31 results.
Things Privacy Officers Can Do Today to Defend Against a Cyberattack
Author: Arvin, Marti
Source: Journal of AHIMA
Publication Date: April 2017
One might ask why a privacy officer even needs to worry about defending against a cyberattack—isn’t that the role of the chief information security officer and the chief information officer? The answer is no. Cyberattacks are not always about technology. The privacy officer is not generall....
Cybersecurity 101
Author: Lucci, Susan; Walsh, Tom
Source: Journal of AHIMA
Publication Date: November 2015
One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....
Industry Awaits Phase 2 of HIPAA Audit Program
Author: Asmonga, Donald D.
Source: Journal of AHIMA
Publication Date: January 2015
The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....
Security Starts at Admissions, But Can’t End After Discharge
Author: Morper, Mike
Source: Journal of AHIMA
Publication Date: November 2014
Admissions and discharge processes can be rife with vulnerabilities and potential HIPAA violations. It is important to address security vulnerabilities and potential compliance problems in the patient admissions and discharge processes. A focus on file destination control, encryption, aut....
Seven Select Questions to Ask Your Privacy Officer (Or Yourself)
Author: Downing, Katherine
Source: Journal of AHIMA
Publication Date: April 2014
On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published the long-awaited HITECH-HIPAA Omnibus Final Rule in the Federal Register. As anticipated, the Omnibus Rule includes some of the most significant changes to patient priva....
Man Your Battle Stations: Feds Plan Cyber Security Hack Attacks
Author:
Source: Journal of AHIMA
Publication Date: March 2014
Frantic instructions to “man your battle stations” is not a command civilians and health information management (HIM) professionals are accustomed to hearing. However, that could soon change as healthcare organizations heed numerous cyber security warnings and prepare for government-plann....
Security Risk Analysis and Management: An Overview (2013 update)
Author: Walsh, Tom
Source: AHIMA practice brief
Publication Date: November 2013
Editor’s note: This update replaces the January 2011 practice brief “Security Risk Analysis and Management: An Overview.”
Managing risks is an essential step in operating any business. It’s impossible to eliminate all threats; however, healthcare organizati....
When to Send a Breach Notification: New HIPAA Rules Revise “Harm” Standard
Author: Warner, Diana
Source: Journal of AHIMA
Publication Date: April 2013
The HITECH Act’s omnibus HIPAA modification final rule, released January 25, 2013, finalized sweeping changes to privacy and security regulations. Though much of the proposed rule was adopted, the omnibus rule included major changes made to the “harm threshold” standard i....
Keeping It Private: Staying Compliant with the HIPAA Privacy and Security Rules
Author: Tomes, Jonathan P.
Source: Journal of AHIMA
Publication Date: March 2012
HHS's renewed interest in auditing for compliance is a good reminder to covered entities to ensure their privacy and security programs are up to date.
The Department of Health and Human Services' (HHS) announcement of a new program to audit compliance with the HIPAA priva....
Automation for Privacy and Security Compliance
Author: McLendon, Kelly
Source: Journal of AHIMA
Publication Date: March 2012
There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.
This in turn has caused little funding to be budgeted by provide....
Security Risk Analysis and Management: an Overview (2011 update)
Author: Walsh, Tom
Source: AHIMA practice brief
Publication Date: January 2011
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
Prepare Now for Coming HIPAA Security Reviews
Author:
Source: AHIMA Advantage
Publication Date: October 2010
Guidance on Risk Analysis Requirements under the HIPAA Security Rule
Author: U.S. Office for Civil Rights
Source: Government (U.S.) | U.S. Department of Health & Human Services
Publication Date: July 15, 2010
Moving Targets: Maximizing the Rewards and Minimizing the Risks of Mobile Devices
Author: Tessier, Claudia
Source: Journal of AHIMA
Publication Date: April 2010
Mobile devices are moving into healthcare with rapid speed, becoming a common health tool for both clinicians and consumers. Provider organizations face a challenge in realizing the opportunities, managing the information, and mitigating the risks.
Just a few short years ago, CIOs we....
How to Conduct an Information Security Risk Analysis
Author:
Source: AHIMA Today
Publication Date: October 07, 2009
Consider the following scenario. During a conversation with your neighbor, you mention that your pediatrician has not yet received the operative report from your daughter’s appendectomy almost three weeks ago. Your neighbor, who resigned as a medical transcriptionist from the local hospital a m....
Information Security Risk Analysis for Health Information Managers
Author: Sheldon-Dean, Jim
Source: AHIMA Convention
Publication Date: October 05, 2009
Background
The HIPAA1 Security Rule2 and other information security regulations require that you perform a risk analysis of protected health information in order to properly focus information security efforts and make sound plans for managing the risks that do exist. Increased threats to....
Securing Portable Devices
Author: Dinh, Angela K.
Source: Journal of AHIMA
Publication Date: January 2009
Reports of data breaches involving portable devices last year ran the gamut from oversight to theft: a college of medicine professor gave away a personal computer containing protected health information, including photos of his patients, to friends; a flash drive containing Social Security num....
Teeth for HIPAA in 2008? CMS Announces Plans for Security “Assessments”
Author: Dinh, Angela K.
Source: Journal of AHIMA
Publication Date: March 2008
Although the HIPAA security rule went into effect in April 2005, the first security audit of a facility’s compliance with the HIPAA security rule did not take place until just last year. That audit was heard around the country, awakening every network, firewall, and security plan in exis....
HIPAA Security Redux: A Re-evaluation Process and Recommended Areas to Review
Author: Adler, M. Peter
Source: Journal of AHIMA
Publication Date: November 2007
Remember the mad scramble to create a compliance plan before the HIPAA security rule deadline? It’s time to revisit that plan.
Publication of the HIPAA security rule created a flurry of discussions, debate, and activity as healthcare professionals grappled wi....
Basics of Risk Analysis and Risk Management
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: August 18, 2005
HIPAA Requirements for Secure Record Storage and Data Transfer
Author: Rosenbaum, Arnold S.; Nelson, Gina A.
Source: AHIMA Convention
Publication Date: October 15, 2004
HHS Secretary Tommy Thompson released the Final Regulations for Security Standards in final form in February 2003. The security standards were developed to help safeguard confidential health information, which is being processed increasingly by computers.
The mandates require covered ent....
Kick Starting the Security Risk Analysis
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: July 2004
Many covered entities are just now starting to approach the compliance aspects of the HIPAA security rule. Why discuss “compliance aspects” and not standards or controls, as we did when preparing for the privacy rule? Privacy and security are long-standing concepts to healthcare,....
Globalization of Medical Transcription Industry Requires Proper Risk Analysis
Author: AHIMA
Source: AHIMA press release
Publication Date: October 30, 2003
AHIMA compiles list of top ten outsourcing questions for healthcare organizations
CHICAGO, October 30-US Healthcare organizations and their domestic transcription vendors are increasingly employing an international labor pool to meet the demand for transcription workloads. This gro....
Security Risk Analysis and Management: an Overview
Author: Amatayakul, Margret
Source: AHIMA practice brief | Journal of AHIMA
Publication Date: October 2003
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
Protecting Your Assets: Identifying and Securing Against Vulnerabilities
Author: Banzhof, Carl
Source: In Confidence (newsletter)
Publication Date: October 02, 2003
In the past year alone, more than 4,100 new network vulnerabilities were identified and reported, according to Computer Emergency Response Team Coordination Center statistics. Throughout the past eight years, this number has dramatically increased, and as a result, IT professionals have inher....
Exploring HIPAA's Security Domains: Access Control Systems
Author: Ruano, Michael
Source: In Confidence (newsletter)
Publication Date: April 02, 2003
Part two in a 10-part series.
This article is the second of a 10-part series that introduces the domains of information security and relates them to federal HIPAA regulations. This second domain of access control systems covers topics that describe the reasoning, risk anal....
Departmental Information Systems and HIPAA: Easing the Tension (part 2)
Author: Nulan, Craig A.
Source: In Confidence (newsletter)
Publication Date: June 02, 2002
Part two in a two-part series.
Part one of this article from the May 2002 issue of In Confidence focused on finding a balance between the needs of the information systems department and the requirements of HIPAA. The article offered tips on conducting an administrative certification as....
Departmental Information Systems and HIPAA: Easing the Tension (part 1)
Author: Nulan, Craig A.
Source: In Confidence (newsletter)
Publication Date: May 02, 2002
This is the first article in a two-part series. Look for part two in the June issue of In Confidence.
Healthcare has an interesting quandary in the areas of HIPAA privacy and security compliance. First, there is the unarguable tension between minimum necessary information access and use....
Securing Your IT Environment from the Inside Out
Author: Bakman, Alex
Source: In Confidence (newsletter)
Publication Date: September 02, 2001
IT security has been gaining in importance throughout the history of digital data, and industries are gradually regulating themselves or facing governmental compliance standards. The healthcare industry possesses some of the most critical data and network technology in that lives and patient....
Developing a Framework for a Security Assessment
Author: Parisien, Darryl
Source: In Confidence (newsletter)
Publication Date: September 02, 2001
Is your organization taking the necessary actions to comply with the security regulations of HIPAA? Do you believe you have more time to comply? If you think you do, you might want to do a little more research. Take note that United States Code Title 42 Section 1320d-2 states:
Each pers....
Internal Audit Model for Information Security
Author: Mead, Kevin
Source: In Confidence (newsletter)
Publication Date: July 02, 2000
Internal auditors are found within many organizations, and have traditionally concerned themselves with the protection of assets. In the past, this manifested itself by the placing of asset tags on furniture and equipment and verifying the presence of the asset each year. Recently, however, i....