HIPAA TIP: OCR Enforcement

HIPAA TIP TUESDAY

HHS Office for Civil Rights Settles Landmark Phishing Cyber-Attack Investigation Louisiana Medical Group settles after investigation reveals large cybersecurity breach affecting nearly 35,000 patients The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Lafourche Medical Group that specializes in emergency medicine, occupational medicine, and laboratory testing.…

Read More

HIPAA TIP: Identity Access Management

HIPAA TIP TUESDAY

Identity and access management (IAM) is the broad security discipline (consisting of policies, procedures, and technologies) that enables individuals to access only the right resources and for only the right reasons. HIPAA is specifically concerned about the privacy and security of electronic protected health information (ePHI), but the principles of IAM can and should be…

Read More

HIPAA TIP: Risk Analysis Complete for 2023? Next Steps

HIPAA TIP TUESDAY

Your organization has completed its annual HIPAA Security Risk Analysis (SRA) for 2023 – mission accomplished! Or is it? When assessing the SRA start with reviewing all risks and the level of impact the risk will have on the organization. In other words, will a particular risk have a low, medium or high impact should…

Read More

HIPAA TIP: Information Access Management

HIPAA TIP TUESDAY

Without appropriate authorization policies and procedures and access controls, hackers, workforce members, or anyone with an Internet connection may have impermissible access to the health data that your organization has and is responsible for securing under the HIPAA Rule. Plain and simple, operating systems and applications containing electronic Protected Health Information (ePHI) must have controls…

Read More

HIPAA TIP: Disaster Recovery Tabletop Exercises

HIPAA TIP TUESDAY

When the subject of Disaster Recovery Plans is brought up with healthcare organizations’ management, most cringe. HIPAA requires organizations to create and implement contingency plans that enable the organization to continue operations, even in times of a disaster. As important as this is, HIPAA requires your business to be prepared for a disaster occurrence, whether…

Read More

HIPAA TIP: The HIPAA Security Rule

HIPAA TIP TUESDAY

HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of Protected Health Information (PHI). To fulfill this requirement HHS published what are known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually…

Read More

HIPAA TIP: Takeaways from Cybersecurity Awareness Month 2023

HIPAA TIP TUESDAY

What did we learn this year about Cybersecurity Awareness and how can we apply this in our organizations and daily lives? Instead of thinking this is rocket science or brain surgery, lets look at the basics: Use strong passwords – at minimum 10-12 characters, passphrases much better than a user’s name or personal information; do…

Read More

HIPAA TIP: The Importance of Multi-Factor Authentication

HIPAA TIP TUESDAY

Multi-Factor Authentication (MFA) is an account login process that requires multiple methods of authentication to verify a user’s identity. MFA combines two or more independent credentials: what the user knows, such as a password, what the user has, such as a security token sent to a cell phone or email account, and what the user…

Read More

Cybersecurity Terminology

HIPAA TIP TUESDAY

Cybersecurity Awareness Month is a reminder for all organizations to educate themselves on cyber attacks and how easily this can happen, potentially crippling the business. Based on the number of incidents and breaches, ALL staff must be aware and knowledgeable on ways threat actors can access (and most of the time, easily) an organizations environment.…

Read More

HIPAA TIP: October is Cybersecurity Awareness Month

HIPAA TIP TUESDAY

October, recognized as Cybersecurity Awareness Month, holds a special significance for the healthcare industry. In a time where digital threats are growing and evolving, the importance of safeguarding electronic Protected Health Information (ePHI) has never been more pressing.   Why Cybersecurity Matters in Healthcare  It’s a well-understood reality: Cyber threats are everywhere. From phishing emails attempting…

Read More