Compliance Tips

ComplyAssistant President and CEO Gerry Blass recently sat down with Healthcare IT Today Editor and Founder John Lynn to discuss “The Impact of Ransomware on Healthcare Disaster Recovery and Business Continuity and Practical Steps to Improve.” Throughout the conversation, Blass shared his expert advice on why all organizations need a Disaster Recovery Business Continuity (DRBC) plan and offered useful tips for mitigating risks within your organization.

In the aftermath of the COVID-19 pandemic, it’s more important than ever for healthcare providers to maintain industry standards for patient care within their respective enterprises. State departments of health (DOHs) are taking a closer look at emergency preparedness plans with a more intentional focus on pandemic response through the implementation of spot or “surprise” audits.

As cybersecurity threats continue to wreak havoc on companies of all sizes, the importance of education and training for leaders is critical. In partnership with HFMA New Jersey, our team hosted a free, comprehensive webinar with health information technology (HIT) leaders from three of the top healthcare organizations located in New York and New Jersey. The discussion focused on internal and external cybersecurity risks and identified new risks directly resulting from the COVID-19 pandemic.

In today’s world, it’s easier than ever for hackers to take advantage of organizations online. Recent examples of this have come in the wake of the Colonial Pipeline attack and the Scripps Health EHR breach. The repercussions of both attacks—which include gasoline shortages up and down the east coast and disruption of EHR, website, and patient portal—are continuing to be felt long after the bad actors do their dirty work. So, what can organizations do to protect themselves?

Not only did the COVID-19 global pandemic change the way care is provided, it changed how security and compliance programs needed to be structured, especially with regard to disaster preparedness and business continuity. Though healthcare organizations typically have disaster recovery and business continuity (DR/BC) plans in place, it can often be difficult to operationalize those plans when a disaster arises.

If you’re considering HITRUST compliance as a cybersecurity framework, here is a list of the top 8 points you should consider before moving ahead.

With a seemingly infinite number of digital pathways right to the doorsteps of healthcare providers, we need to work even harder to protect information that could be exposed online. That includes vendor risk management…

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise. “COVID has simply increased risk of attacks due to more locations with a remote workforce, [protected health information] through telehealth, more phishing attacks, more opportunities that hackers like to take advantage of.”

The news late last year around Project Nightingale aroused interest from both healthcare organizations and the public on how and when protected health information (PHI) should be shared. With new technologies, new entrants to the healthcare market, how can healthcare providers balance HIPAA, cybersecurity protections, and the need to easily share data to improve patient care?

Though telecommuting was on already on the rise at a rate of 2-3% per year, the COVID-19 pandemic required healthcare organizations to re-evaluate work from home policies and quickly enable a remote workforce. But, in the midst of a pandemic, when you have to act as quickly as possible, how do you also make sure your networks and operations are still protected?