HIPAA Tip: Identity and Access Management

HIPAA TIP TUESDAY

Identity and access management is a set of security services, processes, policies and tools used to define and manage the roles and permissions of users, devices and application programming interfaces (APIs) to servers, onsite systems and applications, along with any cloud/offsite software systems and applications. Just as your organization would decide on how a new…

Read More

HIPAA TIP: Cybersecurity Questions to Ask Your IT Company

HIPAA TIP TUESDAY

Ask about multifactor authentication and where it would be possible to implement. This could be on email accounts, logging in remotely to the business, connecting to a cloud EMR or Practice Management system/application, or third party vendors connecting to the organization’s environment. Request information on backups that are being completed by the IT company. How…

Read More

HIPAA TIP: Essential Cybersecurity Practices

HIPAA TIP TUESDAY

Implementing cybersecurity best practices is crucial for individuals and organizations to protect themselves against cyber risks. A strong foundation includes identifying, assessing, and responding to risks, considering the likelihood of events and their potential impacts. During the annual HIPAA Risk Analysis, it’s essential to compile a list of risks or vulnerabilities to electronic Protected Health…

Read More

HIPAA TIP: Passwords

HIPAA TIP TUESDAY

I’d like this to sound like a broken record if it weren’t true: A recent study showed that 20% of passwords are compromised and 51% of passwords are reused. These statistics shed light on some dangerous cybersecurity issues. Password reuse exposes multiple accounts in case of a breach and makes and organization vulnerable to common…

Read More

HIPAA Tip: Why SMBs Are Cybercriminal’s Target

HIPAA TIP TUESDAY

While news headlines announce large company breaches from cybersecurity incidents it is just as likely for cybercriminals to target small or mid-size businesses (SMBs). And why is that, when you are thinking to yourself, “the bad guys aren’t coming after my small business!” Because it’s easy and the effort they need to put into the…

Read More

HIPAA Tip: Risk Assessment Process for Breaches

HIPAA TIP TUESDAY

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI. An impermissible use or disclosure of unsecured PHI is presumed to be a breach unless the Covered Entity or Business Associate demonstrates (based on a risk assessment) that there is a low probability that…

Read More

HIPAA Tip: Health Industry Cybersecurity Practices (HICP)

HIPAA TIP TUESDAY

The Health Industry Cybersecurity Practices (HICP) is a publication providing guidance to organizations, companies and manufacturers in the healthcare industry, helping them to practically implement cybersecurity best practices. Developed with every stakeholder in mind, organizations from small to large can benefit from the resources and best practices provided to prepare and fight against cybersecurity threats…

Read More

HIPAA Tip: HIPAA 13.1

HIPAA TIP TUESDAY

When comparing the HIPAA Rules – Privacy, Security, Omnibus and Breach Notification – to a half marathon, think about the following areas that must be taken into account to succeed in the “race”. Choosing a “training plan” that fits your life, or organization. HIPAA was created to have some flexibility with implementation and compliance, as…

Read More

HIPAA Tip: HIPAA Changes Coming in 2024

HIPAA TIP TUESDAY

The proposed rule, or Notice of Proposed Rulemaking (NPRM), is the official document that announces and explains the agency’s plan to address a problem or accomplish a goal. HIPAA NPRM was released in January, 2021. The final rule date is currently unknown but finalization and release is expected some time in 2024, with compliance due…

Read More

HIPAA Tip: Can We Ever Be Too Secure?

HIPAA TIP TUESDAY

Every day cyber-attacks are an ever increasing threat to businesses and organizations, especially in the healthcare sector, where patient data / one medical record can be sold on the black market for $250. Gaining someone else’s identity or insurance information will allow the thief to receive medical treatment, prescription drugs or medical services. Listed below…

Read More