Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

Information security leaders and risk management teams for healthcare entities have struggled to update their reporting models to keep pace with the increasing variety and complexity of risks facing the modern healthcare ecosystem. The inability to effectively communicate meaningful security metrics that drive informed risk decisions from the business has become the Achilles heel for many healthcare CISOs. Read More

HITRUST Certification FAQs

This blog article is recommended for any organizations that are considering pursuing HITRUST certification, recertification, or alignment with HITRUST CSF security control requirements. HITRUST stands for the Health Information Trust Alliance. HITRUST is a non-profit organization that created and maintains the HITRUST Common Security Framework ("CSF") and HITRUST Assurance Program. HITRUST was developed specifically for the healthcare industry and provides a framework for organizations to comply with various regulations and standards based on the organization's size, types of systems deployed, and applicable regulatory requirements. Read More

OCR Presents: 2019-2020 Year in Review

I recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and enforcement. The ability to get visibility into third-party data supply chains and their respective security and compliance postures will soon become the paramount mandate for information security programs. Effective healthcare security and compliance programs of the next decade must quickly adjust their orientation in 2020 towards the inspection and protection of downstream vendors and systems responsible for critical business functions.  Read More

HITRUST Assessment Scoping Changes

The HITRUST Alliance recently issued updates to the assessment scoping factor questions in MyCSF for HITRUST CSF Validated Assessments and HITRUST CSF Readiness Assessments. The change is designed to reduce the number of repeat requirement statements that are marked as “Not Applicable”. This blog article is recommended for any organizations that are currently pursuing HITRUST certification, recertification, or are considering aligning with HITRUST CSF security control requirements. Read More

HITRUST COVID-19 Bridge Certifications Explained

The HITRUST Alliance recognizes that COVID 19 is creating extraordinary circumstances and that HITRUST CSF Certification holders may be unable to meet the deadline for renewing their certifications by the two-year anniversary date. Read More

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More

Coronavirus Implications for Healthcare Security Programs

On March 5th, HIMSS announced the cancellation of their flagship national healthcare conference just days before the event was set to take place in Orlando, Florida. Just a few days earlier, the state of Florida had declared a state of emergency surrounding the global outbreak of the COVID-19 Coronavirus which has prompted cascading economic and business operational impacts for healthcare entities. Read More