Privacy Data Breaches | The Importance of Assessing Business Associate Privacy Controls

It’s a typical Monday. An inbox full of emails, a calendar full of appointments and a fresh cup of coffee nearby. The phone rings and it’s a patient calling to a report a possible inappropriate disclosure of their information. The patient’s mother is irate that a sensitive diagnosis was revealed in child support discussions. She is certain that the information came from your hospital. After calming the caller, you start your investigation and quickly find out that the breach was likely caused by an employee of your population health vendor. Read More

AMCA Breach Highlights Vulnerability of Debt Collection Sector

How wide of a net must we cast for vendor security assessments? This question is made more important by the recent American Medical Collections Agency (AMCA) breaches affecting patients served by clinical lab testing providers LabCorp, Quest Diagnostics and BioReference Laboratories. AMCA was one of the largest Debt Collection companies in the U.S. and, in the course of the past year, has reported 25 million breached patient records by a hacker accessing their databases. Read More

The OCR's New Penalty Structure

The Office of Civil Rights (OCR) has revised and issued a new penalty structure for HIPAA violations. The bottom line of this new structure is that the OCR is taking a covered entities’ security posture into account in deciding when and how much to levy in fines for HIPAA violations. Vendor security risk management programs play a key role in demonstrating an organization’s proactive measures to reduce data security risk. Read More

Keeping Your Eyes Peeled to the OCR

At the recent HIMSS conference, the OCR provided an Enforcement Update where they outlined how they plan to approach enforcement with healthcare covered entities in 2019. As security and privacy consultants and advisors with our ears to the ground, we keep our eyes peeled for these important regulatory trends. This blog runs through the top trends that will have the biggest impact to healthcare security and privacy policy. Read More

Why Vendor Risk Management Belongs on the Boardroom Agenda

Even as third-party data breach activity continues to grow, the importance of third-party data security in board-level risk management strategy is not growing to match the need. In November 2018, the Ponemon Institute reported that among U.S. firms surveyed, 61 percent experienced a breach caused by third parties, which is up from the previous year at 56 percent. However, only 46 percent of firms surveyed say managing relationship risk is a priority.  Read More