Investing in a comprehensive ECRM program that will ultimately prevent avoidable ransomware attacks and breaches, and subsequent harm to patients, must become a front-and-center objective of the ESG program.
The inability to adequately predict, quantify and understand the economic impact that vendors pose to healthcare providers has become a major issue as third-party data breaches grow in frequency and severity.
The threat landscape and attack surface are evolving rapidly, and the healthcare ecosystem is becoming more interconnected. While some healthcare providers are systematically analyzing and responding to risks across the enterprise, the majority are not.
New Multi-Million Dollar Office for Civil Rights’ Settlements Re-Affirm Risk Analysis & Risk Management as HIPAA Enforcement Priorities
The enforcement actions, which settled violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, were related to breaches of electronic Protected Health Information (ePHI) affecting millions of individuals.
Steve Cagle, CEO of Clearwater Compliance, shares how healthcare companies can manage risk around the new cybersecurity challenges many are facing.
With third-party breaches continuing to rise, healthcare providers have drastically increased their expectations and standards for vendors (classified as “Business Associates” under HIPAA) to safeguard patient data.
Over the last decade, strategic acquirers and private equity investors have integrated thousands of HIPAA covered entities and business associates into their portfolios. Through these experiences, they have become much better educated on the regulatory and reputational risk counterparties bring as a result of a privacy or security breach.
Compelling Reasons for Business Associates to Outsource their HIPAA Privacy & Security Program as a Managed Service
A Strong HIPAA Privacy and Security Program Creates a Competitive Advantage
OCR Re-Affirms Enterprisewide Risk Analysis is the “Most Important Thing You Can Do to Protect Yourself” Against a Cyber Attack
“Attacks are now more sophisticated and more targeted,” Office for Civil Rights Director Roger Severino said. “The single most important thing you can do to protect yourself is to conduct a risk analysis.”
Key Takeaways From the Safeguarding HIPAA Summit – Part 2 The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place late October in DC. This post will serve as Part two and will pick up from […]