Tag Archives: HIPAA Compliance

Chronology of HIPAA, HITECH & the Omnibus Rule – HALOCK

By Chris Cronin, ISO 27001 Auditor, Partner HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA has had the complicated history of regulatory revisions, clarifications, […]

Are Your Security Devices HIPAA Compliant? – HALOCK

By Chris Cronin, ISO 27001 Auditor, Partner Would you be surprised to learn that there is no HIPAA requirement that tells organizations to use a firewall? How about an intrusion detection system (IDS)? Nope. And no requirements for a data loss prevention tool (DLP) either, or a proxy server, or even a security information and event […]

OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION

By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over […]

COMMON HIPAA VIOLATIONS THAT ARE EASY TO FIX

THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA ISSUES By Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field […]

HIPAA INFORMATION AND EMAIL – HOW TO COMPLY

by Tod Ferran, CISSP, QSA According to HHS, “the Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control, integrity and transmission security require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.”

EU SAFE HARBOR HAS BEEN BASHED – WHAT TO DO NEXT?

Author: Chris Cronin, ISO 27001 Auditor The Court of Justice of the European Union has determined that E.U. Safe Harbor is not sufficient protection of European Union residents whose personal information is sent to the United States. This is a big deal for U.S. and E.U.-based businesses who have relied on the Safe Harbor framework as a […]

THE FEDERAL TRADE COMMISSION IS COMING TO GET YOU

Author: Chris Cronin, ISO 27001 Auditor The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about.