HIPAA Audits: Why your odds of being audited are higher than you think.

With the HHS / OCR announcing the launch of Phase 2 of the HIPAA Audits, it’s a good time to re-evaluate your audit risk. Now, I realize that many practices and healthcare vendors are operating with tight resources, so it may seem worth it to play the odds. After all, when you take into account … Read more

When does State law trump HIPAA?

When State law requirements are tougher than HIPAA, then it’s likely that the State law is the one you need to follow. When does it not? When it’s “contrary.” Then, it may be submitted for exemption – in other words, may be up for consideration to “trump” the federal regulations. However, it’s rare that a … Read more

Why the Apple vs FBI debate doesn’t have a simple answer.

Everyone has an opinion about whether or not Tim Cook, CEO of Apple, Inc., should cave to the demands of the federal government to decrypt the iPhone belonging to the San Bernadino shooter. No one likes the idea of terrorists living next door. We would all like to know what deep secrets and clues are … Read more

Business Continuity Plans: Keep Calm and Carry On with Impact Mitigation

When the much threatened 9.0 quake hits the Pacific Northwest, your first reaction should be, “OMG, we’ve just had a mega-quake. I want to make sure that my family and friends are safe.“ That’s cool. BUT – if cables and power lines get cut accidentally, you want to make sure that your reaction is not … Read more

Washington & Oregon Data Breach Notification Law Changes

Here in the Northwest, legislatures in both Oregon and Washington hold their regular sessions during the winter and spring of the year. In their regular sessions in 2015, both amended state laws related to data breach notification, which means your Incident Response Plan (IRP) likely needs updating. Washington state data breach notification law changes are … Read more