The DHS Cybersecurity and Infrastructure Security Agency (CISA) just issued a special publication about ransomware protection and recovery. Read it here.Read More
HIPAA Security Risk Assessment
The HIPAA Security Risk Analysis, also known as a security risk assessment, is a fundamental process required by the HIPAA Security Rule. Health care providers, payers, clearinghouses and Business Associates are all required to conduct a HIPAA SRA. A limited-scope SRA is also required by the Meaningful Use (Advancing Care Information) program. For Meaningful Use, the SRA is required on an annual basis.
The Provider Third Party Risk Management Council, made of a consortium of leading hospitals, introduced a new approach to third-party risk management. How can you better serve them? The solution is simple – any vendor of a certain size who wishes to do business with one the member hospitals must successfully complete – and annually maintain — a certification using the HITRUST CSF. Member hospitals will accept a HITRUST certification as evidence of a robust security program. No questionnaires or further dialog is necessary.Read More
Ransomware attacks target local governments, resulting in hundreds of thousands of dollars in ransom payments and tens of millions in financial impacts. Protect your agency.Read More
Ten years after the EHR-promoting HITECH Act was passed, many EHRs still struggle with functionality, are not user friendly, don’t “talk to each other”, and even malfunction, according to Fortune and Kaiser Health News. Most of of the time, these issues merely result in frustration among physicians and staff. The Fortune/Kaiser article makes clear that EHR problems are resulting in outcomes far worse — including patient injury, permanent disability and even death. Effective risk analyses will factor the impact of EHR errors.Read More
Small medical practices are not immune from cyberattacks, but complex defensive recommendations can seem overwhelming. Here we break down our top 10 list of cybersecurity basics that will help small practices protect themselves from data breaches and other cybersecurity risks.Read More