Kimberly Shutters | HIPAA alli

Find Out What Happens When Your Third-Party Vendors are NOT HIPAA Compliant

Required: HIPAA Risk Analysis Today, I discuss the importance of conducting an enterprise-wide risk analysis to identify vulnerabilities to your ePHI, and then steps to execute the required HIPAA Risk Analysis. After the passing of the Omnibus Rule, Covered Entities (CEs) are required to have a signed Business Associate Agreements (BAA) with all their Business …

Find Out What Happens When Your Third-Party Vendors are NOT HIPAA Compliant Read More »

Find Out What Happened After the Healthcare Breach

Case Study, Healthcare Breach / By Kimberly Shutters

What Happens After A Healthcare Breach … These days the news is filled with story after story about another healthcare breach of electronic protected health information (ePHI). Over the last few weeks I shared with you the importance of securing PHI. Not Doing Their HIPAA Risk Analysis Cost Them $3.5 Million Last week, Fresenius Medical …

Find Out What Happened After the Healthcare Breach Read More »

The Importance of Using Passwords in Healthcare

HIPAA Security / By Kimberly Shutters

Passwords and Passphrases The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates (BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and …

The Importance of Using Passwords in Healthcare Read More »

Mobile Devices and Protected Health Information

HIPAA Privacy, HIPAA Security / By Kimberly Shutters

Mobile Devices in Healthcare These days more mobile devices and Internet of Medical Things (IoMT) devices are more powerful and hold more information than ever before and pose heightened security risks. This includes your smartphone, tablet, medical device (medical equipment storing electronic protected health information [ePHI]), and any other type of equipment that provides convenient …

Mobile Devices and Protected Health Information Read More »

Workforce Security Termination Procedures

HIPAA Security / By Kimberly Shutters

Your Employee Just Quit! You receive a call from the front desk explaining that one of your workforce members just quit. What do you do? The first thing you do, pull out your termination standard operating procedure (SOP). The SOP should include the necessary Workforce Security Termination Procedures for you to follow. What Does the …

Workforce Security Termination Procedures Read More »

HIPAA Rules – Who Has To Comply?

HIPAA Security / By Kimberly Shutters

HIPAA Rules – Who Has To Comply? Back in 2013, HIPAA rules were updated when the final Omnibus Rule became effective on March 26, 2013. I know that seems like ancient history to most, but really it was less than 10 years ago. That’s how long it has been since third-party vendors, referred to as Business Associates (BAs), of all sizes have …

HIPAA Rules – Who Has To Comply? Read More »

Addressable and Required: Know the Difference

HIPAA Security / By Kimberly Shutters

Addressable and Required: Know the Difference When it comes to the HIPAA Security Rule Covered Entities (CEs) and their third-party vendors, referred to as regulated entities by the Department of Health and Human Services, are required to comply with every Security Rule “Standard.” Some of those standards are categorizes are addressable and required. Addressable and Required …

Addressable and Required: Know the Difference Read More »

Third-Party Vendors – Don’t Let This Happen To You!

Healthcare Breach / By Kimberly Shutters

Did you know? In 2013, the Final Omnibus Rule updated the HIPAA Security Rule and Breach Notification clauses of the HITECH Act. As a result every Business Associate (BA) that creates, receives, maintains, or transmits electronic Protected Health Information (ePHI) is required to perform a comprehensive enterprise-wide HIPAA Security Risk Analysis (Per: §164.308(a)(1)(ii)(A)). This means …

Third-Party Vendors – Don’t Let This Happen To You! Read More »

Yes, Dorothy a Risk Analysis is Required!

HIPAA Security / By Kimberly Shutters

A Business Associate (BA) is someone who performs services that involve the disclosure of Protected Health Information (PHI), such as claims processing, utilization review, billing, quality assurance, or benefit managers. Companies performing other types of services, such as legal, accounting, financial, or administrative services may also be considered BAs if they need to have access …

Yes, Dorothy a Risk Analysis is Required! Read More »

HIPAA Risk Analysis

HIPAA Security / By Kimberly Shutters

Did you know? ALL Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, Physical and Technical security risks to electronic protected health information (ePHI). The Administrative Safeguards provisions require BAs to perform risk analysis as part of their security management processes. The results of the risk analysis will …

HIPAA Risk Analysis Read More »