Author: Dill, Mark W; Lucci, Susan; Walsh, Tom

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: April 2016

As protectors of patient health records, health information management (HIM) professionals are developing a keener understanding of the broad topic of cybersecurity and are becoming actively involved in organizational cybersecurity efforts. Information technology (IT) departments typically are....

Author: Lucci, Susan; Walsh, Tom

Source: Journal of AHIMA

Publication Date: November 2015

One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....

Author: Walsh, Tom; Miaoulis, William M

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: March 2014

In a perfect world, access controls alone would ensure the privacy and security of electronic protected health information (ePHI). However, the complexities of today’s healthcare environment make it extremely challenging to limit access to the minimum information necessary that members of the workforce require in order to perform their jobs.

Author: Walsh, Tom

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update replaces the January 2011 practice brief “Security Risk Analysis and Management: An Overview.”


Managing risks is an essential step in operating any business. It’s impossible to eliminate all threats; however, healthcare organizati....

Author: Walsh, Tom

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update supplants the March 2011 practice brief “Security Audits of Electronic Health Information (Updated).”


In a perfect world, access controls alone would ensure the privacy and security of electronic protected health information (ePHI). How....

Author: Walsh, Tom

Source: AHIMA practice brief

Publication Date: January 2011

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: Walsh, Tom

Source: Journal of AHIMA

Publication Date: April 2010

Federal regulations that took effect in September 2009 require HIPAA covered entities and their business associates to notify individuals if their protected health information (PHI) was accessed or disclosed in an unauthorized manner or by unauthorized individuals. Certain exemptions apply, su....

Author: Walsh, Tom

Source: Journal of AHIMA

Publication Date: March 2005

The race to security compliance is a marathon, not a dash. Here’s how to gauge your progress.
With implementation of the HIPAA security rule next month, many organizations are preparing to sprint toward the deadline. However, compliance is more like a marathon than a 100-meter dash....

Author: Walsh, Tom

Source: Journal of AHIMA

Publication Date: February 2004

Proving security compliance later requires establishing documentation now. HIM professionals have a valuable role to play.

HIM professionals played central roles in their organization’s privacy efforts, ensuring that appropriate policies, procedures, and documents were in plac....

Author: Amatayakul, Margret; Walsh, Tom

Source: Journal of AHIMA

Publication Date: October 2001

Are the majority of passwords in your organization something like “Spot1,” “Spot2,” “Spot3” (for Joe, whose password expires every 90 days and whose dog’s name is Spot)? If so, your organization could be at risk. Here’s what you need to....