Healthcare Information Security

Risk Management

Vendor Risk Management Key Focus in Recent HITRUST Program

May 2, 2017 - A new HITRUST exchange aims to help entities as they request and receive third-party security and privacy risk assessment information, streamlining the vendor risk management process. The HITRUST Assessment Exchange will utilize the HITRUST CSF Assurance Program to simplify how organizations manage and monitor third party privacy and security information, according to a HITRUST announcement....

More Articles

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by Elizabeth Snell

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

DHS Must Sustain Stronger Federal Cybersecurity Measures Push

by Elizabeth Snell

The Department of Homeland Security (DHS) must continue to foster initiatives to improve federal cybersecurity measures, such as utilizing the National Cybersecurity Protection System (NCPS), according to the Government Accountability Office...

Preparing for an OCR HIPAA Risk Assessment Audit

by Elizabeth Snell

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

Why Healthcare Cybersecurity is a Risk Management Issue

by Elizabeth Snell

Healthcare organizations are slowly working to increase their healthcare cybersecurity governance, staffing, and budgetary resources, but there is still room for improvement, according to a recent study. The second annual HIMSS Analytics HIT...

GAO Finds DHS Cybersecurity Measures Have Room for Improvement

by Elizabeth Snell

While the Department of Homeland Security (DHS) has worked toward implementing necessary cybersecurity measures in its National Cybersecurity and Communications Integration Center (NCCIC), there are still factors impeding its efficiency and effectiveness,...

Cybersecurity Risk Management Focus in HITRUST Catalogue

by Elizabeth Snell

Having a stronger understanding of cybersecurity risk management is a key way for healthcare organizations to view potential risk areas and keep data secure, according to the Health Information Trust Alliance (HITRUST). That was a driving factor...

Security Operations Centers Falling Below Optimal Levels

by Elizabeth Snell

The majority of security operations centers (SOCs), which assist organizations in mitigating potential cybersecurity risks, are falling below the optimal maturity level, according to research from Hewlett Packard Enterprise (HPE). The HPE State...

OIG Finds Slight Increase in Medicare Information Security Gaps

by Elizabeth Snell

Evaluations of the Medicare administrative contractor (MAC) information security program found that the programs were adequate in scope sufficiency but still had an increase in security gaps from the previous year. The Office of Inspector General...

Utilizing Risk Analyses for Comprehensive HIPAA Compliance

by Elizabeth Snell

As technology continues to evolve and become more intricate, covered entities and their business associates have to ensure they account for potential risk in all aspects of their organization. A key part to complete HIPAA compliance is an updated...

FDA Information Security Weaknesses Create Health Data Risk

by Elizabeth Snell

The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive industry...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Latest Round of OCR HIPAA Audits Not a Reason for Panic

by Elizabeth Snell

The second round of the OCR HIPAA audits is officially underway, with desk audits being announced in July 2016. Notification letters were sent out to 167 covered entities on Monday, July 11, that they had been selected for the desk audit portion...

Assessing Vendor Risk for Stronger Health Data Security

by Eric Dieterich of Sunera

Whether a healthcare organization hires vendors to process customer payments, store HR data in the cloud or run the IT help desk, you extend your overall cyber risk environment to that of your third party providers. Too often, healthcare decision-makers...

Why Hospital Boards Must Understand Healthcare Cybersecurity

by Elizabeth Snell

As healthcare cybersecurity continues to evolve and become more intricate, hospital boards should ensure that they have a comprehensive understanding of the necessary data breach prevention measures. One of the important things that hospital...

Using an Online Risk Assessment for Health Data Protection

by Jim Hunter of CareTech Solutions

Online risk assessments can be greatly beneficial for healthcare organizations as they work to keep sensitive data secure, and also as patient engagement becomes a more important issue. Engaged patients tend to better manage their chronic conditions,...

Creating a Comprehensive Healthcare Risk Management Plan

by Elizabeth Snell

Without a current and thorough healthcare risk management plan, covered entities of all sizes will have a more difficult time reacting to, and recovering from, a data security incident. Risk assessments are an essential part of that as well,...

Mitigating Risk for Stronger Healthcare Cybersecurity

by Elizabeth Snell

There have been an increasing amount of healthcare cybersecurity threats as the industry works toward interoperability and attempts to keep pace with evolving technologies. Healthcare data breaches could potentially affect any covered entity,...

OIG Finds Medicaid Risk Management Process Lacking in S.C.

by Elizabeth Snell

The South Carolina (State) Medicaid Management Information System (MMIS) did not have a strong risk management process, according to a recent report from the Office of Inspector General (OIG). Specifically, MMIS data was not safeguarded properly...

Lahey Hospital Agrees to $850K OCR HIPAA Settlement

by Elizabeth Snell

Lahey Clinic Hospital, Inc. (Lahey) agreed to an OCR HIPAA settlement that stemmed from a 2011 incident where an unencrypted laptop was stolen, potentially compromising the PHI of 599 individuals. Lahey was fined $850,000 as part of the settlement...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks