Tag: HIPAA
Compliance

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the

Read More »
BAI Security August 18, 2016
BAI Security Audit

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that close to 45% of

Read More »
BAI Security September 4, 2015
Assessment

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, maintain, or transmit” protected health information may now have direct obligations under HIPAA. This round will include both on-site and off-site reviews. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and

Read More »
BAI Security January 15, 2015
Data Privacy

HIPAA, HEALTH TECHNOLOGY TRENDS, AND SECURITY THREATS

Most people in the U.S. say that care more about protecting the privacy of their healthcare data than they do about being able to conveniently access that information. That said, according to a recent PwC Health Research Institute report, privacy will be sacrificed to apps/services that collect and analyze personal health information. Do-it-yourself healthcare is going to be huge, according to PwC’s “Top Health Industry Issues of 2015” report: “U.S. physicians and consumers are ready to embrace a dramatic expansion of the high-tech, personal medical kit. Wearable tech, smartphone-linked devices and mobile apps will become increasingly valuable in care delivery.” The report also predicts that healthcare tech will move from mobile apps to medical devices to “make diagnosis and treatment more

Read More »
BAI Security December 8, 2014
Audit

GET READY NOW FOR 2015 HIPAA AUDITS

A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and procedural documents to ensure they are current and comprehensive. Your documentation should cover the scope of your HIPAA compliance program and demonstrate how you have updated your policies and practices in

Read More »
BAI Security November 25, 2014

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact