As businesses re-open and take cautionary measures to prevent spread of COVID-19, many organizations have incorporated thermal scanner policies onsite.
Chronology of HIPAA, HITECH & the Omnibus Rule. By Chris Cronin, ISO 27001 Auditor, Partner HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA […]
By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority […]
THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA VIOLATIONSBy Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field […]
HIPAA INFORMATION AND EMAIL by Tod Ferran, CISSP, QSA According to HHS, “the Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control, integrity and transmission security require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against […]
HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. For deeper coverage into the HIPAA Security Rule, take the “master class” here.
Author: Glenn A. Stout, Ph.D, PMP Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan. Who do you call? When should you call? What information needs to be […]
PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 Auditor Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. […]