Establishing Your Culture of Compliance Covered Entities (CEs) or Business Associates (BAs) must instill and support a security-minded organizational culture. What the heck does that mean, “Culture of Compliance”? Establishing a “culture of compliance” in your healthcare organization will require buy-in from leadership; without it ALL efforts to secure electronic protected health information (ePHI) will …
What is encryption? Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (type of formula). If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or …
Required: HIPAA Risk Analysis Today, I discuss the importance of conducting an enterprise-wide risk analysis to identify vulnerabilities to your ePHI, and then steps to execute the required HIPAA Risk Analysis. After the passing of the Omnibus Rule, Covered Entities (CEs) are required to have a signed Business Associate Agreements (BAA) with all their Business …
Find Out What Happens When Your Third-Party Vendors are NOT HIPAA Compliant Read More »
Passwords and Passphrases The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates (BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and …
Mobile Devices in Healthcare These days more mobile devices and Internet of Medical Things (IoMT) devices are more powerful and hold more information than ever before and pose heightened security risks. This includes your smartphone, tablet, medical device (medical equipment storing electronic protected health information [ePHI]), and any other type of equipment that provides convenient …
Your Employee Just Quit! You receive a call from the front desk explaining that one of your workforce members just quit. What do you do? The first thing you do, pull out your termination standard operating procedure (SOP). The SOP should include the necessary Workforce Security Termination Procedures for you to follow. What Does the …
HIPAA Rules – Who Has To Comply? Back in 2013, HIPAA rules were updated when the final Omnibus Rule became effective on March 26, 2013. I know that seems like ancient history to most, but really it was less than 10 years ago. That’s how long it has been since third-party vendors, referred to as Business Associates (BAs), of all sizes have …
Addressable and Required: Know the Difference When it comes to the HIPAA Security Rule Covered Entities (CEs) and their third-party vendors, referred to as regulated entities by the Department of Health and Human Services, are required to comply with every Security Rule “Standard.” Some of those standards are categorizes are addressable and required. Addressable and Required …
A Business Associate (BA) is someone who performs services that involve the disclosure of Protected Health Information (PHI), such as claims processing, utilization review, billing, quality assurance, or benefit managers. Companies performing other types of services, such as legal, accounting, financial, or administrative services may also be considered BAs if they need to have access …
Did you know? ALL Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, Physical and Technical security risks to electronic protected health information (ePHI). The Administrative Safeguards provisions require BAs to perform risk analysis as part of their security management processes. The results of the risk analysis will …