Healthcare Information Security

HIPAA Compliance

Healthcare provider advice in gearing up for 2014 HIPAA audits

by Patrick Ouellette

With the Office for Civil Rights (OCR) in the midst of organizing its 2014 HIPAA auditing program, now is a good time for healthcare providers to begin assessing their state of compliance and determine their readiness for these potential audits....

OCR readies pre-audit survey for HIPAA covered entities, BAs

by Patrick Ouellette

The Office for Civil Rights (OCR) began to set the table for its 2014 auditing program when it published an information collection request for HIPAA covered entities and business associates (BAs) in the Federal Register yesterday. While the exact...

Middlesex Hospital uses Splunk software for HIPAA compliance

by Nicole Freeman

Middlesex Hospital, a HIMSS Stage 6 hospital, is using Splunk Inc. real-time operational intelligence software to meet HIPAA and HITECH standards throughout its hospital IT network and to secure its electronic healthcare records (EHR). The...

(ISC)2 offers healthcare IT security and privacy training

by Nicole Freeman

(ISC)² (“ISC-squared”), a not-for-profit group of certified information and software security professionals, is offering a specialized program meeting its HealthCare Information Security and Privacy Practitioner (HCISPPSM) credential....

HIMSS14 session preview: HIPAA security controls & analytics

by Nicole Freeman

While healthcare organizations are often warned of data breaches and the need for security measures, there may be concern as to what kinds of protection are needed. How much security is enough? What does each unique provider need to do to protect...

HIMSS14 session preview: Patient privacy trends

by Nicole Freeman

Protecting patient data should be a high priority for all healthcare providers, and the government continues to create policy regarding the protection and access of protected health information (PHI). The Department of Health and Human Services...

HIMSS14 session preview: Encrypting data at rest

by Nicole Freeman

Healthcare providers often hear about the benefits of encrypting protect health information (PHI), and the data breaches that become more serious when information is unencrypted. Encrypting data at rest is required of HIPAA-covered entities per...

WEDI publishes health data breach notification tips

by Patrick Ouellette

The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision process. According...

HIMSS14 session preview: Privacy and compliance practices

by Nicole Freeman

Healthcare organizations are consistently reminded of their need to protect patient privacy and data, and HIPAA compliance is a requirement for all providers and their business associates (BAs). For healthcare systems, however, there is also...

HIMSS14 session preview: Coordinating ACO privacy & security

by Nicole Freeman

Accountable care organizations (ACOs) are being formed in different sizes across the country in an effort to improve patient access to care, the quality of care received, increase affordability, and, in some cases, switch to a value-based reimbursement...

HIMSS14 session preview: Meaningful use risk assessments

by Nicole Freeman

As healthcare data breaches continue to occur, providers are often reminded that staff training and encryption are key to securing patients’ protected health information (PHI). These are not the only processes necessary to safeguard information,...

Vendors to showcase secure solutions at HIMSS14

by Nicole Freeman

As HIMSS14 in Orlando gets closer, vendors are announcing their participation and product showcases. Patient data security continues to be a focal point in the healthcare industry, and companies are eager to share their HIPAA-compliant offerings....

ONC, OCR publicize HIPAA Digital Privacy Notice Challenge

by Patrick Ouellette

After providing four approved notice of privacy practices (NPP) templates in September, the Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) are focusing on digital NPPs and recently...

HIPAA requires providers using Skype to have BAAs

by Nicole Freeman

As expanding technology gives doctors new ways to contact patients and share their information HIPAA compliance questions continually pop up. Do the products being used protect patient data? Are additional safeguards required to comply with HIPAA?...

Healthcare attorney highlights HIPAA Omnibus changes

by Patrick Ouellette‘s recent webcast, “HIPAA Omnibus Rule compliance tips and best practices“, provided a variety of takeaways from presenter and Dunkiel Saunders healthcare attorney Eileen Elliott. One of the biggest developments...

HHS amends CLIA regulations to allow direct patient access

by Patrick Ouellette

After being delayed back in September, the Department of Health and Human Services (HHS) has released amendments in the Federal Register to the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations to give patients direct access...

Valley Hospital uses remote IT support to augment security

by Patrick Ouellette

In an ideal world, healthcare IT users would be able to walk down the hall and discuss any sort of clinical, technical or compliance issues with their organization’s on-site staff. But because many big healthcare networks span across many...

Register now for Feb. 5 HIPAA Omnibus Rule webcast

by Patrick Ouellette will be holding a webcast, “HIPAA Omnibus Rule compliance tips and best practices“, on February 5 at 1 p.m. EST to help further clarify changes to the HIPAA privacy and security rules that went into effect in...

Cybersecurity pro Nicholas Percoco joins KPMG LLP

by Patrick Ouellette

Cybersecurity pro Nicholas Percoco has been named Director of KPMG LLP’s Information Protection group, according to Dark Reading. Percoco will bring great experience with research on mobile devices and data breach statistics to KPMG. KPMG...

Redspin service combines HIPAA and PCI DSS analyses

by Nicole Freeman

Redspin, Inc., an IT security assessments and testing provider, has announced a new service that combines HIPAA Security Risk and PCI DSS 3.0 Gap Analyses. Reports are created through single-process analysis of data collection and policy review,...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks