In Part One of a planned series of articles to look at Incident Response best practices, we start by discussing who is required to report a security incident to regulatory authorities, government agencies, or consumers/patients.
Future HIPAA compliance audits could result in more costly enforcement action. But being prepared is about more than a possible audit.
When your sales team and account managers can speak to your company’s compliance efforts and data security, prospects are reassured that your organization values security as much as they do.
When your organization runs into a new sort of vendor or contractor, you may wonder if the expectations of a BA applies. To protect your organization and your patients’ data, don’t guess, be sure.
Issues and concerns raised by weird and scary attack at Sony Pictures extend to your business as well.
If your organization has been operating under a BAA that was grandfathered in, your final deadline is now just a few weeks away.
With OCR compliance audits set to resume soon, HHS is sending a clear message – failure to comply with HIPAA regulations puts you at risk of more than just a breach. But the message they’re sending doesn’t stop there.
We often see costly breaches caused by stolen laptops or equipment. There are usually simple steps the organization could have taken to increase physical on-site security to prevent the loss of data and resulting fines.
Should You Wait for HHS to Come Calling? In February, Health and Human Services’ Office for Civil Rights (HHS OCR) announced the return of the HIPAA audit program conducted in 2012. Best to be prepared.
Experts are calling it “catastrophic.” The heart stopping news of this threat to security and compliance requires your attention.