Category Archives: HIPAA Security

Computer Theft Followup (HIPAA Violation in Question)

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident. The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.) Jeff Drummond: Grand Rounds is up, this time at GruntDoc, an ER…

Good-old Fashioned Theft (reveals patient’s health data)

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen? The other ‘HIPAA Blog’ reports: Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime. Jeff continues: Here, theives broke into a medical office and stole the easily-salable valuables (computers and…

HIPAA Portability Rules Change

Just came across this article from Business & Legal Reports. The initial HIPAA rules were issued in 1997. Well, there have been several modifications since then. Are you compliant with the 1997 rules, or the latest (including the modifications)? It’s probably best to be on the safe side and review all of the major changes…

Help with HIPAA, SOX, and GLBA Compliance

Here at HIPAA Blog, we learn new acronyms on a nearly daily basis (okay, maybe weekly). Apparently Sarbanes-Oxley is now affectionately referred to as SOX. GLBA? That’s short for the Gramm Leach Bliley Act. Hopefully our longtime readers know what HIPAA stands for, but if you’re new to this business, HIPAA stands for: Health Insurance…

Group Polishes Guidelines on HIPAA Security Rules – Computerworld

A HIPAA working group seeks to ease the implementation of the massive data controls that are required by standard HIPAA Security provisions. Computerworld magazine: A working group made up of members from three organizations plans this month to release guidelines for complying with the data security requirements of the Health Insurance Portability and Accountability Act…

Living with HIPAA: Enforcement of the Privacy Rule Today

This article is a little dated but has some decent info. Robin Johnson discusses enforcement of HIPAA Laws: It has been almost one year since the April 14, 2003 effective date of the HIPAA Privacy Rule. 1 At this time, your organization has likely implemented HIPAA privacy policies and procedures, prepared a standard authorization form,…

The HIPAA Security Rule – Sorry, You’re Not Done Yet

Paul Litwak of the National Council for Community Behaviorl Healthcare says: By now, any sensible person has had enough of HIPAA. 1 Even those who have been helped most by the HIPAA rules — lawyers and consultants — are getting sick of it. But, for better or for worse, it isn’t over yet. There is…

2-Factor Authentication good enough for HIPAA?

Nice article by Bruce Schneier, once again confirming that he is an excellent thinker when it comes to network security issues. Thinking about implementing 2-factor authentication as part of your HIPAA-compliance strategy? Don’t rely too much on this technique, since attackers are beginning to actively target valuable information in ways that defeat 2-factor authentication. Two-Factor…

Doctor’s office installing WiFi hotspot in waiting room – possible security risk?

The Star-Telegram in Texas reports on a doctor’s office where they’re installing a wireless hotspot in the waiting room. While we agree that this is probably a great thing for patients (we love our hotspots, we do), it might not be such a hot idea to be making IT infrastructure available to the public (even…

InfoWorld: SSL VPN security threatened by desktop search engines

If you’ve installed Google’s new desktop search tool, you might want to consider the security issues of having software that caches SSL-encrypted traffic specifically so it can be rapidly and easily searched. This has clear implications for administrators responsible for maintaining HIPAA-secure information technology. InfoWorld: SSL VPN security threatened by desktop search engines: November 12,…

Acusis Announces Preparedness for 2005 HIPAA Security Deadline

Acusis Announces Preparedness for 2005 HIPAA Security Deadline Acusis Announces Preparedness for 2005 HIPAA Security Deadline PITTSBURGH–(BUSINESS WIRE)–Nov. 10, 2004–Acusis(R), a leading provider of outsourced medical transcription services, has announced today their associates completed a Health Insurance Portability and Accountability Act of 1996 (HIPAA) education and training course. Over 540 employees globally have participated in…

QuickCompliance Launches the ‘HIPAA Security Roundtable,’ a New Series of Online Seminars Aimed at Addressing HIPAA Security Compliance

QuickCompliance Launches the ‘HIPAA Security Roundtable,’ a New Series of Online Seminars Aimed at Addressing HIPAA Security Compliance QuickCompliance Launches the ‘HIPAA Security Roundtable,’ a New Series of Online Seminars Aimed at Addressing HIPAA Security Compliance Noted industry expert, John Parmigiani, to focus on topics of most interest to healthcare organizations preparing for the April,…

CIO Asia – Issue – The Six Secrets of Highly Secure Organisations

How many of these “Secrets” does your organization practice? CIO Asia – Issue – The Six Secrets of Highly Secure Organisations WHAT WE THINK It’s good to be confident. It’s better to have good reason to be confident. Here are six secrets that we believe will help you work your way into the Best Practices…