Healthcare IT

Data backup can be defined as making a copy of the organization’s existing data i.e., ePHI, financial, employee information, and storing it somewhere else. The primary reasons for backing up data is its availability should the original data become corrupted, stolen, deleted or otherwise made inaccessible. Data backups are performed under the assumption of data…

Weak passwords are the weak link in the chain – and easily guessable by hackers. Think about it: my name, my address, kids’ or pets’ names, part of or all of my date of birth. How much personal information am I giving up in just my password, and worse, how often am I using the…

HHS Office for Civil Rights (OCR) is expected to present updates to the HIPAA Rules some time in 2023. Guidance was issued in 2022 and it is more than likely further HIPAA guidance will be issued to clear up misconceptions and false interpretation of the HIPAA requirements. One of the biggest areas of concern will…

A Business Associate “is a person or entity that performs certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) on behalf of, or provides services to, a Covered Entity.” Not only is this a HIPAA requirement, but extremely important that Covered Entities have Business Associate Agreements (BAAs) with all…

According to the HIPAA Security Rule, physical safeguards are defined as “the physical measures, policies, and procedures to protect a Covered Entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.” Facility Access Controls set policies and procedures to limit access to the facilities that contain servers, computers,…

The U.S. Department of Health and Human Services and the Health Sector Coordinating Council Cybersecurity Working Group released a new guide recently to help the public and private sectors in healthcare better align their information security programs with the National Institute for Standards and Technology’s Cybersecurity Framework. Helping the public and private healthcare sectors prevent…

We are all familiar with Business Associate Agreements and the importance of having this contract in place, explaining exactly what your Business Associate can and cannot do with the organization’s patient data. A Business Associate contract is not required with persons or organizations whose functions, activities, or services do not involve the use or disclosure…

When it comes to the HIPAA Privacy and Security Rules, the healthcare industry needs to ensure that the Protected Health Information in any form that is maintained, transmitted, and received by the organization is secure from potential risks. Internal human errors due to lack of security awareness training, poor security protocols, and incomplete risk assessments…