Health Information Security/Privacy professionals should be familiar with the HIPAA Breach Notification Rule, which requires HIPAA covered entities (CEs) and their business associates (BAs) to provide notification to U.S. Department …
EHRS
Security Logging and Monitoring for EHRs
If you are like most medium or large healthcare providers these days, your Electronic Health Record (EHR) environment is likely a very complex one. Such complexity brings with it a …
Docs turn up the heat on ONC! Security Commentary
HealthcareITNews reported yesterday on this letter that was written by several physician organizations to the ONC. I wanted to write a couple of quick thoughts on the security aspects raised …
Patient Portals Make or Break
Like many other Health IT initiatives today, the primary driver for patient portals is regulatory in nature. Specifically, it is the Meaningful Use requirements related to view, download or transmit and …
PCI Breaches Can we at least detect them?
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise …
How useful is the HHS OIG report published this week?
I am sure some of you saw this news report about HHS OIG finding some security related deficiencies in the EHR certification program. I was keen to read the full …
Pay attention to Security Risk Analysis in Meaningful Use Attestation
As is well known, Centers for Medicare & Medicaid Services (CMS) has been conducting pre and post payment audits of healthcare provider organizations attesting to Meaningful Use (MU). Our experience …
Providers Is HIPAA Security Risk Analysis in your plan over the next few months?
Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three components of risk, …