If you’re generating audit logs, you must regularly review them. SPHER, a cost-effective software as a service tool that automates the review of the multitude of audit logs your EHR generates and can help you discover potential security incidents and avoid unpleasant surprises.
HIPAA says staff should only access the minimum necessary amount of information to do their jobs. But defining roles, access, and minimum necessary can quickly become a complicated exercise in frustration. Use this tool to help your organization form a practical minimum necessary policy.
Employers take note: In-demand health IT professionals are more interested in job satisfaction and professional growth than in longevity with an organization. Although compensation and benefits packages are important, a positive work culture, the opportunity to do meaningful work, and the potential for career advancement make a big impact on current and prospective health IT staff.
When it comes to security patch management, the more you plan, the less likely it is that something will go wrong and you'll be better prepared for anything unexepected that does happen. Take a look at some successful patch management strategies to learn how to keep your organization secured against hackers and software failure.
Organizations are generally keeping up due diligence when it comes to HIPAA compliance training and essential auditing, despite an increasingly challenging array of threats directed at them. However, confusion still holds sway on risk analysis and more robust audit functions.
More than half (56%) of the respondents to Ponemon Institute’s Fifth Annual Data Breach Preparedness Study reported experiencing an organizationwide breach. Of these respondents, 51% reported that their organization’s data response plan is not very effective.
Q. My understanding is that HIPAA doesn’t mandate use of a specific security standard. Are we required to keep documentation explaining why we chose a particular security standard? I’ve also been told that we are required to encrypt data according to National Institute of Standards and Technology standards. Is this spelled out in the regulations?
Core security and privacy training content often falls short of good practice. Sometimes, the information security officer and privacy officer do not have the resources to create robust content. Furthermore, organizations often limit training time to avoid any impact on productivity. However, providing incomplete information is short-sighted. An inadequately trained workforce is more likely to directly or indirectly cause regulatory violations and breaches.
