By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority […]
HIPAA INFORMATION AND EMAIL by Tod Ferran, CISSP, QSA According to HHS, “the Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control, integrity and transmission security require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against […]
HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. For deeper coverage into the HIPAA Security Rule, take the “master class” here.
Author: Glenn A. Stout, Ph.D, PMP Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan. Who do you call? When should you call? What information needs to be […]
PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 Auditor Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. […]
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware.
Let’s talk about HIPAA Gap Assessments. First of all, what is it? HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA (not HIPPA) requires organizations that handle electronic protected health information (another abbreviation for you: ePHI) to ensure that this information remains secure.