HIPAA Blog Posts: HIPAA Compliance Online Software

Your HIPAA Policies are Out of Date

HIPAA policies need to be built on a Cyber Security Framework (CSF) to be valid.  Old policies written by consultants, lawyers, in-house IT, or bought off the internet do not meet the new CSF standards.

Continue reading…

HIPAA Willful Neglect Can Cause Bankruptcy

Willful Neglect of HIPAA compliance has caused companies to go bankrupt.  How would you handle a six figure penalty from OCR?

Continue reading…

Quarterly Risk Assessments Might Have Saved St Josephs $10 Million

Leaving 31,800 patient records open and accessible on the Internet cost St Josephs Hospital a $7.5 million dollar settlement of a class action suit and a $2.145 million dollar fine from OCR.  Quarterly risk assessments might have revealed the problem sooner or prevented it from happening at all.

Continue reading…

HIPAA Certification: Quarterly Risk Assessment

A quarterly risk assessment showing progress on compliance is your best HIPAA certification.  Progress not perfection is what HHS and OCR seek and a quarterly risk assessment is the best certfication of progress.

Continue reading…

Automated Risk Assessment: Best Value

Combining sophisticated Internet tools with experienced consultants can deliver a HIPAA risk assessment based on the NIST protocol quickly and at a reasonable cost.  

"Automated HIPAA Risk Assessment "
Thu, Jun 9, 2016 12:00 PM - 1:00 PM PDT
1. Click the link to join the webinar at the specified time and date:
https://global.gotowebinar.com/eojoin/8852590702394920194/4062226347872620034

Continue reading…

Progress Key To HIPAA Compliance

Demonstrating progress is the key to HIPAA compliance.  Periodic HIPAA risk assessments that meet the NIST protocol are the proof.

Continue reading…

"Certified HIPAA Compliant" False Advertising

HHS has repeatedly stated that there is no authorized certification process for HIPAA compliance, but companies still make the claim.  Beware of the FTC because they are fining companies that advertise false HIPAA compliance capabilities.

Continue reading…

HIPAA Risk Assessment: Telemedicine or House Call?

What is more efficient and cost effective, having a HIPAA consultant come to your site (house call) or connecting with them through the Internet (telemedicine)?

Continue reading…

HIPAA Breach at Care First Blue Cross Blue Shield

In another example of hackers targeting PHI,  Baltimore-based CareFirst BlueCross BlueShield disclosed on May 20 that an "unauthorized intrusion" into a database dating back to June 2014 resulted in a breach affecting 1.1 million individuals.

Continue reading…

Information Security versus HIPAA Compliance

 CISO: Compliance Is the Wrong InfoSec Focus.  Even if your information security program was bullet proof (an unlikely scenario), a HIPAA risk assessment based on the NIST protocol would probably show that you were not HIPAA compliant.  

Continue reading…