The threat landscape and attack surface are evolving rapidly, and the healthcare ecosystem is becoming more interconnected. While some healthcare providers are systematically analyzing and responding to risks across the enterprise, the majority are not.
New Multi-Million Dollar Office for Civil Rights’ Settlements Re-Affirm Risk Analysis & Risk Management as HIPAA Enforcement Priorities
The enforcement actions, which settled violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, were related to breaches of electronic Protected Health Information (ePHI) affecting millions of individuals.
Steve Cagle, CEO of Clearwater Compliance, shares how healthcare companies can manage risk around the new cybersecurity challenges many are facing.
With third-party breaches continuing to rise, healthcare providers have drastically increased their expectations and standards for vendors (classified as “Business Associates” under HIPAA) to safeguard patient data.
Over the last decade, strategic acquirers and private equity investors have integrated thousands of HIPAA covered entities and business associates into their portfolios. Through these experiences, they have become much better educated on the regulatory and reputational risk counterparties bring as a result of a privacy or security breach.
Compelling Reasons for Business Associates to Outsource their HIPAA Privacy & Security Program as a Managed Service
A Strong HIPAA Privacy and Security Program Creates a Competitive Advantage
OCR Re-Affirms Enterprisewide Risk Analysis is the “Most Important Thing You Can Do to Protect Yourself” Against a Cyber Attack
“Attacks are now more sophisticated and more targeted,” Office for Civil Rights Director Roger Severino said. “The single most important thing you can do to protect yourself is to conduct a risk analysis.”
Key Takeaways From the Safeguarding HIPAA Summit – Part 2 The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place late October in DC. This post will serve as Part two and will pick up from […]
Anthem Breach Learnings: HITRUST Certification Is Not A Replacement for An Enterprise Security Risk Analysis
Anthem Breach Learnings: HITRUST Certification Is Not A Replacement for An Enterprise Security Risk Analysis The recent $16 million HIPAA settlement with Anthem, Inc. in the wake of the 2015 breach of nearly 79 million records, has been well publicized. In this case, the Office for Civil Rights (OCR) found that Anthem failed to take […]
Key Takeaways From the Safeguarding HIPAA Summit – Part 1 The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place last week in DC. In this post I will discuss key takeaways: Risk analysis continues to […]