Third Party (BA) Contract and Privacy and Security Risk Management
The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.
ComplyAssistant Kicks Off Summer Webinar Series
ComplyAssistant kicked off its summer webinar series on June 22, 2016 with guest speaker Helen Oscislawski, founder of the Attorneys
Office of Civil Rights Phase 2 HIPAA Audit Protocols
Based on prior statements from the OCR and their recently distributed survey, the pool of audit candidates will be approximately 800 to start. These randomly selected organizations will be chosen using the National Provider Identifier database and other external sources.
Workforce Risk and the Evolution of the Breach of Protected Health Information (PHI)
Who would have thought back in 1990 that someone in China or Russia or anywhere would be able to steal health information in a hospital in Anytown USA and even hold it for ransom.
Back to the Future – Root cause of Information Security Breaches
Healthcare seems to be the #1 target for hackers and ransomware and there are two (2) main reasons that make up the root cause.
ComplyAssistant Announces Enhancements to its Cloud Compliance Management Portal
May 5, 2016 – Colts Neck, NJ – ComplyAssistant, a leader in healthcare compliance management solutions, announces new enhancements to
ComplyAssistant CEO to Speak on Cybersecurity at June 2016 NJ HIMSS Event at Rutgers University
On June 8, 2016, ComplyAssistant CEO Gerry Blass, will be moderating a Cybersecurity Vendor Panel discussion at an upcoming New
The Top Ten Things Your Organization Should Do To Pass An OCR Audit
Imagine trying to come up with the top ten things our planet should do to decrease vulnerabilities and threats. Looking at earth from 30,000 feet can make that seem easier to do. But if we zoom in to the details we could probably come up with hundreds of things to consider. The same is true with health information privacy and security. To come up with what we consider to be the top ten things to do to pass an Office for Civil Rights (OCR) audit and reduce risk of unauthorized access to your protected health information (PHI), we had to zoom out and look at what we have observed over the past several years from a very high level. Our top ten things to do are not listed in any particular order. Keep in mind that our top ten today will most likely change very soon and at least year to year. Here they are:
ComplyAssistant adds NIST Cybersecurity Framework and two (2) additional information security content categories
ComplyAssistant, a leader in healthcare compliance management solutions, has added three (3) new information security content categories
Business Intelligence and Big Data – What are the HIPAA Privacy and Security Impacts?
Since we are talking about healthcare information we must talk about protected health information (PHI) and the HIPAA-HITECH-OMNIBUS Privacy, Security, and Breach Notification Rules. BI and Big Data analysis that includes PHI and its use and disclosure must be reviewed against the HIPAA security and privacy requirements and the breach notification requirements.
The Ever Increasing Size of Healthcare Breaches
The numbers of individuals involved in recent breaches have been huge in relation to the magic number of 500. We all read about breaches involving millions of individuals. Some of the recent cyber attacks have potentially resulted in numbers up to 10 million. Compare that to 500, and you have to wonder if that metric is going to increase, and where will it all end. How big can future breaches become?
Accountable Care Organizations & Health Information Exchanges (An Information Security Survey)
Journal of Healthcare Information Management – (JHIM) – Winter 2015 Used by permission from HIMSS. Download the JHIM PDF version
