HIPAA Compliance Blog
risk management target

OCR Director Announces Open Season on Risk Analysis: Organizations Can Prepare, or Prepare to Pay Up

The Office for Civil Rights (OCR) has decided enough is enough. As a result, it has laid down the gauntlet. Conduct a bona fide security risk analysis, or else! Risk management must come before compliance Newly named OCR Director Jocelyn Samuels … Continue reading

Leave a comment Continue Reading →
PHI access

Copy That? 4 Privacy and Security Tips for Handing over PHI to Patients

The one-year anniversary of the Omnibus Rule deadline is this week, yet providers are still seeking guidance on some of its harder to navigate specifications, such as how to provision an individual’s right to access his/her protected health information. Individuals … Continue reading

Leave a comment Continue Reading →
hidden-risk-of-data-breach

Business associates: A greater security threat than hackers

When hospital giant Community Health Systems recently experienced a data breach involving 4.5 million patient records, the Franklin, Tenn.-based company identified the culprit as a sophisticated Chinese cyber-espionage team. Yet, as of Aug. 27, 2014, only about 7 percent of … Continue reading

Leave a comment Continue Reading →
Know your asset inventory

Key Ingredients: What’s the First Step for Cooking Up an Effective Information Risk Management Strategy?

At this point, it’s old news that the HIPAA Security Rule requires you to conduct a risk analysis to thoroughly assess “the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information” under your watch. … Continue reading

Leave a comment Continue Reading →
Bob Chaput, CEO

CEO-to-CEO: Don’t Let Them Checklist Their Way to Security

This entry is part 6 of 6 in the series CEO-to-CEO

The ‘headlines’ and ‘promotions’ I’ve seen over the last couple days suggest that there’s a simple ‘checklist’ of things to do to solve the myriad of complex information privacy, security and compliance issues facing the healthcare industry.  It’s almost like … Continue reading

Leave a comment Continue Reading →
The AEHIS Foundation

Clearwater Compliance Named Founding Premier Member of Association for Executives in Healthcare Information Security (AEHIS) Foundation

Clearwater Compliance is now a Founding Premier Member of the Association for Executives in Healthcare Information Security (AEHIS) Foundation, the company announced today. The AEHIS Foundation is the first professional organization serving as an education and networking platform to healthcare’s … Continue reading

Leave a comment Continue Reading →
The cost of a data breach

Financial Fallout: What Data Breaches Really Cost You

How much would a data breach cost your organization? The latest stories to hit the headlines show the severe financial impact of a breach. Community Health Systems, Inc., (CHS) is one of the companies to have attracted negative press, after … Continue reading

Leave a comment Continue Reading →
Insurance data risk management

HIPAA Penalties Sting Outside the Healthcare Field, Too

Most companies in the U.S. likely feel that Health Insurance Portability and Accountability Act (HIPAA) violations are strictly a healthcare industry concern. But any company with a self-funded group health plan (GHP) is now subject to HIPAA regulations, and the … Continue reading

1 Comment Continue Reading →
HIPAA Acute breach

Cute or HIPAA Acute?

Are your employees breaching your PHI security procedures? We look at a recent example that highlights how quickly a single, unauthorized access can escalate into a costly lawsuit.

Leave a comment Continue Reading →
Mobile privacy

7 Ways to Improve Mobile Privacy

Community Health Systems, one of the nation’s largest for-profit hospital chains, recently reported a data breach involving an astounding 4.5 million patient records – and fingered a sophisticated Chinese cyber-espionage team as the culprit. While breaches of this magnitude make … Continue reading

Leave a comment Continue Reading →