between jobs, thus the “Portability” part of […]

The Patients Are Not Equal As COVID-19 took over in the headlines, it also took over at many hospitals around the country.  We saw a rise in the number of patients that were taken in and diagnosed with the virus, but there was an unexpected result as well.  The rate of decline in-patient activity didn’t […]

  In mid-March, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that they would use “enforcement discretion” in regard to HIPAA compliance with telehealth.  And, the healthcare community gave out a collective sigh of relief.  Not because the rules and regulations were unfair, but in a time of […]

Cyber-attacks against healthcare organizations are on the rise, as cybercriminals target covered entities and business associates alike. The uptick in attacks on healthcare has proven the need for organizations to invest in their preventive cybersecurity efforts and ensure they are prepared to handle the aftermath of a successful attack or security incident. Download our free […]

While we have all had to adjust in obvious ways to the pandemic, the reality is that after the panic subsides, and after the immediate emergency vibe in the air passes, we will never return to the way things once were.  We are in a new reality, or as many keep saying, a new normal. […]

COVID-19 has given us a type of Fashion Week within healthcare, where new trends and rising stars emerge unexpectedly, and all at an alarmingly fast pace down the virtual runway. We are seeing work from home take on a whole new significance, which leads to new software platforms rising in popularity, existing applications modified to […]

We find ourselves months into the trenches of the COVID-19 crisis, and with each new day comes not only a different set of problems but new solutions as well.  As first responders, public safety officers, and the medical community continue to show the need to increase hires within their fields, the process to make those […]

We’ve all had to make adjustments to how we work, how we live, and how we interact overall with humanity during the COVID-19 pandemic.  This means that we’ve been stricter in some regard, and more relaxed in others (limiting screen time, who can be bothered?). The government is no exception to this.  We’ve seen some […]

Is your healthcare organization using telehealth to communicate with patients during this pandemic? Not sure how HIPAA comes into play with these remote communications? Our free Resource Guide for HIPAA Compliance & Telehealth Guidelines During COVID-19 will provide you with the information you need regarding telehealth and the Office for Civil Right’s enforcement discretion during […]

HIPAA provides guidelines to establish the permissible use of an individual’s personal health information (PHI).  Seems pretty straightforward for the most part.  And it was – for the most part.  Until we start to dig a little deeper and look at the resources that are now in play (which were not 20+ years ago when […]

Is your healthcare organization operating during the global pandemic, whether in the office or working remotely? Not sure of how to handle HIPAA compliance when using technology to communicate with patients? Worried about the rise in COVID-19 scams and data breaches? We’re here to help! Our free Resource Guide for Securely Operating During the COVID-19 […]

According to a survey by OpenVPN, 36% of organizations experienced a security incident caused by the actions of a remote employee. Watch this easy-to-understand video and learn how you can take steps to protect yourself, your business, and your loved ones. Watch the Free Training Video

Community-Based Testing & HIPAA Community-Based Testing Sites (CBTS) are the latest entity to be excluded from HIPAA enforcement penalties by the Office for Civil Rights (OCR) for their participation in regard to COVID-19 specimen collection and testing.  This “exercise of enforcement discretion is effective immediately (April 9, 2020), but has a retroactive effect to March […]

Whether it involves faces masks, hand sanitizer, hospital and medical supplies, or a stimulus check, scams against healthcare organizations and individuals are booming with COVID-19 as the starting point.  Hackers and cybercriminals are looking at the pandemic as a great opportunity to take advantage of unsuspecting businesses and consumers in a variety of ways. The […]

As we continue to make our way through new territory with the COVID-19 crisis, we are having to adjust the rules and regulations that previously stood in place.  HIPAA is no exception to that. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has continued to update the guidelines under these […]

In recent years there has been an increase in the use of telehealth and remote management tools as options for maintaining patient well-being.  If you’re not familiar with these, the HHS’ Health Resource & Services Administration (HRSA) defines telehealth as “the use of electronic information and telecommunications technologies to support and promote long-distance clinical health […]

Effective Immediately As the Novel Coronavirus pandemic continues to greatly impact our nation, working from home is no longer an occasional benefit for many Americans, but is now a requirement for many businesses to continue operating safely and effectively. While working from home does come with its perks, there are many new cybersecurity risks created […]

Recently, the U.S. Department of Health and Human Services put the final approval on two rules that will be transformative in the way that patients can access their health data.  This unprecedented approval will provide safe and secure access to that data via interoperability and information sharing. These rules identify the most extensive healthcare data […]

A patient’s right to access their healthcare data so that they can make informed decisions regarding their own health and wellbeing is the component of HIPAA known as the HIPAA Right of Access. Recently, the American Medical Association (AMA) published a new HIPAA playbook for physicians and their practices to better understand this component.  With […]

20/20 Vision in 2020 What lies ahead for the healthcare industry in 2020?  Like patient health, we can’t predict the future accurately, but we know that preventative care can go a long way when we know the risk factors. If you’re in the business of patient care, whether that is through treatment or within a […]

How Scammers Are Using the Coronavirus to Trick Their Victims As if the fear of the Coronavirus outbreak weren’t enough to have the world on edge, there’s a new way that the virus is impacting humans: through email cyber-attacks. The method of contamination takes a trusted name, the World Health Organization, and uses it to […]

When an emergency situation occurs, like that of the recent Novel Coronavirus (2019-nCoV) outbreak that is said to have originated in mainland China, the healthcare industry is affected worldwide.  From the individual patients all the way up to the largest facilities for patient care, it’s imperative to share knowledge and information, but it MUST be […]

40 Million The US state with the highest population is California.  At the end of 2019, it was 39.56 million.  That’s A LOT of people, right? Yes.  However, according to the recent study published by Fortified Health Security, 40 MILLION Americans were affected by a healthcare data breach in 2019 alone.  That represents an increase […]

End of Windows 7 They say when one door closes another one opens, but in this case, it’s a window.  On January 14th, 2020, Microsoft ended its support for Windows 7.  Since Microsoft is no longer offering patches or security updates for vulnerabilities identified in Windows 7, hackers have a new way of gaining access […]

2019 HIPAA Breach Reporting Deadline If in 2019 you had a HIPAA breach that affected fewer than 500 individuals, you must report that to the US Department of Health and Human Services (HHS) by Saturday, February 29, 2020. Not sure if you’ve had an incident that requires reporting?  Start by knowing that every breach must […]

Imagine this: One day, out of the blue, you receive an unusual communication from an unknown individual warning YOU that they have photos and personal information about you that they are prepared to release if you don’t pay them a ransom. At first, you might chuckle thinking, there is no way this is true. But […]

Don’t Overlook It When you consider a healthcare organization’s role in protecting patients, it’s easy to look at things from a high-level and miss out on some of the most critical protections an individual needs, expects and is owed. For example, when I think about protecting patients, my mind goes directly to the reason behind […]

Fender Bender In Carroll County, Georgia, there was a vehicle accident of an unusual kind recently.  It resulted in the Department of Health & Human Services’ Office for Civil Rights (OCR) slapping a $65,000 fine on West Georgia Ambulance when they were found to have multiple violations of HIPAA rules. It started in February of […]

Annual Physical We’ve conducted our end of year physical on the healthcare industry, and while the humans that are cared for have a variety of health issues, there is one that is plaguing the healthcare industry as a whole: cybersecurity. This was not a good year for hospitals and healthcare businesses when it came to […]

We Are All Affected by Bad Cyber Health Pay attention, the health of your business depends on it. Wherever you fall in the food chain of the healthcare industry, cybersecurity needs to be at the forefront of your mind.  That might mean you are a small doctor’s office with a few patients, a large hospital, […]

Amazon isn’t a company that lets an opportunity go by.  With the awareness of cybersecurity rising every single day, opportunity presents itself in a variety of ways.  Not only do they have a captive consumer audience, but familiarity and reputation allow them to venture into the enterprise field with credibility as well.    With that being said, recently they announced the […]

Crazy Eight If only we were talking about a card game.  Unfortunately, for Sentara Hospital, we aren’t.  Instead, we are referring to them receiving the unwanted title of being the eighth recipient of a HIPAA financial penalty in 2019.  This $2.175 million fine is given in conjunction with the requirement to create a corrective action […]

  “Doctor, How Bad Is It?” “I’m not sure, I can’t access your medical records to tell you exactly what the prognosis is.” Recently, this is what Virtual Care Provider had to tell its clients; that the technology services that they were providing were on hacker hiatus.  In other words, they were hit by a […]

It is likely that we can all recall a moment when we “knew about” something before anyone else.  A band, a trend, a fad.  Then it goes mainstream and you realize the word is out, and when a big name gets on board with promoting the person, place or cause, you find yourself part of […]

You’ve likely heard of a risk analysis. Hopefully, you’ve also performed one for your organization. Whether you’ve been helping your organization work on its HIPAA compliance for years, or you’re new to the world of HIPAA, performing a risk analysis should be a high-priority item on your business’s to-do list. Let’s start with the basics. […]

Isn’t it wonderful how technology has made medical care more accessible?  Not only can medical professionals be mobile and go TO their patients, but patients can now take ownership via apps and devices that allow them to monitor their own well-being.  Apps and devices are now available that give us so much information and access; […]

When DADS Don’t Know Best No, we aren’t talking about Father Knows Best here.  We are referencing the Department of Aging and Disability Services (DADS).  In 2017 it was added to the Texas Health and Human Services Commission (HHSC), which is comprised of childcare and nursing facilities, operations of supported living centers, providing mental health […]

Sick on the Inside The American Cancer Society deals with illness of the human sort, but recently they had to deal with another kind of toxic plague silently taking over.  On the outside, things looked fine.  But on the inside, there was a silent plague. Hidden as analytical code, security experts discovered malware embedded in […]

HIPAA compliance doesn’t care if you’re a small business or a non-profit.  This isn’t said in a disrespectful manner to the laws that govern the policies, but to make you aware that your business status, or identifying structure won’t allow you to be overlooked. Hefty Fine Imposed Recently the Office for Civil Rights (OCR) at […]

HIPAA Requirement While it is required within HIPAA rules and regulations to complete a risk assessment regularly, the question may still be in your mind regarding WHY you have to do this. The legal ramifications are obvious.  If audited, you’ll have to show a risk assessment as part of your HIPAA compliance program. And remember, […]

HIPAA Enforcement is Happening Enforcement is in action.  That’s what Bayfront Health-St. Petersburg recently learned when they agreed to pay $85,000 in penalties to the Department of Health & Human Services (HHS) Office of Civil Rights for a potential violation of the HIPAA right to access provision. This is the first enforcement by the OCR […]

When it’s YOU in the Review Making dinner plans?  Check online for reviews before you spend your money dining out.  Ready to book a vacation?  You’re definitely making sure the pool is as big as they say it is. How about when it comes to personal care?  Do you check online to see if a […]

October 1, 2019 — HIPAA Secure Now! today announced its commitment to National Cybersecurity Awareness Month (NCSAM), held annually in October, by signing up as a Champion and joining a growing global effort to promote the awareness of online safety and privacy. NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit […]

October 1, 2019 — HIPAA Secure Now! today announced its commitment to National Cybersecurity Awareness Month (NCSAM), held annually in October, by signing up as a Champion and joining a growing global effort to promote the awareness of online safety and privacy. NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit […]

Campbell County Chaos Hopefully, you didn’t have a doctor appointment in Campbell County Wyoming recently.  And if you had an emergency situation, perhaps you were not getting the immediate care that you may have hoped for when you showed up at the ER.   It wasn’t the long wait from an overcrowded hospital waiting room, or […]

We previously published Part 1 of this article on abuses of Patient Right to Access for medical records and how these abuses can overburden healthcare providers and put patient health information at risk. This Part 2 focuses on what healthcare organization can do about the growing problem. The following blog was written for the HIPAA […]

The following blog was written for the HIPAA Secure Now community by DataFile Technologies, a leading provider of health data management including fast records release services with a 24-hour turn-around time, and an industry-leading accuracy rate over 99.9%. You may have seen an uptick in medical records requests labeled with “HITECH Request” or experienced requestors […]

Humans or HIPAA? When it comes to healthcare organizations addressing the HIPAA compliance of their business, many feel prepared and comfortable, readily checking that “compliant” box. But addressing the human part of security falls by the wayside too often.  Compliance and cybersecurity, which includes human security, both need to be a part of your overall […]

Remain Calm, Remain Honest – and Remain in Business Avoiding the inevitable does not make it go away. Healthcare patients choose a provider based on the quality of care.  In addition to that, the public will generally assume that their private information is safeguarded and not something that they need to verify or investigate before […]

A Toothache Beyond Repair Hackers have used the very software that hundreds of dentists relied on to run their business, to bring it to their knees.  A ransomware attack is responsible for shutting down computers at roughly 400 dental offices all over the U.S. The Digital Dental Record and Wisconsin-based cloud services provider, PerCSoft collaborated […]

It’s a Fact When you search for cyberattacks by vertical, always in the top categories is healthcare.  It can be filtered from there by the size of the business, whether it is enterprise or small to medium-sized establishments, but the information targeted is patient data. Why? Because who knows more personal information about you than […]

HIPAA – Then & Now The Health Insurance Portability and Accountability Act, better known as HIPAA, has been around since 1996, with the intent to protect patients by properly handling their protected health information (PHI). With good intentions, HIPAA set forth to provide both security provisions and data privacy. The legislation was passed in the […]

As many of you know, an Electronic Health Record (EHR) is a digital record of a patient’s paper charts, updated in real-time.  This is an incredible option to have in the world of medicine, where information can be exchanged between doctors as well as business associates. It also provides an incredible benefit to the patient, […]

We’re just passed the midway point of the year and if this were our own health report, we’d be failing miserably when it comes to data breach prevention. According to a recent report from Protenus and Databreaches.net, over 31 million healthcare records were breached in the first six months of 2019.  That is double the […]

Every day in my newsfeed I’m alerted to yet another compromise to patient information.  The headline isn’t always the attention-grabbing ones that we see when major credit companies or big-box retailers are exposed. These are just listed, one after the other, identifying locations of healthcare businesses, whether it be hospitals or private practice, that have […]

This isn’t something you can pencil in and get to when you have time, cyber maintenance has to be something you commit to. We all have those moments when we realize that we had the best intentions to stick with something, but its priority fell by the wayside. We start off strong, then taper off […]

Approximately 25,000 patients are being notified by Adirondack Health that their protected health information (PHI) may have been obtained by a hacker. Vermont-based Adirondack Health is part of the Adirondacks Accountable Care Organization (ACO). Adirondacks ACO analyses health data for the entire region and is made up of all the Adirondack region’s hospitals. The Breach […]

A recent report by KLAS and CHIME looked at the cybersecurity practices of healthcare providers based on recent guidance issued on the subject. The results? Although some best practices seem to be on the radars of organizations of all sizes, overall findings suggest that small practices have some work to do. In their white paper, […]

Facebook Status: Away on Vacation Social media is great for a lot of things.  Sharing photos, reconnecting with old friends, finding like-minded people and groups to share ideas and hobbies.  But when does sharing become oversharing? Hackers gain access to your personal data via your profile and the information you share there – and you […]

A potential class action lawsuit has been filed against the University of Chicago Medical Center (UChicago Medicine) by a former patient, claiming his and thousands of other patients’ medical records were shared with Google without authorization and without removing identifying information. The suit was filed in the United States District Court for the Northern District […]

Cybercriminals continue to flex their muscles on the healthcare industry with ransomware hitting an Ohio medical practice earlier this month. NEO Urology in Boardman, Ohio, suffered a complex ransomware attack, with hackers encrypting the organization’s entire computer system. According to a report from local news agency WFMJ, the attack on NEO Urology occurred on June […]

Earlier this month, a data breach affecting Quest Diagnostics, LabCorp, and Opko was announced, stemming from an incident caused by the collections vendor, American Medical Collection Agency (AMCA). Now, the number of individuals who had their medical and personal information compromised by the incident has exceeded 20 million, bringing up major concerns of medical identity […]

In 2018, 71% of ransomware attacks targeted small businesses, according to a report by Beazley Breach Response Services. It’s clear that small businesses are a cybercriminals favorite target, yet many remain unprepared to handle a cyber-attack. Is it that small businesses don’t care about cybersecurity? It wouldn’t be fair to make that assumption; however, small […]

Quest Diagnostics, one of the country’s largest blood testing providers announced on Monday that nearly 12 million patients may have had their sensitive information compromised in a data breach. The breach occurred at one of Quest’s billing collections vendors, American Medical Collection Agency (AMCA). Quest was notified on May 14, that between August 1, 2018, […]

Medical Informatics Engineering, Inc. (MIE), a software and electronic medical records service provider has paid the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services $100,000 to settle a HIPAA breach from 2015. The Indiana-based company reported the data breach to OCR on July 23, 2015, following the discovery that […]

Ransomware is not a new type of cyber-attack. In fact, it’s been around for years, but don’t let its age fool you; ransomware is not “yesterday’s news”. Ransomware is just as alive as ever before, continuing to dominate industries across the globe, and healthcare is not immune from its threat. You may be familiar with […]

Hello, HIPAA The Health Insurance Portability and Accountability Act, better know as HIPAA, was passed by Congress in 1996 and called for the protection and confidential handling of protected health information (PHI). HIPAA still exists today, aiming to protect patients and their information, but it’s important to think about how far we’ve come in the […]

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced a settlement with Touchstone Medical Imaging (“Touchstone”) for their potential violations of HIPAA Security and Breach Notification Rules. Touchstone has agreed to pay $3,000,000 and adopt a corrective action plan. Touchstone is a diagnostic medical imaging services company based in […]

Patient data exposed Inmediata Health Group, Corp., a provider of clearinghouse services, software, and business processing solutions to health plans, hospitals, IPAs, and independent physicians recently announced a security incident affecting some customer data. The incident was discovered in January 2019 when Inmediata found a misconfigured webpage was allowing some electronic health information to be […]

Metrocare Services, a mental health service provider in North Texas, has notified the Department of Health & Human Services (HHS) of a data breach affecting 5,290 patients. The Breach Discovery The breach was the result of a phishing attack and was discovered on February 6, 2019, when Metrocare found that an unauthorized third-party accessed some […]

Business email compromises (BEC) scams made a big statement in 2018, seeing a 133% increase over 2017, according to a recent report by Beazley Breach Response Services. The Beazley Breach Briefing looked at information gathered from investigations into more than 3,300 data incidents that were reported to Beazley in 2018. The investigations revealed that nearly […]

We previously wrote an article about the ransomware attack striking a Michigan doctor’s office, leaving their patients with no medical records and leading the practice to closure. This article is intended to provide professional insight into the liability of the practice despite its decision to close its doors. The following blog was written by Matthew […]

  A doctor’s office in Battle Creek, Michigan is closing its doors following a ransomware attack that left them with no other option – besides pay up. The Demand and the Decision Dr. William Scalf told a local news outlet, WWMT West Michigan, that hackers locked the files at Brookside ENT and Hearing Center, demanding […]

Tis the season!  You’re making mental plans with what is hopefully a generous tax refund and deciding what to do with the surplus of cash you’ll soon have on hand. Along the way from starting to submitting the paperwork, there are quite a few roadblocks to be aware of.  Even if you aren’t getting a […]

Ransomware wreaked havoc on businesses across the globe throughout 2018 with no signs of slowing down. Which sector was hit the hardest? A recent report from Beazley Breach Response Services found that the healthcare industry suffered from the most ransomware attacks last year. Why was healthcare the hardest hit? Healthcare data is valuable, and hackers […]

Is the healthcare sector uniquely vulnerable to phishing attacks? A recent report published in the Journal of the American Medical Association says yes, with research to back that claim. A team of researchers led by William Gordon, MD of Harvard Medical School and Boston’s Brigham and Women’s Hospital set out to answer the question, “Are […]

Data breaches are extremely common as technology continues to advance. Of those breaches, small and medium-sized businesses (SMBs) are a favored target for cybercriminals. In fact, more than 70% of attacks target small businesses, according to the National Cyber Security Alliance, and as many as 60% of hacked SMBs go out of business following a […]

Pawnee County Memorial Hospital (PCMH) in Pawnee City, Nebraska has notified 7,038 patients that a hacker may have accessed some of their protected health information. The incident was discovered on November 29, 2018, when PCMH learned that their business e-mail system was compromised by a malware virus. A forensic computer investigator was hired immediately following […]

Being scammed can happen so easily today, but when you make it about a topic that many people can let their guard down with, the scam can happen much easier.  What topic is that? We’re talking about money. Fake check scams have been around for quite some time, however, with the increase in online sales […]

Rush University Medical Center is feeling the impact of a breach they themselves did not cause. A third-party vendor is responsible for compromised personal information of 45,000 patients of Rush Medical. The breach was caused by an employee of the claims processing vendor when they inappropriately shared a patient file with an unauthorized individual. Rush […]

The University of Washington Medicine is notifying approximately 974,000 patients of a data breach that occurred in December, which left some of the patients’ information exposed on the Internet. The breach occurred over a 3-week period and was determined to be the result of a misconfigured server. The database was used to track the sharing […]

Healthcare breaches are incredibly difficult for organizations to deal with. Repercussions of a data breach vary greatly depending on what caused the breach to begin with. For example, there’s the struggle of getting your organization back up and running, determining the cause of the breach, notifying patients, taking corrective action, reporting the breach, potentially finding […]

We’ve known that employees are the weak link in security. In fact, we have been cautioning organizations for quite some time regarding the risks their employees pose when not properly trained. Despite heightened awareness of these risks, recent research from Microsoft suggests that employees remain the weak link, posing huge risks to their organizations. A […]

You get an email or text from what seems to be a legitimate email or phone number.  Then you read the message: “Send bitcoin right away or else I am sending compromising photos or information to your friends and family.” If you’ve received this type of email, you’ve likely been a victim to a new […]

As the digital ecosystem continues to thrive and advance, so too must the regulations and practices for safely caring for sensitive data. That is especially true for the healthcare industry, which continues to be a prime target for cybercriminals. Healthcare practices need to appropriately safeguard electronic protected health information in compliance with the Health Insurance […]

Today, many people are working more than one job, and with the flexible options of contractor work, or work as needed opportunities, you can likely find something that fits your schedule and financial needs.  Maybe you are looking for a little bit of extra work to make ends meet, or a way to save up […]

Ransomware Attack on CT Optometry Office Raises Tax Fraud Concerns Cybercriminals target businesses of all industries and sizes, however, it seems as though their sights are set more on small and medium-sized businesses than large corporations. While there are many factors that may influence the shift of attention to small businesses, one explanation stands out, […]

Every day it seems there’s another ransomware attack in the healthcare sector. What’s worse is that these types of cyber-attacks are expected to continue to increase. Why do cybercriminals target this industry so heavily? – Their victims pay the ransom because healthcare practices can’t afford a business interruption – Large numbers of outdated systems make […]

Valley Hope Association (VHA), a Kansas-based addiction treatment organization with 16 facilities in seven Midwest states has started notifying patients that their information may have been compromised in a data breach. After officials found suspicious activity on an employee’s email account in October, an investigation was launched. VHA hired a forensics team to uncover details […]

  Remember ransomware, the malicious software that blocks computer access until a ransom demand is paid? The threat was huge and dominated headlines in the past but seems to have slowed down in recent months. Could the decline in publications citing ransomware as the cause of a data breach or loss of data indicate that […]

As the value of healthcare data remains high, there is no denying that healthcare organizations make prime targets for cybercriminals. To wreak havoc and make a profit from compromised patient data, cybercriminals exploit weak spots in healthcare organizations, whether that be a loophole in the security of the server, poorly trained employees, or a variety […]

Educating employees on security awareness and the dangers posed by cybercriminals is critical to any organization. While you can train employees on what to look for and how to best protect your practice, cybercriminals will continue to find unique and more sophisticated ways to trick individuals and gain access to the sensitive data they’re trying […]

A recent survey conducted by the American Medical Association (AMA) and the consulting firm Accenture surveyed 1,300 U.S. physicians to find out about their experiences and attitudes towards cybersecurity. Unsettling findings in the survey revealed a lack of cybersecurity education among physicians. The five key findings of the survey as reported by the AMA and […]

[tvideo type=”vimeo” clip_id=”299922099″]

It’s no secret that employees violate security policies. Whether we’d like to admit it or not, there’s a good chance we have all violated a security policy once upon a time. Sometimes, employees violate policies to save time or make their job easier, and sometimes, they don’t even know they’re doing it. How do you […]

On October 5, California-based Gold Coast Health Plan (GCHP) informed the Office for Civil Rights (OCR) that a phishing attack may have exposed the protected health information of 37,005 plan members. The attack occurred when hackers successfully tricked a GCHP employee with a phishing email, which allowed the hackers access to that employee’s email account […]

Cybercriminals have been targeting the healthcare industry for years.  As healthcare has become the second largest sector of the U.S. economy, it should come as no surprise that the industry receives special attention from hackers. Aside from its size, what else accounts for the indisputable interest cybercriminals have in exploiting healthcare? Hackers Set Sights on […]

Business email compromise (BEC) scams remain one of the most widely used attack vectors among cybercriminals to date. In fact, cybercriminals are finding so much success in exploiting human vulnerabilities through BEC scams that their frequencies have been dramatically increasing. What is a BEC scam? In a BEC scam, the attacker gains access to an […]

[tvideo type=”vimeo” clip_id=”292763261″]

On September 20, the Department of Health and Human Services’ Office for Civil Rights announced a fine of $999,000 for three Boston hospitals, all of which violated HIPAA while allowing ABC’s TV series “Boston Med” to film the show in their facilities. Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital […]

A lot can happen in 5 years, and unfortunately, not always for the better. According to a recent report by Juniper Research, Cybercrime & the Internet of Threats 2018, data breaches are expected to reach 146 billion records over the next five years. For cybercriminals to successfully compromise such an extreme number of records, significant […]

Small businesses are often thought to be a forgotten entity when it comes to cybercrime. On the surface, it seems like a fair assumption that hackers wouldn’t target small businesses when there are large enterprises with much greater assets. Unfortunately, many small business leaders fall for this “I’m not a target” mentality, when in fact, […]

As we move into the second half of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program.  The MACRA/MIPS rules change slightly every year, and this year is no exception.  Even though the rules have been adjusted, a basic requirement remains in place:  […]

[tvideo type=”vimeo” clip_id=”288217944″]

Despite reports that the healthcare sector is seeing fewer ransomware attacks this year than years prior, that doesn’t mean they don’t still exist. Unfortunately, for Missouri-based Blue Springs Family Care, that lesson was learned the hard way after suffering a breach of 44,979 patient records resulting from a ransomware attack. Cass-Regional Medical Center, also based […]

A recent survey conducted by the health insurance company Aetna revealed some significant results as to what consumers consider to be their most important concern in terms of healthcare. According to the survey of 1,000 consumers, concerns of patient privacy and data security are more important than the cost of care. 80% of survey respondents […]

Phishing is a cybercrime that has been around for many years, where targets are sent malicious emails claiming to be from a legitimate individual or organization to trick them into disclosing their sensitive information. Phishing emails remain a major threat today, however despite increased awareness of the cybercrime, cybercriminals continue to fool their targets into […]

Our healthcare data holds a multitude of sensitive information regarding our personal lives. That information could include our full name, date of birth, home address, health history, diagnoses, and test results to name a few pieces of information. While we know the data contained in our healthcare records is quite extensive, less than half of […]

[tvideo type=”vimeo” clip_id=”282716076″]

The end may now be in sight for a four-year-long legal battle for individuals affected by a 2014 healthcare data breach. While the settlement has not yet received final court approval, the tentative settlement of the class-action lawsuit could provide more than 1,200 affected individuals of the 2014 Flowers Hospital data breach up to $150,000 […]

There is a good chance you’ve never heard of the major marketing and data aggregation company Exactis, but that doesn’t mean they don’t know you. In fact, Exactis may know a great deal of your personal information, including your email address, your home address, your habits and hobbies, your children’s ages and genders if you […]

[tvideo type=”vimeo” clip_id=”277471559″]

  Risky cyber behavior among employees is nothing new, in fact, despite organizations becoming more aware of the state of cybersecurity, employees continue to cause data breaches in unacceptable numbers. TechRepublic looks at a recent OpenVPN survey, which dissects poor cyber hygiene among employees. Despite an increased focus on security training, 25% of the 500 […]

Security Tips: Phishing Sites Click on  above to view in fullscreen mode!

Human-error; we talk about it all the time, but what exactly do we mean? Human-error occurs when an individual performs a task or does something with an unintended outcome. It’s easy to point the finger at employee’s as being an organization’s weakest link, but without appropriate security awareness training provided by the employer, how can […]

[tvideo type=”youtube” clip_id=”_dj_90TnVbo” rel=”false” showinfo=”false”]

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is planning to issue an advance notice of proposed rulemaking this November that could be a major game changer for HIPAA breach settlements. According to the Data Protection Report, the OCR plans to get the public’s input on a policy change […]

It comes as no surprise that the healthcare industry is a prime target for cybercriminals. Since it’s easy to recognize the potential profit in stealing Protected Health Information (PHI), it is crucial to know and understand the potential security threats that exist, including threats from the inside. Verizon found in their 2018 Protected Health Information […]

[tvideo type=”youtube” clip_id=”lp_8cvNm_vE”]

According to the San Francisco Public Health Department, nearly 900 patients at two San Francisco hospitals had their personal information breached. On Friday, the Department stated that the breach occurred at San Francisco General and Laguna Honda hospitals when a former employee of one of the hospitals’ vendors gained unauthorized accessed the patient data. An […]

[tvideo type=”youtube” clip_id=”X08wgodFgXw” width=”600″ rel=”false”]

Security Tips: Public WiFi Networks The FTC has some good tips on securing confidential information, including patient information, when using Public WiFi Networks.

April 2018 OCR Cyber Security Newsletter Risk Analyses vs. Gap Analyses – What is the difference? The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules require covered entities and their business associates to safeguard electronic protected health information (ePHI) through reasonable and appropriate security measures. One of these measures required […]

It is no secret that healthcare data breaches are on the rise. While we often hear about hackers targeting the healthcare industry, you may be surprised to learn that more healthcare data breaches are caused by insiders than hackers! In their recent Protected Health Information Data Breach Report, Verizon has found that 58% of all […]

Malicious cyberattacks are increasing every day around the globe. In fact, cyber-incidents nearly doubled from 82,000 incidents in 2016, to 159,700 in 2017. While the media often depicts large corporations as the primary target for cyberattacks, small business are just as likely – if not more likely to be targeted. An article on CSO looks […]

  Many organizations spend countless hours and resources on training their employees, only to find that their business has suffered a data breach caused by human error. Despite the quality and frequency of a security awareness training program, if employees are not engaged in training or feeling a sense of motivation to protect their organization, […]

This article was written by Matt Fisher and originally appeared on the Mirick O’Connell Health Law Blog.  It is published here with permission. At some point in time most group practices, hospitals or other provider organizations will receive a letter from the Office for Civil Rights (“OCR”). The letter will state that OCR received a […]

Phishing has become a common threat faced by organizations in today’s digital era.  While cybercriminals are enhancing their tactics to make their attempts seem more legitimate, they continue to recycle old scams, making only minor changes to trick their victims. An old phishing attempt has recently started resurfacing where scammers pose as a well-known tech […]

It is no secret that the Internet has become a key component of our daily lives for personal and business use alike. Unfortunately, the dependency of the Internet in today’s culture has become quite clear to cybercriminals, making security an incredibly important concern, especially for small businesses. An article on Homeland Security Today explores the […]

In the February OCR Cybersecurity Newsletter, they give very good information on Phishing and how to avoid being a victim.  The newsletter is reprinted below:   February 2018 Cybersecurity Newsletter Phishing Phishing is a type of cyber-attack used to trick individuals into divulging sensitive information via electronic communication by impersonating a trustworthy source. For example, […]

Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the “Dark Web”.  An article […]

Click for full image

Breaches are becoming increasingly common as cybercriminals continue to advance their skills and tactics to trick their victims into falling for their scams. While cybercriminals are remaining diligent in their efforts to carry out their attacks, small business owners continue to underspend on cybersecurity. An article on Entrepreneur looks at 5 things your employees are […]

Matthew Fisher, ESQ and Jonathan Krasner Healthcare represents a very large segment of our economy – approaching 20% by some estimates.  As such, healthcare organizations come in many sizes and flavors.  We are all, hopefully, familiar with the basics that HIPAA compliance requirements apply Covered Entities, Business Associates and subcontractors.  A CE and a BA […]

The dark web is often known for the illegal activities conducted there, and while not everything on the dark web is illegal, it’s most appealing factor is its anonymity. The dark web is often a place where stolen data and personal information is bought and sold following a data breach or hacking incident. An article […]

This is a guest post by Pawan Jindal of MyMIPSScore and originally appeared at the MyMIPSScore Blog Under MACRA, Advancing Care Information(ACI) category of MIPS replaced Meaningful Use. As we discussed briefly in the 10 step overview of MIPS, ACI scoring under MIPS is determined based on the provider’s performance for a set of base […]

Ransomware dominated the healthcare industry in 2017, with six of the top ten breaches reported to the U.S. Department of Health and Human Services a direct result of the malicious software. An article on Security Current looks at some ransomware attacks from 2017 as well as steps you can take to help avoid becoming a […]

  Billion-dollar electronic health record (EHR) company Allscripts has fallen victim to a ransomware attack, which began on Thursday, January 18 around 2:00 a.m. EST. By 6:00 a.m. EST, the ransomware attack was full-blown requiring Microsoft and Cisco’s incident response teams to be called upon for assistance. An article on CSO explores the attack which […]