Healthcare Security Risk Assessment & HIPAA Security Risk Analysis FAQs

Are you able to answer these questions about your security risk assessment process? Is a security risk assessment the same as a HIPAA security risk analysis? Does my organization need to assess every individual asset in our environment as part of a security risk assessment? Does a security certification like SOC 2 Type II, HITRUST CSF, or ISO count as a security risk assessment? Is a penetration test required for a security risk assessment? Is a HIPAA compliance review or gap assessment the same as a HIPAA Security Risk Analysis? Check out our security risk assessment FAQ to answer these and other related questions. Read More

Healthcare CISOs Sound Off, Volume 3: HIPAA Compliance and Risk Management

The CyberPHIx is an audio podcast series that presents expert viewpoints on data security strategies for organizations handling patient health or personal information in the delivery of health-related services. Volume 3 of our "Healthcare CISOs Sound Off" blog series will address HIPAA compliance as part of a larger risk management program. This blog compiles quotes and recordings from some of the industry’s best and brightest leaders related to this important area of focus for healthcare risk management programs. Read More

How Hackers Hold Hospitals, and Your Health, for Ransom | WebMD

Article by Paul Frysh, WebMD | Brian Selfridge knew his time was up. From his perch in a locked conference room with the blinds half closed, he could see two members of the hospital IT team rounding the corner with what looked like a clear sense of purpose. He suppressed a smile as he watched the pair running circles around each other. One of them -- brow furrowed, eyes buried in an open laptop -- walked right past his room, saying, "He's right here! He's got to be!" Read More

HITRUST Certification FAQs

This blog article is recommended for any organizations that are considering pursuing HITRUST certification, recertification, or alignment with HITRUST CSF security control requirements. HITRUST stands for the Health Information Trust Alliance. HITRUST is a non-profit organization that created and maintains the HITRUST Common Security Framework ("CSF") and HITRUST Assurance Program. HITRUST was developed specifically for the healthcare industry and provides a framework for organizations to comply with various regulations and standards based on the organization's size, types of systems deployed, and applicable regulatory requirements. Read More

OCR Presents: 2019-2020 Year in Review

I recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and enforcement. The ability to get visibility into third-party data supply chains and their respective security and compliance postures will soon become the paramount mandate for information security programs. Effective healthcare security and compliance programs of the next decade must quickly adjust their orientation in 2020 towards the inspection and protection of downstream vendors and systems responsible for critical business functions.  Read More