What Is HITRUST And How Can It Benefit Your Organization?

 

Today, covered entities and business associates are addressing a wide-range of regulatory requirements necessary to solve the growing complexities in the healthcare industry. Evolving technologies, migration to the Cloud and cyber threats like ransomware are just a few top-of-the-mind issues. Combine those with regulations under HIPAA, Meaningful Use, PCI, COBIT and ISO, and you will find that covered entities and business associates need a way to more effectively manage their security programs.

Read more

Business Associate’s Failure to Protect Patient PHI Leads to $650,000 HIPAA Penalty Just Weeks before Phase 2 HIPAA Audits Kick into High Gear… Coincidence? We Think Not.

After a two year long investigation on the theft of an unencrypted smartphone with no password protection, the Department of Health and Human Services' Office for Civil Rights (OCR) announced the first ever Business Associate HIPAA penalty. Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia was hit with a $650,000 penalty for the potential exposure of 412 patients’ information at six Philadelphia-area nursing homes back in 2014. OCR shared that data on the stolen employee-issued smartphone "was extensive, and included Social Security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians, and medication information."

Pamela Hayduk
Read more

From Missile Control to Data Awareness and Classification: Seven tips for embracing a "healthy discomfort" when working with patient data


Nearly one year to the day from my college graduation I took my first “alert” in an underground Minuteman II Missile Launch Control Center deep beneath a Montana prairie. That was the first of 213 (but who was counting) 24-hour - and sometimes 48-hour - shifts commanding anywhere from 10 to 50 nuclear weapons, ensuring their security and immediate launch capability. The Minuteman complex was a multi-site, interconnected system with a program of physical, administrative, and technical controls that few organizations can duplicate. 

Mark E. Ferrari, MS, PMP, CISSP, HCISPP
Read more

Incident Containment: When your 4.7 seconds come, how will your team perform?

 

There is 4.7 seconds left in the game. The score is tied. The ball is in-bounded...and we know the rest. Villanova junior, Kris Jenkins, takes a pass from senior, Ryan Arcidiacono, and sinks a 3-pointer, leaving 0.0 on the clock. Sure, this is a shameless plug for my alma mater, but is also one of the best finishes in NCAA Basketball Championship history.

Mark E. Ferrari, MS, PMP, CISSP, HCISPP
Read more

Avoiding Your Own “Internal State of Emergency"

 

Just this week, two more hospitals in the US publicly announced that they were hit by ransomware.  Alvaro Hospital Medical Center and King’s Daughters’ Health joined the ranks of Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital of California that were attacked and their data held for ransom. Although these organizations are said not to have paid, a previous attack on Hollywood Presbyterian Medical Centre in Los Angeles cost that organization nearly $17,000.

Doug Vitale, CISSP
Read more