risk assessment

HIPAA compliance: another year older, but hopefully not deeper in debt

By Deb Hiser on January 7, 2016

Image copyright Catherine Lane 2015

My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose that you resolve now to become fully HIPAA compliant in 2016.

OCR delivered an early holiday gift, wrapped in the Director’s Sept. 23, 2015, report to the Office of Inspector General. In that report, she disclosed that OCR will launch Phase 2 of its HIPAA audit program in early 2016, focusing on noncompliance issues for both covered entities and business associates.

So, grab that cup of hot cocoa and peruse this review of 2014-2015 HIPAA enforcement actions, which should help identify noncompliance issues on which OCR will focus in 2016. …
Continue Reading HIPAA compliance: another year older, but hopefully not deeper in debt

Broke, bothered, and beleagured

By Deborah Juhnke on August 13, 2015

Posted in Data Security

Do you often feel that despite best efforts to circle the wagons your information security team is fighting a losing battle with broken down tools? Even though information security budgets have increased in the last couple of years—likely in response to the very visible increase in high-profile data breaches—discretionary budget dollars are scarce. I recently heard the poker term “dead money” used to describe that large portion of every IT budget that has been committed long before it is received, much like the money we all must dedicate to mortgages, utilities, food, and transportation. Thus, for every $100 of total IT spend, we may be left with just $0.60 for new baubles and geegaws, as my grandmother used to say.
Continue Reading Broke, bothered, and beleagured

Data security for employer health plans post-Anthem

By Peter Sloan on May 5, 2015

Posted in Data Security, The Saga Continues

The Anthem breach sent alarm waves through the health care industry and the employer health plan community. With 78.8 million affected individuals for Anthem and 11 million for the companion breach of Premera Blue Cross, the combined size ranks among the largest data breaches in history.
Continue Reading Data security for employer health plans post-Anthem

The internal control platform for information governance

By Peter Sloan on April 30, 2015

Posted in Information Governance @ Work

So, your organization has committed to Information Governance, and you’ve been tasked with making it a reality. Now what?

You’ll need a framework on which to build your program, a platform that will help you bridge across siloed functions (IT, InfoSec, Legal/Compliance, Records Management, Internal Audit, Operations…) and siloed perspectives (privacy, data security, records & information management, litigation discovery…). You’ll also need to come to grips with three persistent barriers to operationalizing Information Governance:…
Continue Reading The internal control platform for information governance

Byte Back

risk assessment

HIPAA compliance: another year older, but hopefully not deeper in debt

Broke, bothered, and beleagured

Data security for employer health plans post-Anthem

The internal control platform for information governance

Connect

About