3 min read

15 Lessons Learned from a HIPAA Data Breach

By Rose Doherty on 7/25/18 1:14 PM

Implementing a strong HIPAA Compliance framework is a requirement for all Covered Entities and Business Associates, but many practices don't realize this is also their best strategy to prevent a breach from happening!   My hope is that understanding what the OCR will ask you for after a Data Breach will help you implement an IT security framework that will reduce your chances of ever experiencing a data breach.  

Topics: HIPAA Compliance Data Security IT Security cybersecurity ePHI Security HIPAA Risk Analysis
4 min read

7 Questions That Will Protect Your Network from Ransomware

By Rose Doherty on 4/22/16 1:57 PM

The fastest and easiest way for cybercriminals to steal your confidential data or paralyze your network with ransomware is to send an email to your employees and get just one of them to click on a link or open an attachment.  That is all they have to do, and once anyone on the network clicks, they criminal has been invited in to do whatever damage they want.  Employee education is the key to your corporate security.  Teaching them to ask these questions before clicking is one of the most effective security strategies you could implement.

Topics: Data Security IT Security
3 min read

Encryption Could Have Prevented Data Breach

By Rose Doherty on 2/9/16 3:27 PM

Encryption Could Have Prevented Centene's Data Breach of 950,000 Patient Records

Encrypted Devices with PHI can be lost or stolen and it is not considered a Data Breach.  Encryption is like a Get Out of Jail Free Card!  Health Insurance credentials sell for $20 each on the black market, but when supplemented with personally identifiable information (PII) such as birth date, place of birth, social security number, it can yield over $1000 per record.  These are scary times, and Centene, a St. louis based health insurer is the latest victim of a data breach that will make your head spin.  The worst part is that it could have been easily prevented with one simple and inexpensive security measure.

Topics: HIPAA Compliance Data Security
2 min read

What is PHI?

By Rose Doherty on 11/23/15 8:00 AM

Protected Health Information (PHI) is defined as information in any format that identifies the individual, including demographic information collected from an individual that can reasonably be used to identify the individual.  PHI is information created or received by a healthcare provider, insurance company, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual.  

In order for Covered Entities and Business Associates to protect PHI, it is critical that you are aware of these 18 identifiers that constitute that the information qualifies as PHI. 

Topics: HIPAA Compliance Data Security
2 min read

Should You Allow Employees to Use Their Own Devices for Work?

By Rose Doherty on 9/28/15 7:00 AM


BYOD offers many benefits, but you have to consider the IT Security Risks

The evolution of personal mobile devices and the rise of how necessary they are to business success these days are forcing many small business owners to make a choice. "Bring Your Own Device” vs. “Corporate Owned Device”.

Topics: Disaster Recovery Data Security Backup
3 min read

What is the Difference Between Data Backup and Disaster Recovery?

By Rose Doherty on 9/10/15 1:51 PM

Here’s a big (and scary) misconception you might have about your data backups: backing up your data guarantees a fast recovery. It does NOT!

Topics: Business Continuity Disaster Recovery Data Security Backup