Call Us Today! 1.800.704.3394|



HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol

By |April 11th, 2016|

This entry is part 48 of 48 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol
A quick look at the “Current Protocol” reveals greater coverage of the regulations and more in-depth inquiries and documentation review, but the details provide even bigger surprises.  OCR isn’t kidding about the need for greater information security and formal risk […]

The Updated OCR HIPAA Audit Protocol Is Out and It’s a Puzzler

By |April 5th, 2016|

The OCR has finally released a new protocol, entitled “Audit Protocol – Current” and one can’t be sure if this is indeed the promised “Phase 2” Audit Protocol, despite the mention that it has been “updated to reflect the Omnibus Final Rule.”  Honestly, if one of our customers hadn’t just received “the pre-audit screening questionnaire”, we might have thought it was just an update for which “feedback” was being requested.  […]

Folly of HIPAA certification

By |February 22nd, 2016|

Is your health care organization HIPAA certified? Before you start searching for your certification documentation, you should know that this is a trick question. […]

Have You Suffered A Data Breach? A 4 Step Assessment

By |January 6th, 2016|

A data breach in the healthcare industry isn’t just nerve-racking – it’s also expensive and can potentially shut a business down. The bad news is nearly every company will experience a data breach of some magnitude during the life of their company. This guide helps you to identify the type and severity of a data breach. […]

HIPAA Violations: More Serious Now than Ever

By |December 7th, 2015|

HIPAA violations have got more serious over recent years.  Financial costs often reach the millions, and headlines damage reputation to an almost immeasurable degree. And let’s not forget the prison sentences handed out to individuals found culpable of severe breaches of trust.  With the Office of Civil Rights (OCR) again promising to ramp up HIPAA enforcements with a fresh round of audits in 2016, we take you through a deep dive of HIPAA violations.


Who woke up OCR?: Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement

By |December 1st, 2015|

Triple-S Management Corporation (“TRIPLE-S”), on behalf of its wholly owned subsidiaries, Triple-S Salud Inc., Triple-C Inc. and Triple-S Advantage Inc. , formerly known as American Health Medicare Inc., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). TRIPLE-S will pay $3.5 million and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program, an effort it has already begun. […]

What is the difference between consent and authorization under the Privacy Rule?

By |November 10th, 2015|

In one of our most popular blog posts, we take a look at consent vs authorization, as they are defined under specific HIPAA regulations.

What is Consent? (According to HIPAA)

A consent as defined by the Privacy Rule is a general document that gives health care providers, which have a direct treatment relationship with a patient, permission to use […]

Your Back-to-School Checklist — 10 Ways to Strengthen Your HIPAA Compliance and Security Practices this Fall

By |August 31st, 2015|

Spring isn’t the only season for refreshing and renewing business practices. With a back-to-school, change-is-in-the-air feel to it, fall also provides a great opportunity to review and reinforce your business practices — including data security and HIPAA compliance. […]

HIPAA, We Have A Problem [Infographic]

By |April 13th, 2015|

Physicians complying with guidelines established by the Health Insurance Portability and Accountability Act are struggling to maintain compliance standards. The Final Omnibus Rule from HIPAA was issued in 2013, but some healthcare providers remain unaware of the associated policy updates. Currently, 36 percent of medical office professionals lack crucial understanding of HIPAA’s regulations, with an additional 33 percent failing to comprehend the audit strategies implemented by the U.S. Department of Health and Human Services’ Office for Civil Rights. The maximum HIPAA fines have increased to $50,000 per violation, capping at $1.5 million. To protect patients and remain financially stable, medical practices need to ensure their security measures and employees are up-to-date on HIPAA’s changes. […]

Don’t Confuse Compliance With Security

By |April 6th, 2015|

One of the hottest topics at the recent SecureWorld conference in Boston could be summarized as “compliance isn’t synonymous with security.”

At the conference, Click Security’s Dave McCulley observed that compliance usually leads to security that’s “merely good enough” – unable to address new threats that arise almost every week. By the time a security regulation is set in stone, the technology to outmaneuver it has made quantum leaps.