Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

The First Step In Cyber Insurance: Know Your Risk And What You’re Insuring Against.

Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it’s important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here’s why: A) You’ll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.

Read More

Stage 2 Meaningful Use: The Next Step in HIPAA Security Risk Assessments

Covered entities and eligible providers must now address the issue of encryption of “data at rest” as part of their security risk analysis process. This shines a spotlight on the existing encryption references within the HIPAA Security Rule. Encryption of ePHI is specifically covered under 45 CFR 164.312(a)(2)(iv) which reads; “Implement a mechanism to encrypt and decrypt electronic protected health information.” However, since it is categorized as an “addressable control,” it is not specifically mandated.

Read More