BLOG

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out of the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More

Orchestrating a Vendor Risk Management Symphony

Effective vendor risk management programs require artful choreography between internal and external stakeholders, processes, and tools. Business owners and security teams must be armed with the most accurate and timely information available in order to make informed decisions and drive remediation for identified vendor security risks. The symphony of successful vendor security risk management is not one that can be played alone or with one kind of instrument. Read More

Coronavirus Implications for Healthcare Security Programs

On March 5th, HIMSS announced the cancellation of their flagship national healthcare conference just days before the event was set to take place in Orlando, Florida. Just a few days earlier, the state of Florida had declared a state of emergency surrounding the global outbreak of the COVID-19 Coronavirus which has prompted cascading economic and business operational impacts for healthcare entities. The HITRUST Alliance also announced temporary changes on March 5th to their requirements for on-site assessments associated with Validated Assessments.  Read More

Rise of the Little Guys | How Small Vendors Carry Most of Your Risk

Did you know that over 86% of vendors servicing healthcare providers in 2020 are either in the Very Small (between 1-50 employees) or Small (between 51-500 employees) categories? That figure derives from analysis that was conducted in February 2020 of security assessments conducted on CORL’s database of over 50,000 healthcare vendors. This latest analysis highlights a growing trend of smaller vendors dominating the healthcare vendor landscape and changing the way in which healthcare vendor risk managers need to think about third-party risk mitigation approaches. Read More

Confronting Digital Health Privacy Risks via the New NIST Framework

The move to digital healthcare is advancing innovative uses for health information that also introduce unforeseen risks to patient privacy. Federal and state regulations and standards bodies are playing catchup to stem the tide of privacy breaches and harm to patients as information disseminates across disparate healthcare systems and platforms. This blog post provides an overview and Meditology’s recommendations for implementation of the NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management. Read More

Got Certs? The Pros and Cons of Enterprise Security Certifications

Healthcare has become a prime target for malicious actors bent on profiting from the resale and reuse of patient information. Healthcare entities are scrambling to sure up security controls for their own organizations and third-party business partners as the sprawl of patient information continues to drive widespread data breach events. Many healthcare Covered Entities and Business Associates servicing the industry are pursuing or evaluating enterprise security certifications to provide assurance of their security program and control effectiveness to the market. Read More

A Vision for 2020: Top 10 Healthcare Security Trends for the New Year

The vision for 2020 healthcare security and privacy is clouded with emerging security threats, compliance and enforcement activity, and rapidly evolving business models and regulatory landscapes. However, we can also see many opportunities on the horizon this year and beyond to improve the industry’s privacy and security protections of healthcare organizations and patient information. Read More

The Impact of OCR’s New HIPAA Penalty Limits

A new structure for HIPAA violation Civil Monetary Penalties (CMP) was announced by the OCR on April 26, 2019. This change greatly reduces the financial risk of HIPAA breach violations for covered entities that can demonstrate updated security risk management plans, policies and procedures for sensitive patient data. Read More