Implementing a strong HIPAA Compliance framework is a requirement for all Covered Entities and Business Associates, but many practices don't realize this is also their best strategy to prevent a breach from happening!   My hope is that understanding what the OCR will ask you for after a Data Breach will help you implement an IT security framework that will reduce your chances of ever experiencing a data breach.  

New ransomware is bad news for healthcare organizations

CryptXXX Ransomware provides the scenario we feared most.  Not only does CryptXXX encrypt a victims files, but it also copies data off of the victim's computer.  This can be consideered unauthorized access, and needs to be reported as a Data Breach.  The following article is written by Art Gross, our partner at HIPAA Secure Now. Read his article to learn more about this very dangerous new ransomware, and what you can do to prevent it.

Encrypted Devices with PHI can be lost or stolen and it is not considered a Data Breach.  Encryption is like a Get Out of Jail Free Card!

Health Insurance credentials sell for $20 each on the black market, but when supplemented with personally identifiable information (PII) such as birth date, place of birth, social security number, it can yield over $1000 per record.  These are scary times, and Centene, a St. louis based health insurer is the latest victim of a data breach that will make your head spin.  The worst part is that it could have been easily prevented with one simple and inexpensive security measure.

The documentation requested after a data breach may actually have prevented the breach in the first place.

2016 has just begun, yet speculators are already predicting this will be the year of the HealthCare Data Breach.  Without a doubt, implementing a strong HIPAA Compliance framework is your best plan to prevent a breach.  Understanding what the OCR will ask you for in the event of a Data Breach, and preparing all of this documentation ahead of time will give you a very good head start on HIPAA Compliance and may just prevent you from experiencing a breach.

How to determine if a vendor needs to sign a Business Associates Agreement.

The HIPAA Privacy Rule allows covered entities and health plans to disclose protected health information (PHI) to business associates, but only if the business associate signs a Business Associate Agreement in which it assures that it will appropriately safeguard the PHI it receives or creates on behalf of the covered entity.  So, which of your vendors need to sign a B.A. Agreement?  Here is a helpful list of vendors that need to sign your Business Associates Agreement.  You may be suprised!

Train your employees  is key to an effective Business Cyber-Security Plan.

Hackers are getting more sophisticated every day, and the ways they lure you to give them access to your computer are downright devious.  It is important that all employees are aware of these simple rules that will help prevent intruders from accessing your computer network.  

Are You Responsible for Sensitive Data?

Here is what you need to know to protect your business from data loss or intrusion.

18 Identifiers That Define Protected Health Information (PHI)

Protected Health Information (PHI) is defined as information in any format that identifies the individual, including demographic information collected from an individual that can reasonably be used to identify the individual.  PHI is information created or received by a healthcare provider, insurance company, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual.  

In order for Covered Entities and Business Associates to protect PHI, it is critical that you are aware of these 18 identifiers that constitute that the information qualifies as PHI. 

5 Things You Will Wish You Had Done Before a Data Breach

The experts predict that it is not "if" businesses will be the victim of a data breach, it's is "when".  In fact, they believe that most businesses already have been victimized.  If the chances are that high, it would be a great idea to start thinking about what you will want to tell your customers when you notify them. Seriously, what will you want to be able to tell them about how you protected their personal information.

 Best Practices for Strong  Password Policies

News of a high profile hacking incident or a major data breach is becoming a regular event.   A good first step for companies looking to protect themselves from cyber threats is implementing strong password policies and procedures for their business.