This post, 2018 HIPAA Compliance: How to Keep Your ePHI Protected,  first appeared on https://healthtechmagazine.net/. There has been quite a fuss lately over offering patients greater access to their health records, particularly with the introduction of Apple’s EHR app, which promises to bring electronic health records into patients’ pockets and introduce the era of bring-your-own-data in healthcare. But often that desire to bring patients into the fold gets quashed by a fear of cybersecurity and HIPAA […]

This post, When medical devices get hacked, hospitals often don’t know it, first appeared on http://www.healthcareitnews.com/. The threat to medical devices is real and happening now – and it’s a patient safety issue, much more than one of HIPAA compliance. The past three months have seen a record high in medical device recalls, increasing 126 percent in the first quarter of 2018 from last year, according to the Stericycle Recall Index. The biggest culprit was software, […]

This post, 5 steps to get a handle on your practice’s cyber vulnerability, first appeared on https://wire.ama-assn.org/. March 2, 2018 A staggering 83 percent of physicians recently told AMA researchers that their practices have experienced a cyberattack of some type. The 1,300 physicians surveyed also said not enough cybersecurity support is coming from the government that will hold them accountable for a patient information breach. But concise, actionable advice is available to help medical practices […]

This post, 3 things you need to do after receiving an OSHA citation, first appeared on https://www.bizjournals.com/. Dec 4, 2017, 3:15am EST If your company has been inspected and violations have been noted, the Occupational Safety and Health Administration (OSHA) has six months to send a list of citations. If your company receives a citation, it will include a list of all violations, proposed penalties for each of those violations, and a timeframe by which […]

This post, Where is your PHI Data Traveling Today?, first appeared on https://www.lexology.com/. Dickinson Wright | August 23, 2017 With most vendors offering and pushing cloud computing solutions and offsite data backup, or guaranteeing offsite backup of data they process for you, many HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the privacy and security of electronic protected health information. At […]

This post, What is the HIPAA Complaint Process?, first appeared on http://www.jdsupra.com/. August 9, 2017 The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Any person who believes that a covered entity or business associate is not complying with HIPAA may file a complaint with OCR (complaints may also be submitted directly to a covered entity). Here is a high-level overview of […]

This post, Three Essential Best Practices for HIPAA Compliance, first appeared on http://www.healthstream.com/. August 14, 2017 This blog post is taken from a recent Webinar featuring Marti Arvin, Vice President of Audit Strategy at CynergisTek. There have been 17 HIPAA enforcement actions since the beginning of 2016, over a period of 15 months. Most of these were the result of self-disclosure where the organization was required to contact the Office for Civil Rights (OCR about a […]