EULA You HIPAA social media app infringements

Your apps are your security enemy. Here’s what we’ve recently discovered.

EULA, YOU, and HIPAA What do End User License Agreements and HIPAA have to do with each other? According to recent discoveries, a heck of a lot. It turns out apps like Meta’s Facebook and Messenger, Instagram, Tik Tok, and others, are mining your data and activity on an unprecedented scale. Here’s what we know. …

Your apps are your security enemy. Here’s what we’ve recently discovered. Read More »

HIPAA violation fines

Will we see reduced HIPAA fines

Are reduced HIPAA fines on the way? In 2019 we wrote an OCR letter that discussed the possible reduction of HIPAA fines. We were all for it – read about it here – OCR Caps HIPAA FInes. It looks like OCR is ready to change the annual fee structure. The new caps would be as follows: …

Will we see reduced HIPAA fines Read More »

Know The Rules

OCR announces 11 more HIPAA ROA violations

Eleven more fines, are you next? OCR recently announced that 11 more entities were fined for failing to provide timely access to patient records following a patient complaint. This list included mental health practitioners, dentists, and more. This announcement proves 3 things – organizations aren’t getting the message, patients are aware of the requirement, and …

OCR announces 11 more HIPAA ROA violations Read More »

HIPAA password policy

HIPAA and your password policy – are you compliant?

HIPAA and your password. Thanks to NIST, who in 2017 changed their recommended password policy in publication 800-63B, the change/do not change debate has been ongoing. If you aren’t familiar with the publication, here’s a short news video about it – https://www.cbsnews.com/news/bill-burr-passwords-guidance/ The problem with 90-day password change requirements is that we tend to create simple passwords …

HIPAA and your password policy – are you compliant? Read More »

MCG health data breach

The lawsuits are flowing in the MCG Health breach. Here’s why it’s bad for you.

Vendor Risk MCG Health is a health information services company providing clinical guidelines to hospitals and other care facilities nationwide. They recently reported a breach that had occurred back in 2020, and already lawsuits from their clients are pouring in. Why does this matter to you? For most care providers, the extent of their data …

The lawsuits are flowing in the MCG Health breach. Here’s why it’s bad for you. Read More »

Facebook bad for your health

Facebook is collecting your health information. Should you care?

Facebook is bad for your health! A report published this week by the website Newsbusters revealed some disturbing information about Facebook. The news organization ran a battery of tests against 100 US hospitals and discovered a third of them were using tools provided by Facebook (META) to facilitate online scheduling. What they discovered was anyone …

Facebook is collecting your health information. Should you care? Read More »

HIPAA-Changes 2022

Get ready for major HIPAA changes

HIPAA Changes Ahead In January of 2021, we reported on an amendment to the HITECH act by congress that intended to advance HIPAA compliance and enforcement. The idea was to incentivize Covered Entities to adopt best practices for cybersecurity by reducing the penalty structure for those who did so, and still suffered a breach or were …

Get ready for major HIPAA changes Read More »

hospital cyber attacks

The hospital attack that wasn’t

How Boston Children’s dodged an attack This past week the FBI released details on a cyberattack against Boston Children’s Hospital in November of last year. Prior to the attack, CISA and others sent alerts out to the healthcare community warning stakeholders of an imminent state-sponsored cyberattack. There were no specifics to the threat given at …

The hospital attack that wasn’t Read More »

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up