Understanding HIPAA, the Trusted Exchange Framework, and Cybersecurity

Understanding HIPAA, the Trusted Exchange Framework, and Cybersecurity

Healthcare data is becoming a more and more common target for cyberattacks. Forrester Research warned a year ago that “healthcare breaches will become as large and common as retail breaches,” further predicting the Anthem breach that reached 80 million patients as a commonplace occurrence in the future. In this environment, organizations that handle sensitive health data are struggling to balance the need for better collaboration and record-keeping among trusted partners with the need to maintain strong security practices and meet compliance regulations.

Read More

Are Healthcare Organizations (HCOs) Prepared for GDPR Compliance?

Are Healthcare Organizations (HCOs) Prepared for GDPR Compliance?

With General Data Protection Regulation (GDPR) enforced as of May 25, 2018, many healthcare organizations (HCOs) in the United States are working to determine whether they need to be GDPR compliant and whether Health Insurance Portability and Accountability Act (HIPAA) compliance is enough.

Read More

A Brief Overview of Data Breach Notification Requirements

A Brief Overview of Data Breach Notification Requirements

In an October 2016 data breach, the email addresses, phone numbers, and names of 57 million customers and personal information of approximately 7 million drivers was stolen from Uber. Although the company immediately worked to secure the data and prevent further unauthorized access, the data breach went unreported to authorities and victims for more than a year, with the company finally coming forward toward the end of 2017. Uber has openly stated that it mishandled the situation, but the attack and response raises the question: How long do companies have to notify regulating bodies and those affected when a data breach occurs?

Read More

How to Improve PHI Compliance Without Alienating Patients

How to Improve PHI Compliance Without Alienating Patients

Securing electronic personal health information (ePHI) to maintain Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance can be a challenging task. Doing so while ensuring patients feel welcome and confident in your organization’s data security practices is even more challenging.

Read More

HIPAA Audits: What You Need to Know

HIPAA Audits: What You Need to Know

The Health Insurance Portability and Accountability Act (HIPAA) regulates covered entities that include most health care organizations and professionals as well as the businesses they associate with, holding those entities to reporting and security requirements. HIPAA audits, including performance and security audits, ensure those entities effectively and efficiently remain in compliance with the regulation.

Read More

Preventing and Responding to ePHI Ransomware Breaches

Preventing and Responding to ePHI Ransomware Breaches

The ransomware threat to Health Insurance Portability and Accountability Act (HIPAA) covered entities is real and growing. According to a recent U.S. government interagency report, since early 2016 there have been an average of 4,000 daily ransomware attacks—a 300% increase over 2015, which had 1,000 daily ransomware attacks reported. Many of these attacks are aimed at electronic protected health information (ePHI), which means ...

Read More

3 HIPAA Compliance Best Practices

3 HIPAA Compliance Best Practices

Health Insurance Portability and Accountability Act (HIPAA) violations can be a costly mistake, resulting in reputation and brand damage, fines, and criminal penalties. However, organizations can easily avoid these consequences by following the well-documented HIPAA compliance requirements. But first, companies must establish whether HIPAA compliance applies to ...

Read More