Mighty Fine – The High Cost ($2.5 Million) for Unsecured ePHI
Latest Articles
IoT Security: Same…Err…Stuff, Different Day
Remember when Edward Snowden showed the world how easy it is for your cell phone to record everything you say? Initial gut reaction for many was something along the lines of disbelief to shock. As time went by, many people took comfort in the idea that the government could not care less about their day-to-day activities. After all—for most of us—our day consists of the daily routine of workout, work, and daily errands. Yet, spying…
HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations
Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask for is the risk analysis. The OCR has obviously lost its patience for entities that choose or fail to perform…
Caution – Vendors are not the only ones charging you to use your EHR/EMR!
Based on recent news stories and our experience, it appears that cybercriminals may be targeting healthcare providers with ransomware attacks. Publicly reported incidents and others of which we are aware have involved providers ranging from clinics and imaging centers to hospitals, and these entities have had to pay hundreds to thousands of dollars to gain access to their medical records, billing records or other vital computer systems – often after significant interruption of operations. On…
HIPAA compliance: another year older, but hopefully not deeper in debt
My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose…
HIPAA compliance: another year older, but hopefully not deeper in debt
My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose…
IRS shines the light on tax ID theft
There are at least 1,040 reasons to love Florida. Who isn’t drawn to the sunshine, the pristine beaches, the food… and the tax fraud racket? For decades, South Florida has been the Silicon Valley for scam artists, drawn by the weather and the opportunity to make lots of money without actually doing much work. According to the Federal Trade Commission, Florida holds the highest per capita rate of identity theft complaints, followed by Georgia and…
Somebody’s watching your privacy policy
It may still be September, but to countless retailers, Halloween is already here. Passing by displays of spooky items while shopping, the ’80s haunted-house music video “Somebody’s Watching Me” comes to mind: “I always feel like somebody’s watching me, and I have no privacy” (yes, Rockwell has attribution, but Michael rocks the chorus).
The paranoid fellow in the video was worried about the IRS and the mailman – how quaint. In today’s world, high…
Texas is the first state to recognize Supported Decision-Making as alternative to Guardianship
Effective Sept. 1, 2015, there are significant changes to Texas Guardianship laws. For the first time, probate courts must consider alternatives to guardianship, and supports and services available to the proposed ward before a guardianship is created. Two new alternatives to appointing a guardian now exist: Designation of Guardian Before the Need Arises and Alternate Forms of Decision-Making Based on Person-Centered Planning; and Supported Decision Making Agreement. Tex. Est. Code §§ 1002.0015 & 1357.001.…
The 10 Key Activities for Effective Data Breach Response – Are You Prepared?
It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.
Healthcare organizations must be prepared to respond to…
