New guidance from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) requires cloud service providers (CSP) that store patient information to be HIPAA compliant. While CSPs have typically been treated as business associates when electronic…
Redspin's thoughts and insights on State 2 after providing security risk analysis (SRA) services to dozens of hospitals for Stage 1 of Meaningful Use.
Audits are coming.
I wasn’t the only one celebrating a birthday last week. It's been exactly two years since the breach notification rule, mandated by the HITECH Act, took effect. Since then, 330 major health information breaches affecting 11.8 million individuals have been reported to the Department of Health and Human Services' Office for Civil Rights (OCR).
Third party Business Associates are now accounting for nearly 40% of data breaches of protected health information. This is an alarming uptick.
Dan Berger's summary of the OCR/NIST HIPAA Security Conference in Washington D.C. 2011.
Lots of rules being thrown around these days. Let Redspin lead you though the thicket and tell you what you need to know.
In the most direct way possible, yes, it does. It matters to your reputation, your back pocket and your customers.
HITECH and the notice of proposed rule making (NPRM) published in the Federal Register July 14, 2010 significantly impact how Covered Entities (CEs) and Business Associates (BAs) manage health IT security risk under HIPAA.
HHS OCR has really taken its new role granted by HITECH seriously because they are seeking to tighten regulations and increase financial penalties.