BLOG

The vision for 2020 healthcare security and privacy is clouded with emerging security threats, compliance and enforcement activity, and rapidly evolving business models and regulatory landscapes. However, we can also see many opportunities on the horizon this year and beyond to improve the industry’s privacy and security protections of healthcare organizations and patient information. Read More

A new structure for HIPAA violation Civil Monetary Penalties (CMP) was announced by the OCR on April 26, 2019. This change greatly reduces the financial risk of HIPAA breach violations for covered entities that can demonstrate updated security risk management plans, policies and procedures for sensitive patient data. Read More

Every pipeline has a capacity limit. Problems begin when the flow is clogged or overwhelmed. First as a small leak, then a rupture occurs where the whole pipeline is in jeopardy. Only we are not talking about fluids drowning us, it is the increasing volume of Healthcare Security Audits. How can businesses meet the security demands of healthcare clients and provide meaningful and timely responses to their security audit questionnaires? Read More

It’s a typical Monday. An inbox full of emails, a calendar full of appointments and a fresh cup of coffee nearby. The phone rings and it’s a patient calling to a report a possible inappropriate disclosure of their information. The patient’s mother is irate that a sensitive diagnosis was revealed in child support discussions. She is certain that the information came from your hospital. After calming the caller, you start your investigation and quickly find out that the breach was likely caused by an employee of your population health vendor. Read More

How wide of a net must we cast for vendor security assessments? This question is made more important by the recent American Medical Collections Agency (AMCA) breaches affecting patients served by clinical lab testing providers LabCorp, Quest Diagnostics and BioReference Laboratories. AMCA was one of the largest Debt Collection companies in the U.S. and, in the course of the past year, has reported 25 million breached patient records by a hacker accessing their databases. Read More

The Office of Civil Rights (OCR) has revised and issued a new penalty structure for HIPAA violations. The bottom line of this new structure is that the OCR is taking a covered entities’ security posture into account in deciding when and how much to levy in fines for HIPAA violations. Vendor security risk management programs play a key role in demonstrating an organization’s proactive measures to reduce data security risk. Read More

At the recent HIMSS conference, the OCR provided an Enforcement Update where they outlined how they plan to approach enforcement with healthcare covered entities in 2019. As security and privacy consultants and advisors with our ears to the ground, we keep our eyes peeled for these important regulatory trends. This blog runs through the top trends that will have the biggest impact to healthcare security and privacy policy. Read More

Even as third-party data breach activity continues to grow, the importance of third-party data security in board-level risk management strategy is not growing to match the need. In November 2018, the Ponemon Institute reported that among U.S. firms surveyed, 61 percent experienced a breach caused by third parties, which is up from the previous year at 56 percent. However, only 46 percent of firms surveyed say managing relationship risk is a priority.  Read More