Understanding HIPAA, the Trusted Exchange Framework, and Cybersecurity

Understanding HIPAA, the Trusted Exchange Framework, and Cybersecurity

Healthcare data is becoming a more and more common target for cyberattacks. Forrester Research warned a year ago that “healthcare breaches will become as large and common as retail breaches,” further predicting the Anthem breach that reached 80 million patients as a commonplace occurrence in the future. In this environment, organizations that handle sensitive health data are struggling to balance the need for better collaboration and record-keeping among trusted partners with the need to maintain strong security practices and meet compliance regulations.

Read More

What is the Patient Demographic Data Quality (PDDQ) Framework?

What is the Patient Demographic Data Quality (PDDQ) Framework?

As the number of firms that handle patient health care data grows, it has become increasingly more challenging to ensure that data is current, accurate, and correctly matched to the patient. To address this patient-matching problem, the Office of the National Coordinator for Health Information Technology (ONC) has collaborated with the CMMI Institute to develop the Patient Demographic Data Quality (PDDQ) Framework.

Read More

GDPR and Patch Management: The Lessons We’re Still Learning from Equifax

GDPR and Patch Management: The Lessons We’re Still Learning from Equifax

Since May 25, when the European Union (EU) began enforcing the General Data Protection Regulation (GDPR), companies of all sizes and across industries have been working to ensure they are in compliance. This scramble has been apparent externally through the updated privacy policy and opt-in messages on websites, but are businesses doing enough internally to protect the security of the personal data they handle?

Read More

Are Healthcare Organizations (HCOs) Prepared for GDPR Compliance?

Are Healthcare Organizations (HCOs) Prepared for GDPR Compliance?

With General Data Protection Regulation (GDPR) enforced as of May 25, 2018, many healthcare organizations (HCOs) in the United States are working to determine whether they need to be GDPR compliant and whether Health Insurance Portability and Accountability Act (HIPAA) compliance is enough.

Read More

How Will the GDPR Affect Your Business?

How Will the GDPR Affect Your Business?

With the May 25, 2018, enforcement deadline approaching, many businesses are wondering how the General Data Protection Regulation (GDPR) will affect them. Briefly, the GDPR is a joint effort from the Council of the European Union (EU), the European Commission, and the European Parliament to better protect citizens’ personal data, give them greater control over how companies handle and use their personal data, and make it easier for companies to comply with this single personal data oversight regulation.

Read More

What Is GDPR? And is Compliance Required?

What Is GDPR? And is Compliance Required?

On May 25th, 2018, the General Data Protection Regulation (GDPR) becomes enforceable for any company that handles the personal data of individuals in the European Union (EU). This regulation, developed as a joint effort by the Council of the EU, the European Commission, and the European Parliament, was adopted in April 2016; however, compliance will be enforced beginning this spring. What does this mean for your company’s data handling processes?

Read More

What Your Event Log Manager Isn't Telling You

What Your Event Log Manager Isn't Telling You

Somewhere along the way, it became a best practice for administrators to set up event logs to capture as much data as possible. This big net method provides a sense that nothing will slip through the cracks if all incidents are captured. However, the vast quantities of data generated by this approach make it more difficult—not easier—to spot threats and remain compliant.

Read More

How to Improve PHI Compliance Without Alienating Patients

How to Improve PHI Compliance Without Alienating Patients

Securing electronic personal health information (ePHI) to maintain Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance can be a challenging task. Doing so while ensuring patients feel welcome and confident in your organization’s data security practices is even more challenging.

Read More

Why Auditing External Service Providers Is A Must

Why Auditing External Service Providers Is A Must

Networks are often protected with security implementations that are developed using external service providers. So, how are you supposed to know if these providers have compromised your data? How do you go about auditing the security posture of external service providers? Here are a few best practices to help examine your risk exposure and, if necessary, take action.

Read More

HIPAA Audits: What You Need to Know

HIPAA Audits: What You Need to Know

The Health Insurance Portability and Accountability Act (HIPAA) regulates covered entities that include most health care organizations and professionals as well as the businesses they associate with, holding those entities to reporting and security requirements. HIPAA audits, including performance and security audits, ensure those entities effectively and efficiently remain in compliance with the regulation.

Read More

Compliance Checklist: PCI DSS 3.2 Requirements and Security Assessment Procedures

Compliance Checklist: PCI DSS 3.2 Requirements and Security Assessment Procedures

The release of the next version of the Payment Card Industry (PCI) Data Security Standard (DSS) is upon us. Version 3.2 was published in late spring 2016 and will be considered best practice until the end of January 2018—and effective as a requirement starting February 2018. Follow these PCI DSS 3.2 Requirements and Security Assessment Procedures to ensure your organization is prepared.

Read More

Preventing and Responding to ePHI Ransomware Breaches

Preventing and Responding to ePHI Ransomware Breaches

The ransomware threat to Health Insurance Portability and Accountability Act (HIPAA) covered entities is real and growing. According to a recent U.S. government interagency report, since early 2016 there have been an average of 4,000 daily ransomware attacks—a 300% increase over 2015, which had 1,000 daily ransomware attacks reported. Many of these attacks are aimed at electronic protected health information (ePHI), which means ...

Read More

Problems With PCI-DSS Compliance – And How to Correct Them

Problems With PCI-DSS Compliance – And How to Correct Them

Many companies are required to adopt SSL and early TLS to comply with the Payment Card Industry-Data Security Standard (PCI-DSS). These companies are all too aware of the many issues that have plagued implementations. For instance, if you haven’t heard of high-profile vulnerabilities such as HeartBleed, Poodle, FREAK, and LogJam you must have been living under a rock. So, how can these vulnerabilities be mitigated moving forward?

Read More

Why Identity Governance Should Guide Access Management Decisions

Why Identity Governance Should Guide Access Management Decisions

Highly public and embarrassing data breaches have made access control and security top of mind for CIOs and consumers alike. This security-conscious mindset has put identity governance in the spotlight. This emerging approach enables business managers to treat access control as a security check to better protect ...

Read More

NIST Cybersecurity Framework: Overview and Business Case

NIST Cybersecurity Framework: Overview and Business Case

You’ve likely heard about the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This voluntary guideline uses existing and developing industry standards and practices to establish proactive risk management that can be applied to any organization. With the tagline, “Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure,” the NIST Cybersecurity Framework is meant for two audiences ...

Read More

3 HIPAA Compliance Best Practices

3 HIPAA Compliance Best Practices

Health Insurance Portability and Accountability Act (HIPAA) violations can be a costly mistake, resulting in reputation and brand damage, fines, and criminal penalties. However, organizations can easily avoid these consequences by following the well-documented HIPAA compliance requirements. But first, companies must establish whether HIPAA compliance applies to ...

Read More