Follow us on

BLOG

Confronting Digital Health Privacy Risks via the New NIST Framework

The move to digital healthcare is advancing innovative uses for health information that also introduce unforeseen risks to patient privacy. Federal and state regulations and standards bodies are playing catchup to stem the tide of privacy breaches and harm to patients as information disseminates across disparate healthcare systems and platforms. This blog post provides an overview and Meditology’s recommendations for implementation of the NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management. Read More

Published On February 10, 2020

Got Certs? The Pros and Cons of Enterprise Security Certifications

Healthcare has become a prime target for malicious actors bent on profiting from the resale and reuse of patient information. Healthcare entities are scrambling to sure up security controls for their own organizations and third-party business partners as the sprawl of patient information continues to drive widespread data breach events. Many healthcare Covered Entities and Business Associates servicing the industry are pursuing or evaluating enterprise security certifications to provide assurance of their security program and control effectiveness to the market. Read More

Published On January 16, 2020

A Vision for 2020: Top 10 Healthcare Security Trends for the New Year

The vision for 2020 healthcare security and privacy is clouded with emerging security threats, compliance and enforcement activity, and rapidly evolving business models and regulatory landscapes. However, we can also see many opportunities on the horizon this year and beyond to improve the industry’s privacy and security protections of healthcare organizations and patient information. Read More

Published On January 13, 2020

The Impact of OCR’s New HIPAA Penalty Limits

A new structure for HIPAA violation Civil Monetary Penalties (CMP) was announced by the OCR on April 26, 2019. This change greatly reduces the financial risk of HIPAA breach violations for covered entities that can demonstrate updated security risk management plans, policies and procedures for sensitive patient data. Read More

Published On November 27, 2019

Bursting at the Seams: Security Audit Response Overload

Every pipeline has a capacity limit. Problems begin when the flow is clogged or overwhelmed. First as a small leak, then a rupture occurs where the whole pipeline is in jeopardy. Only we are not talking about fluids drowning us, it is the increasing volume of Healthcare Security Audits. How can businesses meet the security demands of healthcare clients and provide meaningful and timely responses to their security audit questionnaires? Read More

Published On November 19, 2019

Privacy Data Breaches | The Importance of Assessing Business Associate Privacy Controls

It’s a typical Monday. An inbox full of emails, a calendar full of appointments and a fresh cup of coffee nearby. The phone rings and it’s a patient calling to a report a possible inappropriate disclosure of their information. The patient’s mother is irate that a sensitive diagnosis was revealed in child support discussions. She is certain that the information came from your hospital. After calming the caller, you start your investigation and quickly find out that the breach was likely caused by an employee of your population health vendor. Read More

Published On November 7, 2019

AMCA Breach Highlights Vulnerability of Debt Collection Sector

How wide of a net must we cast for vendor security assessments? This question is made more important by the recent American Medical Collections Agency (AMCA) breaches affecting patients served by clinical lab testing providers LabCorp, Quest Diagnostics and BioReference Laboratories. AMCA was one of the largest Debt Collection companies in the U.S. and, in the course of the past year, has reported 25 million breached patient records by a hacker accessing their databases. Read More

Published On September 17, 2019

The OCR's New Penalty Structure

The Office of Civil Rights (OCR) has revised and issued a new penalty structure for HIPAA violations. The bottom line of this new structure is that the OCR is taking a covered entities’ security posture into account in deciding when and how much to levy in fines for HIPAA violations. Vendor security risk management programs play a key role in demonstrating an organization’s proactive measures to reduce data security risk. Read More

Published On June 4, 2019

Featured Blog Posts

Webinar Recap: A Clear Path to Solving for Risk: A Bold New Standard for TPRM

Read

What do the barrier reef and vendor risk have in common? Here’s what healthcare TPRM can learn from this year’s coral cover numbers.

Read

CISA Cyber Performance Goals: Third-Party & Supply Chain Requirements

Read

Keep Up with CORL: Vendor Breach Digest, 10/11/22

Read
Keep Up
With Corl
Be the first to receive exclusive vendor risk management updates.