Healthcare Information Security

Risk Assessment

OIG Notes Va. Medicaid Information Security Vulnerabilities

May 19, 2017 - An Office of Inspector General (OIG) audit found the Virginia Medicaid Management Information System (MMIS) to have information security vulnerabilities. “Virginia did not adequately secure its Medicaid data and information systems, which potentially compromised the integrity of its Medicaid program and could have resulted in unauthorized access to and disclosure of Medicaid beneficiary...

More Articles

Preparing for an OCR HIPAA Risk Assessment Audit

by Elizabeth Snell

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by Elizabeth Snell

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

FDA Information Security Weaknesses Create Health Data Risk

by Elizabeth Snell

The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive industry...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Why Latest OCR HIPAA Audits are About Compliance, Action

by Elizabeth Snell

The Office for Civil Rights (OCR) announced the second round of its HIPAA audit program on July 11, 2016, sending out notification emails to 167 covered entities. The desk audits will review how healthcare organizations adhere to the HIPAA Privacy,...

Latest Round of OCR HIPAA Audits Not a Reason for Panic

by Elizabeth Snell

The second round of the OCR HIPAA audits is officially underway, with desk audits being announced in July 2016. Notification letters were sent out to 167 covered entities on Monday, July 11, that they had been selected for the desk audit portion...

Assessing Vendor Risk for Stronger Health Data Security

by Eric Dieterich of Sunera

Whether a healthcare organization hires vendors to process customer payments, store HR data in the cloud or run the IT help desk, you extend your overall cyber risk environment to that of your third party providers. Too often, healthcare decision-makers...

Going On the Offensive in Healthcare Cybersecurity

by Mac McMillan of CynergisTek

I don’t think anyone needs much more convincing when it comes to healthcare cybersecurity. It’s clear that healthcare is under attack by a host of different cyber criminals who seek to steal and monetize its information, extort it...

Reviewing the HIPAA Risk Assessment Process

by Elizabeth Snell

While the Office for Civil Rights (OCR) announced that phase two of its HIPAA audit program is underway, covered entities of all sizes and their business associates should already understand the basics of a HIPAA risk assessment. Being able to...

Using Risk Assessments, Management for OCR HIPAA Audits

by Elizabeth Snell

There has been much discussion over the second round of OCR HIPAA audits, with covered entities of all sizes wanting to know how they can best prepare for a potential investigation. Having an updated and thorough risk management process will...

HITRUST Head Addresses Health Data Security, Cyber Insurance

by Jacqueline Belliveau

With the increase in volume and severity of recent health data breaches, more and more healthcare providers and associated organizations are relying on cyber insurance to complement their health data security policies and procedures. At the Homeland...

Using an Online Risk Assessment for Health Data Protection

by Jim Hunter of CareTech Solutions

Online risk assessments can be greatly beneficial for healthcare organizations as they work to keep sensitive data secure, and also as patient engagement becomes a more important issue. Engaged patients tend to better manage their chronic conditions,...

Creating a Comprehensive Healthcare Risk Management Plan

by Elizabeth Snell

Without a current and thorough healthcare risk management plan, covered entities of all sizes will have a more difficult time reacting to, and recovering from, a data security incident. Risk assessments are an essential part of that as well,...

OIG Finds Medicaid Risk Management Process Lacking in S.C.

by Elizabeth Snell

The South Carolina (State) Medicaid Management Information System (MMIS) did not have a strong risk management process, according to a recent report from the Office of Inspector General (OIG). Specifically, MMIS data was not safeguarded properly...

How Magruder Hospital Balances PHI Security, Innovation

by Elizabeth Snell

Ohio-based Magruder Hospital might be a small critical access organization, but that does not mean that it has not taken the necessary steps to keep its PHI security a top priority. Magruder IT Director Dan Thompson told

How Will End of Meaningful Use Affect Healthcare Security?

by Elizabeth Snell

Earlier this week, acting administrator at the Centers for Medicare & Medicaid Services Andy Slavitt announced that the meaningful use program, at least how it currently had existed, will come to an end. According to Slavitt, CMS will instead...

How Administrative Safeguards Can Prevent Data Breaches

by Elizabeth Snell

Preventing healthcare data breaches is a common goal for covered entities of all sizes. It can be easy to let the importance of administrative safeguards fall behind other areas, such as concerns over hacking and stolen devices, but organizations...

Lack of Risk Assessment Key in UWM $750K HIPAA Settlement

by Elizabeth Snell

The University of Washington Medicine (UWM) recently agreed to a $750,000 fine as part of a HIPAA settlement, which was the result of a 2013 incident. UWM filed a breach report to OCR November 27, 2013, where an email containing malicious malware...

How Parkway Works Toward HIPAA Compliance

by Elizabeth Snell

HIPAA compliance is something that all covered entities and their business associates need to work toward and closely monitor. No organization wants to miss a key security issue that eventually leads to a data breach. Successfully preparing for...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks