Call Us Today! 1.800.704.3394|

Compliance and Information Risk Management Blog

Chaos in Data Transfer Laws between the EU and US

In 1995 the EU adopted the Data Protection Directive regulating the exchange of personal data within the European Union and requiring the prohibition of those flows to third countries with inadequate privacy protection.  In July of 2000, the European Commission judged the principles of the US-EU Safe Harbor Framework “adequate” in terms of providing data […]

By |February 1st, 2017|Articles, Blog, Industry News Highlights|0 Comments

HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail

This entry is part 49 of 49 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail
There are plenty of ways to squander several million dollars, but none quite as frustrating as forking over those hefty sums to HHS’s Office for Civil Rights (OCR).  In each of these recent cases, MAPFRE Life ($2.20MM), St. Joseph’s Health ($2.1MM), Advocate […]


Reporting risk factors started in earnest in 2005 when the SEC introduced a new section in annual 10-K reports for organizations to discuss the “most significant factors that make the company speculative or risky.” Specifically, publicly traded companies were required to include qualitative disclosures of risk factors and to update that information quarterly with […]

By |December 27th, 2016|Blog|0 Comments

OCR is using audits to find risks and vulnerabilities that might not otherwise be known.

Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities […]

By |December 14th, 2016|Blog|0 Comments

Hybrids Beware! You are on OCR’s Radar.

OCR just announced a settlement agreement with the University of Massachusetts-Amherst for a breach of records at its Center for Language, Speech, and Hearing, which was not designated as a covered health care component in its hybridization. UMass is the third hybrid entity in the 43 enforcement actions listed on the HHS website that has […]

By |November 23rd, 2016|Blog|0 Comments

It’s All About Risk Management! OCR Release Guidance on Ransomware – “Your Money or Your PHI”

The Office for Civil Rights (“OCR”) released guidance on July 11, 2016 regarding ransomware and HIPAA. This guidance outlines activities supported by HIPAA that will assist Covered Entities and Business Associated in either preventing or quickly responding to ransomware attacks. To illustrate, the guidance calls for:

Implementing a security management process, including conducting a risk analysis […]

By |August 2nd, 2016|Blog|0 Comments

What Happened to Meaningful Use Stage 3? Become Familiar With The Medicare and CHIP Reauthorization Act (MACRA)

Centers for Medicare and Medicaid Services (CMS) says Meaningful Use (MU) will live on in MACRA. If you thought Stage 3 of the Electronic Health Record (EHR) Incentive Program was being consigned to the regulatory ether given the newly proposed Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) rule, time for some new thinking.

CMS […]

By |July 28th, 2016|Uncategorized|0 Comments

Cyber Contagions Knock Out Hospital Systems — Prompting Triaging of Cybersecurity to Code Red Status

Typically, when hospitals declare emergencies, it’s for incoming patients—not their own internal computer systems. But, in March 2016, Methodist Hospital in Henderson, Kentucky, declared an emergency.

After being hit by a ransomware infection, the hospital placed a scrolling red alert on its homepage stating: “Methodist Hospital is currently working in an Internal State of Emergency due […]

By |July 19th, 2016|Blog|0 Comments

Exclusive Webinar for American Hospital Association (AHA) Members

On July 27th, 2016, OCR HIPAA investigator will share insider’s view of Office for Civil Rights (OCR) Phase 2 Audit readiness

OCR allows 10 days to respond to a Phase 2 audit request. Are there still gaps in your HIPAA compliance program?   

Similar to Phase 1, the Phase 2 audit protocol includes a comprehensive review of […]

By |July 12th, 2016|Blog|0 Comments

Clearwater Compliance Prepares to Unveil a New Version of IRM|Pro™ Software Suite

Not Just Another Pretty Face!

Within a few weeks, Clearwater will be unveiling new versions of our IRM|Analysis™, IRM|Security™, and IRM|Privacy™ software products designed with enhanced workflow and streamlined efficiency in mind.

The abundance of content and features contained within our suite of advanced, powerful software tools have evolved to the point that we wanted to provide […]

By |June 30th, 2016|Blog|0 Comments