Blog

Blog

HIPAA Enforcement Ramps_ Clearwater

State Attorney General HIPAA Enforcement Ramps Up, Value of an OCR-Quality Risk Analysis® Has Never Been Higher

June 27, 2019

Many Chief Information Security Officers and Chief Compliance Officers often express concern to us about the potential disruption and cost that can come from an Office for Civil Rights (OCR) investigation, not to mention the reputational damage that will result from a settlement or monetary penalty. An appearance on the wall of shame is a mere blemish compared to the negative publicity of an OCR fine or settlement. However, the possibility of a State Attorney General (AG) action is often underestimated and overlooked. If a State AG enforcement is not top of mind for you and your board, it should be.

Read More
Key Takeaways Breakfast & Breaches DC Excerpt

Key Takeaways From Breakfast & Breaches® | D.C.

June 19, 2019

Clearwater’s recent Breakfast & Breaches event in Washington, DC brought together an outstanding group of leaders with unique insight on the growing problem of how to keep protected health information secure. Drawing on their combined decades of experience working across the compliance spectrum, our panelists and moderator challenged the audience’s thinking with regard to how their organizations analyze and manage risks.

Read More
Highest Level of Security Weaknesses in Hospitals thumb

Highest Level of Security Weaknesses in Hospitals and Health Systems Uncovered

June 13, 2019

More than half (54%)* of all individuals affected by a healthcare information breach in the past twelve months were impacted by a breach that touched the affected organization’s server, according to data provided on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. According to the data, ninety (90) healthcare breaches — affecting more than nine million individuals—were related to servers in some way.

Read More
Third-party information security risk thumb

Managing Third-Party Information Security Risk

June 7, 2019

Clinical laboratory provider Quest Diagnostics recently acknowledged that a billings collections vendor it works with suffered a data breach on its web payment system that may have exposed information of nearly 12 million of Quest’s patients. The third-party company, Elmsford, N.Y.-based American Medical Collection Agency (AMCA), is contracted with Optum360 LLC, which in turn provides payment services to Quest.

Read More
Securing Telehealth TH

NIST and Telehealth: Securing the Remote Patient Monitoring Ecosystem

May 9, 2019

We are living in an exhilarating time in the world of healthcare. A common theme among many healthcare related stories and articles we come across today is that things which were once thought to be a matter of science fiction are now moving closer to becoming a reality. A Feb 27, 2019, article from Forbes Magazine, entitled, “Telemedicine: The Latest Futuristic Tech Prediction from The Jetsons To Come True,” brought up a cartoon show from 1962, “The Jetsons,” in which depicted patients video conferencing physicians for diagnosis and treatment as being something commonplace.

Read More
Breakfast & Breaches_ Key Takeaways Chicago

Key Takeaways From Breakfast & Breaches® | Chicago

May 7, 2019

Clearwater and Lockton Companies, the world’s largest privately owned, independent insurance brokerage firm, are hosting a series of panel discussions with security experts and officials from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). The series offers attendees up-to-date information about cyber risk management strategies, HIPAA compliance and OCR enforcement. Attendees can participate in person or via live webcast.

Read More
What Does OCR’s Lowering of Maximum Annual Caps Mean_

What Does OCR’s Lowering of Maximum Annual Caps Mean for Covered Entities?

April 29, 2019

The Office for Civil Rights (OCR) gave notice in the Federal Register that it is lowering the maximum annual caps for all HIPAA culpability tiers, except for the willful neglect without timely correction tier. There has been uncertainty for some time as to whether OCR’s interpretation of the statute was appropriate with regard to the $1.5M annual limit for all culpability levels.

Read More
Clearwater IRM _ Analysis CyberIntelligence™ Insight Bulletin

Clearwater CyberIntelligence Institute® IRM | Analysis™ Bulletin #2

February 26, 2019

Laptops quickly come to mind when security leaders think about potential vulnerabilities for their organization. They are highly portable, can be accessed remotely, and are at high risk for theft. CCI™ analyzed high and critical risks facing hospitals and health systems found in our database and summarized them based on Clearwater’s comprehensive method of evaluating administrative, technical, and physical vulnerabilities.

Read More

Thousands of professionals trust Clearwater to bring them the latest news and information on Compliance and Cybersecurity Risk Management.

Show Buttons
Hide Buttons