Why Will My Company be Listed on the HHS Wall of Shame?

6 Reasons Organizations Fail to Encrypt ePHI

The drumbeat of HIPAA breaches in the media is incessant, and the refrain is the same: yet another PC containing electronic protected health information is stolen, so the organization is compelled to notify patients, Health and Human Services, and the media.  The Office of Civil Rights swoops in, levies a 7 figure fine, and posts the offender on the HHS “Wall of Shame”, resulting in a damaged reputation and loss of future earnings.

Ironically, had the PC’s hard-drive been encrypted, the loss would have been a non-event, unreportable given the Safe Harbor provisions of HIPAA.  And inexpensive encryption technology has been readily available for years.  Yet, 538 or 46% of the 1,171 Breach Notifications posted on the Wall of Shame stem from the simple loss of a computer with an unencrypted hard-drive.

So, if it is so obvious how to correct the deficiency that single-handedly accounts for the most frequent HIPAA Breach Notifications, why don’t more organizations properly encrypt and protect the ePHI entrusted to them?  Here are the six most common reasons we discover during our risk assessments …

Why Will My Company be Listed on the HHS Wall of Shame?2014-12-08T18:10:15-08:00

Unclear HIPAA rules permit healthcare data offshoring … for now

...Under the Final Rule, the OCR has the power to domestically deal out civil penalties, corrective actions and long-term monitoring, while the DOJ has the power to domestically deliver a criminal prosecution. Through enforcement under HITECH, the State attorneys general [...]

Unclear HIPAA rules permit healthcare data offshoring … for now2014-07-29T02:19:34-07:00

HIPAA consulting and the channel’s ethical responsibility

Kevin is a featured writer for TechTarget.  Here is is latest column: _________________________________________________________ A few months ago, I wrote an article about the practice of non-attorneys consulting on HIPAA business associate agreements. After talking with scores of people about the [...]

HIPAA consulting and the channel’s ethical responsibility2020-06-09T23:54:19-07:00

Opportunities abound for providing HIPAA compliance services

As many security solution providers struggle to find compliance opportunities, there is a great opportunity in supporting compliance with the Health Insurance Portability and Accountability Act (HIPAA).Even though the comprehensive laws intended to protect patient and health care data are [...]

Opportunities abound for providing HIPAA compliance services2014-04-11T17:48:00-07:00

HIPAA security checklist: 10 services your customers need

Recent changes to HIPAA and HITECH opened up significant new opportunities for security solution providers who can shoulder the risks and get themselves educated on these regulations. As this HIPAA security checklist of services, below, shows, there are 10 specific [...]

HIPAA security checklist: 10 services your customers need2020-04-29T22:42:23-07:00

HIPAA-compliant cloud storage services: Due diligence is key to survival

Many VARs are looking to profit from health care-related cloud storage services. But with profit comes responsibility. Whether you build your own or offer another’s service, the U.S. Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for [...]

HIPAA-compliant cloud storage services: Due diligence is key to survival2020-04-29T22:38:59-07:00

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?

The best source of information covering this requirement comes from NIST, the National Institute for Standards and Technology.  They have a set of documents that are the standards for many requirements.  There is nothing specific in the NIST guidelines about the end of life for Windows XP, however, the need to provide Flaw Remediation is clear and that is what the X, Office 2003 and Exchange 2003 support requirements fall under.

 For example, NIST Special Publication (SP) 800-531 requires the SI-2, Flaw Remediation security control, which includes installing...

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?2024-04-21T19:43:10-07:00

The HIPAAcrisy of Healthcare.gov

Kathleen Sebelius at a House Energy and Commerce Committee hearing Wednesday said she is responsible for the problems with Healthcare.gov.  Will she extend her ownership to the violations of privacy regulations? Will she own the pathetic demonstration that political expediency means more to HHS than the commitment to applicants’ privacy?  Will HHS be a little more forgiving the next time another organization gets investigated for a HIPAA breach or will Tavenner and Sebelius be HIPAAcritical?

The HIPAAcrisy of Healthcare.gov2019-04-09T00:25:08-07:00

Don’t Serve as a HIPAA/HITECH Wall of Shame Warning to Others

There are easy ways to stay off of the Healthcare “Wall of Shame.” One of the most effective ways is to encrypt the hard drives on your mobile devices, PCs and servers. We have recently developed a solution to encrypt [...]

Don’t Serve as a HIPAA/HITECH Wall of Shame Warning to Others2023-08-10T23:47:05-07:00

Obama Admin Releases Massive New HIPAA Rules

So, as if healthcare practitioners didn’t already have enough to focus on with Obamacare, HITECH and the Flu epidemic, the Obama administration through the Department of Health and Human Services, has released a massive pile of new regulations in a [...]

Obama Admin Releases Massive New HIPAA Rules2013-01-18T21:52:02-08:00