Many health data breaches still go undetected and unreported, says security expert Kate Borten, who analyzes findings from the recent 2014 Healthcare Information Security Today survey.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.
The basis of any good security program is conducting a thorough and timely risk analysis; but that can be difficult for smaller healthcare organizations. That's why a federal agency will soon unveil an app designed to make the process easier.
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
Business associates have been involved with fewer major health data breaches so far this year, compared with 2012. Are they getting better at prevention, or are they just under-reporting breaches?
An audit protocol from federal regulators is a useful tool for covered entities and business associates that are conducting a risk analysis and beefing up HIPAA compliance efforts, says security expert Bill Miaoulis.
Despite the government shutdown, Stage 2 of the HITECH Act financial incentive program for the meaningful use of electronic health records kicks off Oct. 1. Learn more about the privacy and security provisions and how to prepare.
It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?
Attorney Ellen Giblin describes who should be involved in determining whether a breach should be reported in compliance with the new breach notification requirements of the HIPAA Omnibus Rule. She also offers other compliance insights.
Covered entities and business associates struggling with HIPAA compliance should use the federal government's audit protocol as a helpful roadmap, says security specialist Bill Miaoulis.
As the Sept. 23 enforcement deadline for HIPAA Omnibus approaches, an error that many business associates are making is thinking that compliance can be achieved with a simple checklist, says consultant Andrew Hicks.
As healthcare organizations ramp up HIPAA compliance efforts, they should make far greater use of guidance from the National Institute of Standards and Technology, says security consultant Mac McMillan.
Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
Although OCR has changed its standard for determining breaches under HIPAA Omnibus to a more objective assessment, it's still unclear whether the previous harm standard is truly a thing of the past.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing omnibus.healthcareinfosecurity.com, you agree to our use of cookies.