HHS SRA Tool Version 3.0 – The Good, Bad and Ugly
Earlier this month, the U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) released an updated version of their Security Risk Assessment Tool (SRAT). We have been following the development of this toolkit since its inception in 2011 as the HSR toolkit and reviewed V2.0 in early 2014. Each time a new version is released, HIPAA One gathers with a few trusted industry partners to review the changes and updates so that we may accurately counsel healthcare providers, payers and business associates on the pros and cons of utilizing this free, government-issued application.
Cloud email phishing attacks: A practical guide
A quick review of the HHS Breaches Over 500 list paints a pretty grim picture of the number of breaches affecting 500 or more individuals. Breaches have been steadily increasing and the culprit is clear: Hacking/IT incidents, namely email phishing attacks. Fraudsters and criminals are exploiting vast databases of compromised user credentials to make payroll.
HIPAA Security Checklist
The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates.
State Departments Conducting Audits?!?
In recent years, healthcare audits have been a trending topic within the compliance world. Following the Phase II launch of the HHS Office for Civil Rights (OCR) Audit Protocol in March 2016, many members of the healthcare community equate audits with either the federal government or other large accounting firms such as Figliozzi & Company. …
Healthcare Continues to Dominate Breach Related Costs
A new study conducted by the Ponemon Institute on behalf of IBM Security confirmed the fears of so many healthcare information security professionals, no other personal information yields a higher value than compromised patient records. Across the country, healthcare organizations have a Goliath size security problem. For an eight-straight year, healthcare has the highest breach-related …
Similar but Different: Gap Assessment vs Risk Analysis
If you’ve heard the terms gap assessment and risk analysis used interchangeably before in privacy or security conversations, you are not alone. At HIPAA One, we have found that there are quite a few misconceptions about these two approaches and how to differentiate between them. So much so that we addressed the topic on a …
GDPR and Windows 10 Compliance
This is the second post in a 2-part series on GDPR. Guest post written in collaboration with Microsoft. On April 14, 2016, the European Union (EU) ratified the final version of the General Data Protection Regulation aka GDPR. The new GDPR regulation has been characterized as the most sweeping and impactful change to privacy and …
GDPR and the Impact on U.S. Healthcare Providers
A new acronym has begun popping up within the healthcare technology community and is slowly beginning to gain momentum in the way of media coverage and industry articles. If you’ve heard the term GDPR in the past few months and did not understand what it was referring to, know that you’re not alone. In fact, we conducted a recent webinar …
Cloud Security in Healthcare
Guest Blog by Yiannis Koukouras, TwelveSec in collaboration with HIPAA One In our culture, something or someone is always trending. Whether it be bell-bottom jeans in the ’70’s, playing Nintendo in the ’80’s or watching stock market go up and down (whenever!), trends are a lenses through which we see the world. Much like trends …
Missed your SRA in 2017? Here’s How to Avoid a MIPS Penalty
First, do your HIPAA Security Risk Analysis immediately to reduce chances of a breach while maintaining compliance with all Federal reimbursement programs. With just mere days left before the March 31st MIPS submission deadline, if you have not already pulled together the necessary documentation for the previous calendar year, it is the time to do …
Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.