In a recent TED Talk on cybercrime, Caleb Barlow remarked that in 2015 alone 100 million people lost their health insurance data to thieves. Despite the growing urgency of ransomware attacks on the healthcare industry, federal funding to prevent cybersecurity threats remains in the thousands, while the cost of these breaches is estimated to be in the millions. Recently, a breach that occurred after a server of the Orleans Medical Clinic was hacked left patient information accessible to thieves for more than 12 days. While the personal information available in health care records remains so lucrative for criminals, it’s up to healthcare providers to stay vigilant in the fight against data loss.
Have you been the victim of a breach? Maybe not, but perhaps you know someone who has. Either way, deciding what to do next can be challenging if you're unprepared. First, it's important to determine whether the incident is truly a breach or simply a false alarm, then follow these guidelines to quickly respond.
HIPAA compliance is required in order to avoid large fines from the federal government, but there is another issue you can address when you implement HIPAA compliance – strengthening your practice’s network security.
Editor's note: This is the third blog in a series of articles on HIPAA compliance and is produced in partnership with Total HIPAA Compliance. The second blog in this series discussed HIPAA training for your staff and can be viewed here.
Editor's note: This is the second blog in a series of articles on HIPAA compliance and is produced in partnership with Total HIPAA Compliance. The first blog in this series discussed penetration testing and can be viewed here. In the next article, we'll take a look at why staff may be your biggest threat to compliance.
You come in to work on Monday, log into your practice’s network, and there is a message that a hacker now controls your EHR and wants a ransom to allow you access. How could you have prevented this invasion? One way is by conducting a penetration test. This is a great tool to help determine your vulnerabilities and correct security holes in your network before a hacker can find them.
With the new year in full swing, the Office of Civil Rights (OCR) is set to begin Phase 2 of its HIPAA audits program, targeting specific areas of noncompliance in healthcare organizations and among business associates who come in direct contact with protected health information.
Often times in medicine, or even life in general, we might be required to revisit the origin of a popular belief, phrase, or “common-sense” piece of knowledge. Through numerous transmissions, these concepts can stray far from their original meanings and transform into something entirely different and even erroneous. Unfortunately that seems to be happening with HIPAA. Speak the words among providers and you’ll likely invoke thoughts of uptight regulators in suits and extraordinarily hefty fines issued to those foolish enough to have loads of data on a unsecured laptop computer.
Over the past week, we've discussed some of the most common HIPAA violations you should look out for. In the first blog post of this series we talked about lost and stolen devices, hacking, dishonesty, and the improper disposal of documents.
Welcome back! If you missed the first installment of our Top 10 HIPAA Violations blog, you can read it here. Now, on to the last 5 HIPAA Violations…