Many practices are currently leveraging Microsoft Office 365 for e-mail, file storage, and internal collaboration. Unsurprisingly, the number of threats targeting this information (phishing attacks, compromised credentials, etc.) continues to grow at a rapid rate.
As we enter into the last few months of this challenging year, many practices will be looking to perform a HIPAA IT Security Risk Analysis. When considering the approach to this year's analysis, it's important to consider any changes that may have been made to critical IT systems as part of the practice's response to COVID-19.
The National Institute of Standards and Technology has published a bulletin that provides several key reminders for people who have had to shift to working remotely as a response to COVID-19. The guidance, which can be found in full at the link below, summarizes previous NIST guidelines for working safely when out of the office.
On March 19, the Alabama Department of Public Health (ADPH) issued mandatory health orders to medical practices statewide to delay all elective medical and dental procedures until April 6th. On March 28, the order was amended such that non-emergency procedures are postponed further notice. Under these guidelines, Medical and dental practices have had to reduce office hours and/or close their office.
It is especially important for smaller practices to be mindful of Electronic Protected Health Information (ePHI) security regulations – a breach of ePHI can lead to costly notification requirements and potential monetary penalties under the HITECH Act. Managing physicians of small independent practices hold many responsibilities, including the duty to comply with the Security Rule within HIPAA regulations. This article provides a brief overview of federal ePHI compliance safeguards required in a practice. While not meant to be a comprehensive discussion of all requirements, it highlights legal considerations and safeguards a practice must implement to comply with HIPAA ePHI regulations. The federal Security Rule under HIPAA requires a health care provider (typically known as a Covered Entity) to have the minimum ePHI safeguards, listed below.
Most companies assume their cyber security is pretty good… until a breach happens and then you find out where the holes were. We often find that apathy and a lack of being proactive may cost you lots of money. An annual security audit is a necessity for all medical practices and companies in todays ever changing world of technology. It is a vital part of protecting your digital assets and cyber security plan for your organization. It’s not just about discovering any vulnerabilities or shortcomings, rather it’s about opportunities to strengthen your network security.
Did you know a single patient health record can earn cybercriminals 10 times the price of a stolen credit card number on the black market?
The Office of Civil Rights is auditing small and large healthcare providers alike, imposing multi-million dollar fines in some cases. Meanwhile, the same electronic storage, mobile devices, and cloud-based applications that patients, doctors, and healthcare staff want to use often compromise a practice’s ability to keep that patient data safe.
Devices that store information are now everywhere and used multiple times by most people on a daily basis. From PCs, to laptops, to phones and tablets, to USB keys and external hard drives – the amount of data that a person can potentially store has grown exponentially over the past decade. While the convenience of near unlimited storage is very appealing, it also introduces new challenges.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: