Attempting To Avoid The High Cost Of A Reported HIPAA Breach

Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are not enough to avoid a potentially costly penalty or settlement amount in the event of a breach. In order to defend against assessment of civil money

[ Read More ]

Medical Device Cybersecurity: Legal Concerns

Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, says attorney Thomas Barnard of the law firm Baker Donelson. “There are a couple layers that we need to be concerned about,” Barnard says in an interview with Information Security Media Group. “You have individual liabilities

[ Read More ]

Healthcare ranks poorly on third-party risk management

Third-party risk programs in healthcare lack maturity, which puts data at risk, according to a report from the Shared Assessments Program and Protiviti, a global consulting firm. As cyberthreats become more sophisticated, many healthcare organizations are not prepared to manage their own security, let alone that of their business associates, according to an announcement on the report. Effective vendor management requires the same due diligence with third parties that they apply to their own incident response plans.

[ Read More ]

Healthcare compliance 101: vendor risk management

Vendor risk management is a process of ensuring your providers do not create the potential to negatively impact your business performance. Industries like financial services and healthcare are especially prone to regulatory healthcare compliance risk, due to the growing number and complexity of federal and state regulations.

[ Read More ]

5 tips for managing third-party risk

Data sharing is an unavoidable aspect of business in healthcare. The tricky part is that we can’t completely control the security of our data once it’s in the hands of third-party vendors. Despite the risks and vulnerabilities of sharing information, some healthcare organizations appear to have taken a rather lackluster approach to third-party risk management.

[ Read More ]

Discussing third party risk management in the healthcare industry

Healthcare security and how updated HIPAA/HITECH Act regulations are changing the nature of risk in that industry are hot topics right now. "The rules have made it easier for organizations to have penalties levied against them because of the actions of a subcontractor," Elizabeth Warren, a healthcare attorney with Nashville Tennessee-based Bass Berry & Sims, is quoted as saying in this Becker’s Hospital CIO post. And she’s absolutely right.

[ Read More ]

FEDRAMP

FedRAMP is a U.S. Government program to standardize how the Federal Information Security Management Act (FISMA) applies to cloud computing services. Cloud computing offers many advantages over traditional computing. Through cloud computing, Federal Agencies are able to consolidate and provision new services faster, at the same time reducing information technology costs. Cloud computing also enables efficiencies for services to citizens and offers stronger cyber security safeguards than what is possible using traditional information technology (IT) methods.

[ Read More ]

Healthcare data breaches caused by hacks are on the rise

Data breaches caused by hacking, so-called IT incidents and unauthorized access are on the rise, with 162% more incidents at healthcare organizations so far in 2017 as there were in all of 2016, according to data from HHS’ Office for Civil Rights.Security experts said that’s because hacking has gotten easier and organizations are now reporting

[ Read More ]