Change Healthcare Lessons Learned: What happened to Basic Security Controls?

Change Healthcare Lessons learned basic security

The Wall Street Journal scoop from April 22nd about what led to the Change Healthcare breach came after HHS created an FAQ about the incident. The scoop summary pulled these top 3 points about basic security: Compromised credentials to log into an application that allowed Change staff members to remotely access the network Multifactor authentication … Read more

Reproductive Health & HIPAA: Key Takeaways from the New Rule

HIPAA New Rule Reproductive Health

With states weighing in on their own versions of how to handle reproductive health, there’s been confusion about what is and isn’t PHI when it comes to women’s healthcare since the overturn of Roe v Wade – the phrase “clear as mud” comes to mind. The Biden-Harris Administration’s “New Rule” for HIPAA helps clear the … Read more

How is OCR handling Women’s Reproductive Healthcare challenges as relates to PHI?

OCR PHI and reproductive health

With every new headline about women’s reproductive health, providers and patients have been left wondering what’s next legally. Will they be protected or prosecuted? The answer could be down to interpretation of HIPAA’s Privacy Rule. To that end, OCR’s taken the position of clarification and strengthening PHI protections from the HIPAA perspective. On April 12, … Read more

How Do You Weigh Vendor Risk Exposure?

vendor risk exposure risk management

When it comes to vendor risk exposure and its management, you need to know how to implement a proper program that aligns with HIPAA compliance. Because whether you’re talking Cloud Service Providers or others, a solid vendor risk management program is key to potentially how well your organization can avoid a serious PHI security incident. … Read more

What the End of PHE Means to Telehealth Services

telehealth services after PHE

Hello everyone!  The White House just announced that the COVID-19 Public Health Emergency (PHE) will end on May 11, 2023. This directly affects how telehealth services can be delivered. If you haven’t blocked out all memories of Spring 2020, you may recall that the Office for Civil Rights issued a Notice of Enforcement Discretion on … Read more

Security in a Remote Access World, Revisited

It’s time to circle back to the topic of remote access.  Earlier I provided you a checklist to send to your remote working employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, I feel it’s important … Read more

What’s the California Assembly’s Course Correction mean to CCPA?

CCPA Course Correction HIPAA Exemption

Well, remember the issues around what the “HIPAA exemption” in the California Consumer Privacy Act (CCPA) really applied to?  We wrote about it here all the way back in May 2019. Turns out our impression was correct – so correct that California just passed a law to correct it! Here’s the skinny: On September 5, … Read more

Telework & Telehealth: How Can We Work Securely During a Pandemic?

how to telework telehealth securely

Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more

Video Hijacking Have You Worried? Try these 5 Steps from the FBI

video hijacking fbi advice apgar

The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more

Attention Business Associates! New OCR Announcement re PHI during COVID-19 Relates to You

Business Associates HIPAA National Emergency

On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that effective immediately, it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the … Read more