Don’t get caught! Five ways to avoid a phishing scam
As technology evolves, so does the sophistication of these phishing attacks. It is no longer a matter of if you receive a phishing email but when you receive a phishing email.
Am I a business associate under HIPAA? Why should I care?
Back in 2013, when Edward Snowden was in Hong Kong revealing he leaked documents detailing mass-surveillance programs by the U.S. government, the Department of Health and Human Services (HHS) was creating the Final Omnibus Rule. This rule extended its regulatory reach beyond covered entities (e.g. healthcare providers, health plans, and clearinghouses) to business associates who …
HIPAA Compliance for Microsoft Office 365
Organizations in every industry are upgrading to Microsoft Office 365 to improve security. A common concern among healthcare professionals is that using Office 365 and Microsoft Teams exposes an organization to HIPAA violations. If Office 365 is implemented without the correct security configurations, that is likely true. However, Office 365 and Teams can easily be …
HHS SRA Tool Version 3.0 – The Good, Bad and Ugly
Earlier this month, the U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) released an updated version of their Security Risk Assessment Tool (SRAT). We have been following the development of this toolkit since its inception in 2011 as the HSR toolkit and reviewed V2.0 in early 2014. Each time a new version is released, HIPAA One gathers with a few trusted industry partners to review the changes and updates so that we may accurately counsel healthcare providers, payers and business associates on the pros and cons of utilizing this free, government-issued application.
Cloud email phishing attacks: A practical guide
A quick review of the HHS Breaches Over 500 list paints a pretty grim picture of the number of breaches affecting 500 or more individuals. Breaches have been steadily increasing and the culprit is clear: Hacking/IT incidents, namely email phishing attacks. Fraudsters and criminals are exploiting vast databases of compromised user credentials to make payroll.
HIPAA Security Checklist
The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates.
State Departments Conducting Audits?!?
In recent years, healthcare audits have been a trending topic within the compliance world. Following the Phase II launch of the HHS Office for Civil Rights (OCR) Audit Protocol in March 2016, many members of the healthcare community equate audits with either the federal government or other large accounting firms such as Figliozzi & Company. …
Healthcare Continues to Dominate Breach Related Costs
A new study conducted by the Ponemon Institute on behalf of IBM Security confirmed the fears of so many healthcare information security professionals, no other personal information yields a higher value than compromised patient records. Across the country, healthcare organizations have a Goliath size security problem. For an eight-straight year, healthcare has the highest breach-related …
Similar but Different: Gap Assessment vs Risk Analysis
If you’ve heard the terms gap assessment and risk analysis used interchangeably before in privacy or security conversations, you are not alone. At HIPAA One, we have found that there are quite a few misconceptions about these two approaches and how to differentiate between them. So much so that we addressed the topic on a …
GDPR and Windows 10 Compliance
This is the second post in a 2-part series on GDPR. Guest post written in collaboration with Microsoft. On April 14, 2016, the European Union (EU) ratified the final version of the General Data Protection Regulation aka GDPR. The new GDPR regulation has been characterized as the most sweeping and impactful change to privacy and …
Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.