HIPAA TIP: 405(d) Training Tools – Aligning Health Care Industry Security Approaches

HIPAA TIP TUESDAY

The 405(d) Program is focused on providing the healthcare and public health (HPH) sector with impactful resources, products, and tools to raise awareness and strengthen the industry’s cybersecurity posture against cyber criminals and threats. This program was developed to be a collaborative effort between industry and the federal government to align healthcare organizations with security…

Read More

HIPAA TIP: Email Policy and Ethics

HIPAA TIP TUESDAY

If your organization does not have an email policy in place now is the time to execute one. The importance of an email policy is to communicate to the workforce exactly what the company expects when sending/using emails for business correspondence. We have all fallen into the “easy trap” of emailing since this is a…

Read More

HIPAA TIP: Ransomware

HIPAA TIP TUESDAY

Ransomware is a form of malware designed to encrypt files on a device, rendering files and the systems that rely on them unusable. The attacker then demands a ransom from the victim to restore access to the data once payment is made. The attacker will send instructions on how to pay the fee in order…

Read More

HIPAA TIP: Risks, Threats and Vulnerabilities

HIPAA TIP TUESDAY

Risks are defined as situations involving exposure to danger. Risk involves uncertainty about the effects/implications of an activity focusing on negative, undesirable consequences. A Threat is an intention to inflict harm, damage, or other hostile action, which could be from one person or a hacking or ransomware organization, with the intent to manipulate a system…

Read More

HIPAA TIP: HIPAA Security Standards

HIPAA TIP TUESDAY

The HIPAA Security Rule established national standards to protect individuals’ electronic Protected Health information (ePHI). The General rule is to ensure the Confidentiality, Integrity and Availability (CIA) of all ePHI created, received, maintained, or transmitted. Did you know that as a Covered Entity or Business Associate you must comply with each standard? Security Standards for…

Read More

HIPAA TIP: Healthcare Risks and Mitigation Strategies

HIPAA TIP TUESDAY

RISKS: 1. Incomplete inventories of systems and data locations; exceptions and non-standard situations along with outdated devices. 2. Staff shortage – lack of security awareness training for staff. Relying on vendors for security measures and believing the organization is off the hook if the vendor has some security measures. 3. The “Internet of Things” has…

Read More

HIPAA TIP: Healthcare Data Breaches from Verizon Data Breach Investigations Report 2022

HIPAA TIP TUESDAY

FREQUENCY: 894 incidents, 571 with confirmed data disclosure. Healthcare is the number one industry for cybersecurity incidents and disclosure(s) of Personally Identifiable Information (PII) and Protected Health Information (PHI). TOP PATTERNS: Web Applications, Miscellaneous Errors, Email Phishing, and theft of credentials are behind 86% of breaches. THREAT ACTORS: External (61%), Internal (39%). ACTOR MOTIVES: Financial…

Read More

HIPAA TIP: HIPAA Violations and Penalties

HIPAA TIP TUESDAY

In recent years, the number of employees discovered to be accessing or stealing PHI has increased. The value of PHI on the black market is considerable, and this can be a big temptation for some. It is essential that controls are put in place to limit the opportunity for individuals to steal patient data, and…

Read More

HIPAA Tip: Wireless Access Within the Organization

HIPAA TIP TUESDAY

How is your wireless access set up within the organization? Are you asking yourself how it should be set up in order to reach HIPAA compliance and protect the environment? A wireless access point is hardware that allows Wi-Fi devices to connect to a wired network. The access point typically connects to a router via…

Read More

HIPAA Tip: Basic Steps to HIPAA Compliancy

HIPAA TIP TUESDAY

The HIPAA Privacy Rule requires organizations to secure Protected Health Information (PHI). The HIPAA Security Rule explains how to secure PHI and electronic Protected Health Information (ePHI), including how that data should be handled, transmitted and maintained. The Security Rule requires healthcare organizations and their Business Associates to have three security safeguards in place: Administrative,…

Read More