" risk analysis Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘risk analysis’

Health Information Technology, HIPAA, and Need for Risk Analysis

Monday, October 9th, 2017

How does HIPAA law apply to health information technology? Know the role of risk analysis to maintain privacy and security of electronic health information.

The term “health information technology” (health IT) is a broad concept that encompasses an array of technologies to store, share, and analyze health information. With an increasing number of providers plunging into the vast pool of HIT, it becomes imperative that you have a clear vision of the association between HIT and HIPAA, along with the need to perform risk analyses.

Health Information Technology Involves Risk

Related: A Complete Guide To HIPAA Law: How It Keeps Your Privacy Protected

Read the rest of this post »

eBook: HIPAA-compliant Email Basics

Thursday, February 25th, 2016

Safeguarding Your Healthcare Practice and Protecting Patient Privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA, HITECH, and the Omnibus rule, and their practical application to your business with respect to email, so that you stay compliant with these government standards. This document will provide a framework for your health care entity to keep the privacy of patient information front and center. Providers will have the necessary tools to meet all requirements established by HIPAA to access email outsourcing services.

This eBook includes sections on:

  1. Overview of HIPAA
  2. What is ePHI?
  3. Provisions of the HIPAA Email Security Rule
  4. Additional Risk Analysis and the Need for Encryption
  5. Gmail and Google Apps?

Download the eBook

Willful Negligence of HIPAA Costs a Dermatology Company $150,000

Thursday, January 9th, 2014

HITECH and Omnibus put teeth in HIPAA.  These teeth are starting to take serious bites out of organizations that are willfully neglectful of their responsibilities under HIPAA.

On December 28, 2013, Concord, Massachusetts-based Adult & Pediatric Dermatology (APDerm) agreed to pay $150,000 to settle potential violations of  HIPAA rules and agreed to implement corrective actions.

This organization lost ePHI for about 2,200 individuals that was located on an unencrypted thumb drive.  We have talked before about the dangers of thumb drives in the context of HIPAA.  We have also noted other cases where companies where charged due to the loss of ePHI.  The notable difference here is that investigation showed that APDerm: (ref)

…had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process.  Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.

This settlement is the first ever for charges against a covered entity or business associate for failing to adopt required policies and procedures for breach notification.  APDerm was willfully negligent in not bothering to develop and follow the required HIPAA policies and procedures and that negligence resulted in a breach. 

Read the rest of this post »