Tag Archives: HIPAA

Defining Reasonable Safeguards in Healthcare

BE OUR GUEST at the American Health Lawyers Association (AHLA) Webinar: Thought Leader Perspectives Webinar – Adopting Duty of Care Risk Analysis to Drive Governance, Risk and Compliance (GRC) Learn best practices in establishing reasonable security safeguards.

Chronology of HIPAA, HITECH & the Omnibus Rule – HALOCK

Chronology of HIPAA, HITECH & the Omnibus Rule. By Chris Cronin, ISO 27001 Auditor, Partner HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA has […]

OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION

By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over […]

COMMON HIPAA VIOLATIONS THAT ARE EASY TO FIX

THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA ISSUESBy Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field – […]

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

HIPAA INFORMATION AND EMAIL – HOW TO COMPLY

HIPAA INFORMATION AND EMAIL by Tod Ferran, CISSP, QSA According to HHS, “the Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control, integrity and transmission security require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against […]

WHAT IS HIPAA?

HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. For deeper coverage into the HIPAA Security Rule, take the “master class” here.

EU SAFE HARBOR HAS BEEN BASHED – WHAT TO DO NEXT?

Author: Chris Cronin, ISO 27001 Auditor The Court of Justice of the European Union has determined that E.U. Safe Harbor is not sufficient protection of European Union residents whose personal information is sent to the United States. This is a big deal for U.S. and E.U.-based businesses who have relied on the Safe Harbor framework as a […]

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]