Business associate assessments are notoriously burdensome and time consuming for both covered entity and the business associate (BA). But the typical 300-question survey can be significantly narrowed by focusing on the most critical and problematic issues.
The General Data Protection Regulation (GDPR) is the European Union (EU) regulation on privacy and security of personally identifiable information (PII). It goes into effect on May 25, 2018. This blog provides an important comparison between GDPR and HIPAA.
Healthcare organizations and their third party vendors have an obligation to the federal government and their patients to abide by the HIPAA regulations. Unfortunately the very foundation of social media opposes everything in relation to the privacy, security, and confidentiality of information. Social media allows for anyone to see your organizations information, at any time, in any part of the world.
We are starting to see Chief Information Security Officers (CISOs) reporting outside of Information Technology (IT). This makes sense because the CISO needs to be able to audit the IT controls and give an unbiased report to senior management.
We read about healthcare organizations that get fined by the OCR for basically doing nothing, meaning that they have a general lack of evidence of due diligence for HIPAA.
Reviewing some of the largest fines can help healthcare organizations learn how to avoid them should an incident occur. Many experts say that it isn’t IF an incident will occur, it’s WHEN.
Adding a cybersecurity tactical simulation test to an overall information security risk assessment is a must in today’s world. It is a sure bet that attacks and breaches will continue to occur and so the need for functional assessments, mitigation, awareness and response are key to protecting your organizations confidential information.
The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.
Based on prior statements from the OCR and their recently distributed survey, the pool of audit candidates will be approximately 800 to start. These randomly selected organizations will be chosen using the National Provider Identifier database and other external sources.
Who would have thought back in 1990 that someone in China or Russia or anywhere would be able to steal health information in a hospital in Anytown USA and even hold it for ransom.