Blog

Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

Information security leaders and risk management teams for healthcare entities have struggled to update their reporting models to keep pace with the increasing variety and complexity of risks facing the modern healthcare ecosystem. The inability to effectively communicate meaningful security metrics that drive informed risk decisions from the business has become the Achilles heel for many healthcare CISOs. Read More

Published On July 23, 2020

HITRUST Certification FAQs

This blog article is recommended for any organizations that are considering pursuing HITRUST certification, recertification, or alignment with HITRUST CSF security control requirements. HITRUST stands for the Health Information Trust Alliance. HITRUST is a non-profit organization that created and maintains the HITRUST Common Security Framework ("CSF") and HITRUST Assurance Program. HITRUST was developed specifically for the healthcare industry and provides a framework for organizations to comply with various regulations and standards based on the organization's size, types of systems deployed, and applicable regulatory requirements. Read More

Published On June 30, 2020

OCR Presents: 2019-2020 Year in Review

I recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and enforcement. The ability to get visibility into third-party data supply chains and their respective security and compliance postures will soon become the paramount mandate for information security programs. Effective healthcare security and compliance programs of the next decade must quickly adjust their orientation in 2020 towards the inspection and protection of downstream vendors and systems responsible for critical business functions. Read More

Published On June 16, 2020

HITRUST Assessment Scoping Changes

The HITRUST Alliance recently issued updates to the assessment scoping factor questions in MyCSF for HITRUST CSF Validated Assessments and HITRUST CSF Readiness Assessments. The change is designed to reduce the number of repeat requirement statements that are marked as “Not Applicable”. This blog article is recommended for any organizations that are currently pursuing HITRUST certification, recertification, or are considering aligning with HITRUST CSF security control requirements. Read More

Published On June 9, 2020

HITRUST COVID-19 Bridge Certifications Explained

The HITRUST Alliance recognizes that COVID 19 is creating extraordinary circumstances and that HITRUST CSF Certification holders may be unable to meet the deadline for renewing their certifications by the two-year anniversary date. Read More

Published On April 27, 2020

The Show Must Go On | Maintaining Continuity for InfoSec in a Crisis

Take a deep breath, this is not your typical COVID-19 blog entry. We are going to talk about everything else we need to manage in Information Security during the crisis to keep the wheels on the bus as we make sharp turns at high speeds in response to the pandemic. Read More

Published On April 16, 2020

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More

Published On March 23, 2020

Coronavirus Implications for Healthcare Security Programs

On March 5th, HIMSS announced the cancellation of their flagship national healthcare conference just days before the event was set to take place in Orlando, Florida. Just a few days earlier, the state of Florida had declared a state of emergency surrounding the global outbreak of the COVID-19 Coronavirus which has prompted cascading economic and business operational impacts for healthcare entities. Read More

Published On March 9, 2020

Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

HITRUST Certification FAQs

OCR Presents: 2019-2020 Year in Review

HITRUST Assessment Scoping Changes

HITRUST COVID-19 Bridge Certifications Explained

The Show Must Go On | Maintaining Continuity for InfoSec in a Crisis

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

Coronavirus Implications for Healthcare Security Programs

Featured Blog Posts

Safe and Secure Healthcare: How to Align Risk Management & Compliance for a Unified Cyber Strategy

AI Risk Management in Healthcare: How to Build a Governance Program Using NIST AI RMF

Technical Assurance in Healthcare: Bridging the Gap Between GRC and the Adversary

Selecting the Right SOC 2 Compliance Vendor

Find the right RITHM for you.