Audit Controls & Audit Logs

Episode 19: Know The Rules! Audit Controls & Audit Logs

Audit Controls & Audit Logs Let’s not forget the fact that the HIPAA Security Rule provision on Audit Controls (45 C.F.R. § 164.312(b)) requires Covered Entities (CEs) and Business Associates (BAs) to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information (PHI). […]

Business Associates Due Diligence

Episode 18: Know The Rules! Business Associates Due Diligence

Have You Done Your Business Associates Due Diligence? Covered Entities (CEs) are often exposed to unidentified risks through the use of Business Associates (BAs), each bring their own unique risks. CEs need to perform a Business Associates Due Diligence review to examine how they manage each of their BA relationships in order to understand and […]


Episode 17: Know The Rules! Passwords

Passwords and Passphrases The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates (BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and […]

Mobile Devices

Episode 16: Know The Rules! Mobile Devices and PHI

Mobile Devices in Healthcare These days more mobile devices and Internet of Medical Things (IoMT) devices are more powerful and hold more information than ever before and pose heightened security risks. This includes your smartphone, tablet, medical device (medical equipment storing electronic protected health information [ePHI]), and any other type of equipment that provides convenient […]

Insider Threats - Part 2

Episode 15: Know The Rules! Insider Threats – Part 2

In last week episode I introduced you to Insider Threats and the the different types when I left off discussing Do You Know Who Your Employees Are? (Continued from part 1) Covered Entities (CEs) and Business Associates (BAs) should consider: • Developing policies and procedures to mitigate the possibility of theft of electronic protected health […]