With special pride, CynergisTek releases Redspin's 7th annual Breach Report: Protected Health Information (PHI). Our experts assess the overall effectiveness of the current policies and controls intended to safeguard PHI. We identify significant new trends and highlight areas where improvements are most needed. Most importantly, we offer useful and practical recommendations based on real-world experience. Our goal is to help the healthcare industry continually improve its ability to protect patient information. We hope this year’s report makes an important contribution.
The HITECH Act mandates that large breaches of protected health information (PHI) totaling 500 records or more must be reported on a timely basis to the Office of Civil Rights (OCR) under the Department of Health and Human Services (HHS). This breach notification requirement was implemented in two interim rules and then finalized in the HIPAA Omnibus Rule. As of December 31, 2015, a total of 1,437 large breaches of PHI affecting 154,368,781 patients had been reported since HITECH went into effect in 2009.
An emerging risk is the increased use of portable devices in the enterprise. How are you allowing mobile device secure access your sensitive information resources? Use our 'Redspin Sample Mobile Device Security Policy' template to get you started.
Under the HITECH Act Section 13401(a), Business Associates need to comply with the administrative, physical and technical requirements of the HIPAA Security Rule.
The objective of this methodology is to support organizations with the ability to implement a prescriptive model for building a healthcare security program. Much of this approach is derived from our books, The CISO handbook and CISO soft skills, as well as experience in the field developing security programs for more than 100 organizations worldwide.
More and more hospitals and healthcare providers are struggling to fully understand the security risks present in their environment. That’s not surprising given the challenges they face: increasingly skillful attackers, insecure legacy technologies, expanding regulatory requirements and new business initiatives that need to be protected. But they can no longer afford an ad hoc, opportunistic approach to understanding and remediating risks. That leads to bad decisions: focusing on the wrong risks, investing in only marginally useful security technologies and processes and missing critical vulnerabilities.
The management of business associates (ba) is a critical activity for any healthcare organization. This methodology presents the elements that an organization must have to successfully manage all aspect of using or being a business associate.
Cloud computing has become a part of nearly every CIO’s strategy. Yet IT security remains the biggest perceived barrier to further cloud initiatives. To help our clients better understand the risks and rewards of cloud adoption models, Redspin partnered with the Information Security Community on LinkedIn to identify current trends, benchmarks, and security solutions. We hope that you will find the Redspin Cloud Security Spotlight Report interesting and informative.
As of December 31, 2014, a total of 1,170 large breaches of PHI affecting 40.8 million patients had been reported since HITECH went into effect in 2009. Last year alone, nearly 9 million heath records were breached, more than 50% as a resulting of hacking incidents. In its annual report, Redpsin provides in-depth analysis of the history of large PHI data breaches, year-over-year trends, and the operational areas most in need of improvement.
This white paper outlines considerations and recommendations for reducing business risk by ensuring that your web applications are secure. Our goal is to present information that will be helpful not only to IT and information security professionals but business unit general managers as well. We will examine the process of managing applications throughout their lifecycle.