Healthcare Information Security

Risk Assessment

OIG: Security Risk Assessments, Disaster Recovery Needed at Hospitals

December 18, 2017 - While two Indian Health Service (IHS) hospitals had increased system security and physical controls surrounding prescription drug and opioid disbursements, the Office of Inspector General (OIG) still determined that more improvements needed to be made. This included but was not limited to implementing IT risk assessments and ensuring an adequate disaster recovery plan was in place. “HHS...


More Articles

How to Prevent a Healthcare Data Breach in 2018

by Bill Kleyman

One word can describe the current security landscape: chaos. We’re way beyond the days of traditional firewall and network security solutions. Today, healthcare organizations have to worry about security when it comes to cloud, data, end-point,...

Revised NIST Infrastructure Cybersecurity Framework Released

by Elizabeth Snell

In an effort to help organizations continue to improve their cybersecurity risk management in critical infrastructure, NIST released a revised draft of its Cybersecurity Framework last week. The second draft of the Framework for Improving...

$2M Settlement Reached in Cottage Health Data Breach Case

by Elizabeth Snell

Cottage Health System recently reached a $2 million settlement with the California Attorney General’s office after two separate health data breach incidents that took place in 2013 and 2015. In total, more than 50,000 patients had their...

EHNAC: Risk Assessments, IoT Security Crucial in Attack Mitigation

by Elizabeth Snell

Hospitals and healthcare organizations need to keep a strong focus on their risk management and risk assessment process and ensure that any third parties or business associates also have proper security and IT risk management protocols in...

How Vendors, Providers Can Create Strong Health Data Security

by Elizabeth Snell

When it comes to maintaining HIPAA compliance, both healthcare providers and their chosen third-party vendors – or business associates – need to work together for comprehensive and current health data security. Compliance can get...

3 Tips to Ensure Healthcare Data Security in Evolving Environment

by Bill Kleyman

There’s so much happening with new types of advanced security technologies. Healthcare data security teams must analyze solutions around on premise as well as cloud options. Furthermore, the granularity of security makes it a challenge...

What Are Critical Considerations in Risk Management?

by Elizabeth Snell

Healthcare risk management is an increasingly critical area as cybersecurity threats continue to evolve. Regardless of an organization’s size, it needs to ensure that the right policies, procedures, and tools are in place so staff members...

Using NIST Guidance for Better Risk Assessment, Data Security

by Elizabeth Snell

A structured method of prioritizing programs, systems, and components based on their importance is a critical part of an organization’s risk assessment process and approach to data security, according to a recent NIST special publication....

OIG Notes Va. Medicaid Information Security Vulnerabilities

by Elizabeth Snell

An Office of Inspector General (OIG) audit found the Virginia Medicaid Management Information System (MMIS) to have information security vulnerabilities. “Virginia did not adequately secure its Medicaid data and information systems, which...

Preparing for an OCR HIPAA Risk Assessment Audit

by Elizabeth Snell

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by Elizabeth Snell

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

FDA Information Security Weaknesses Create Health Data Risk

by Elizabeth Snell

The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive industry...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Why Latest OCR HIPAA Audits are About Compliance, Action

by Elizabeth Snell

The Office for Civil Rights (OCR) announced the second round of its HIPAA audit program on July 11, 2016, sending out notification emails to 167 covered entities. The desk audits will review how healthcare organizations adhere to the HIPAA Privacy,...

Latest Round of OCR HIPAA Audits Not a Reason for Panic

by Elizabeth Snell

The second round of the OCR HIPAA audits is officially underway, with desk audits being announced in July 2016. Notification letters were sent out to 167 covered entities on Monday, July 11, that they had been selected for the desk audit portion...

Assessing Vendor Risk for Stronger Health Data Security

by Eric Dieterich of Sunera

Whether a healthcare organization hires vendors to process customer payments, store HR data in the cloud or run the IT help desk, you extend your overall cyber risk environment to that of your third party providers. Too often, healthcare decision-makers...

Going On the Offensive in Healthcare Cybersecurity

by Mac McMillan of CynergisTek

I don’t think anyone needs much more convincing when it comes to healthcare cybersecurity. It’s clear that healthcare is under attack by a host of different cyber criminals who seek to steal and monetize its information, extort it...

Reviewing the HIPAA Risk Assessment Process

by Elizabeth Snell

While the Office for Civil Rights (OCR) announced that phase two of its HIPAA audit program is underway, covered entities of all sizes and their business associates should already understand the basics of a HIPAA risk assessment. Being able to...

Using Risk Assessments, Management for OCR HIPAA Audits

by Elizabeth Snell

There has been much discussion over the second round of OCR HIPAA audits, with covered entities of all sizes wanting to know how they can best prepare for a potential investigation. Having an updated and thorough risk management process will...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks