HIPAA Tip Tuesday

Your organization has completed its annual HIPAA Security Risk Analysis (SRA) for 2023 – mission accomplished! Or is it? When assessing the SRA start with reviewing all risks and the level of impact the risk will have on the organization. In other words, will a particular risk have a low, medium or high impact should…

Without appropriate authorization policies and procedures and access controls, hackers, workforce members, or anyone with an Internet connection may have impermissible access to the health data that your organization has and is responsible for securing under the HIPAA Rule. Plain and simple, operating systems and applications containing electronic Protected Health Information (ePHI) must have controls…

When the subject of Disaster Recovery Plans is brought up with healthcare organizations’ management, most cringe. HIPAA requires organizations to create and implement contingency plans that enable the organization to continue operations, even in times of a disaster. As important as this is, HIPAA requires your business to be prepared for a disaster occurrence, whether…

HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of Protected Health Information (PHI). To fulfill this requirement HHS published what are known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually…

What did we learn this year about Cybersecurity Awareness and how can we apply this in our organizations and daily lives? Instead of thinking this is rocket science or brain surgery, lets look at the basics: Use strong passwords – at minimum 10-12 characters, passphrases much better than a user’s name or personal information; do…

Multi-Factor Authentication (MFA) is an account login process that requires multiple methods of authentication to verify a user’s identity. MFA combines two or more independent credentials: what the user knows, such as a password, what the user has, such as a security token sent to a cell phone or email account, and what the user…

Cybersecurity Awareness Month is a reminder for all organizations to educate themselves on cyber attacks and how easily this can happen, potentially crippling the business. Based on the number of incidents and breaches, ALL staff must be aware and knowledgeable on ways threat actors can access (and most of the time, easily) an organizations environment.…

October, recognized as Cybersecurity Awareness Month, holds a special significance for the healthcare industry. In a time where digital threats are growing and evolving, the importance of safeguarding electronic Protected Health Information (ePHI) has never been more pressing.   Why Cybersecurity Matters in Healthcare  It’s a well-understood reality: Cyber threats are everywhere. From phishing emails attempting…

What comes to mind when you hear the word “Cybersecurity”? We are constantly reading about how organizations need to ramp up their cybersecurity to protect data, devices and networks from unauthorized access including cybersecurity criminals. NIST defines cybersecurity as the prevention of damage to, unauthorized use of, exploitation of, and – if needed – the…

The general requirements of the HIPAA Security Rule establish that Covered Entities and Business Associates must do the following: Ensure the Confidentiality, Integrity, and Availability (CIA) of all electronic Protected Health Information (ePHI) the Covered Entity or Business Associate creates, receives, maintains, or transmits. Protect against any reasonably anticipated threats or hazards to the security…