BLOG

How wide of a net must we cast for vendor security assessments? This question is made more important by the recent American Medical Collections Agency (AMCA) breaches affecting patients served by clinical lab testing providers LabCorp, Quest Diagnostics and BioReference Laboratories. AMCA was one of the largest Debt Collection companies in the U.S. and, in the course of the past year, has reported 25 million breached patient records by a hacker accessing their databases. Read More

The Office of Civil Rights (OCR) has revised and issued a new penalty structure for HIPAA violations. The bottom line of this new structure is that the OCR is taking a covered entities’ security posture into account in deciding when and how much to levy in fines for HIPAA violations. Vendor security risk management programs play a key role in demonstrating an organization’s proactive measures to reduce data security risk. Read More

At the recent HIMSS conference, the OCR provided an Enforcement Update where they outlined how they plan to approach enforcement with healthcare covered entities in 2019. As security and privacy consultants and advisors with our ears to the ground, we keep our eyes peeled for these important regulatory trends. This blog runs through the top trends that will have the biggest impact to healthcare security and privacy policy. Read More

Even as third-party data breach activity continues to grow, the importance of third-party data security in board-level risk management strategy is not growing to match the need. In November 2018, the Ponemon Institute reported that among U.S. firms surveyed, 61 percent experienced a breach caused by third parties, which is up from the previous year at 56 percent. However, only 46 percent of firms surveyed say managing relationship risk is a priority.  Read More