In a year of uncertainty, the healthcare industry can rely on one thing: OCR is taking HIPAA enforcement seriously. As of July 1, OCR has collected more than $17 million in monetary settlements from nine organizations.
This month's security Q&A answers readers' questions about accounting of disclosures, providing information to marketing departments, unencrypted emails, and terminating BAAs.
This due digilence checklist will help track and evaluate document requests, warn of privacy and security issues, and provide a basis for determining action plans and resources required to integrate privacy and security programs.
Effective privacy and information security programs start with attention to governance. These eight guidelines will help establish and measure privacy and information security structure and processes.
Even the best security can be circumvented by an insider or a cutting-edge cyberattack but an organization doesn’t have to weather the cost alone. Cyber insurance can help cover a variety of breach expenses, and some policies even provide pre-breach services and tools designed to bring an organization’s security to the next level.
There are many questions out there about what a managed service provider (MSP) should do for covered entities and business associates. There are different flavors of MSPs out there; therefore, it’s important to think about what your MSP will do for you and how to spot an MSP that may not be a good fit for your organization.
Compiling the statistics for insider threats to patient privacy is easy. It’s the mitigation of these risks that takes time, strategy, and commitment. According to the January 2017 Protenus Breach Barometer, internal health system employees were responsible for 58.4% of breached patient data during January 2017.
