Healthcare Security & Compliance Blog

 
  • All Categories
  • Cybersecurity
  • Digital Front Door
  • HIPAA
  • HITRUST
  • NIST
  • Third Party Risk Management

How Healthcare Enterprises Can Deliver Efficient Remediation Across Their Entire Network

Every enterprise healthcare organization understands the importance of cybersecurity, but few have robust processes in place to efficiently remediate vulnerabilities or adapt to future challenges. This puts them at serious risk in 2024.   Security and data breaches impose costs vastly surpassing regulatory fines, with our clients reporting they’ve experienced liabilities…

Read More

How to Prepare Your Organization to Avoid Vulnerabilities in 2024

  Remediating cybersecurity vulnerabilities is not something for your “to-do” list – it is an urgent priority in 2024.  The average healthcare data breach costs nearly $11 million, and given that figure has steadily risen over the years, it is likely to become even more expensive this year. But fixing…

Read More

Devising Your plan for HIPAA Remediation Post-SRA

    Completing your HIPAA SRA is an important step towards maintaining compliance, but you cannot stop there.   Data breaches from exploited credentials require an average of 341 days to be contained and remediated. So you need to start fixing any vulnerabilities discovered in your 2023 SRA now to avoid…

Read More

The National Health Emergency Ended 6 Months Ago: HIPAA Compliance Can No Longer Wait

  The Biden administration officially ended the COVID-19 Public Health Emergency (PHE) over six months ago. But many healthcare enterprises still have not addressed the implications this has on HIPAA compliance.   During the pandemic, the Office of Civil Rights (OCR) announced a range of exceptions and waivers to help healthcare…

Read More

5 Recent HIPAA Breaches (And How to Make Sure You’re Not Next)

A recent wave of HIPAA security breaches has sent a clear message to the healthcare industry: regardless of a covered entity’s size or presence, the reputational and financial risks associated with any form of non-compliance are simply too big to ignore. And with the number of cybersecurity incidents reported to…

Read More

4 Ways Assessors Make Your HIPAA SRA Painless

  Every healthcare covered entity must complete their HIPAA Security Risk Assessment (SRA) by December 31st – and time is quickly running out. But many private practices and healthcare organizations are not sufficiently prepared to complete their SRA alone. The assessment is lengthy and complex, and most organizations simply do…

Read More

How to Be HIPAA Compliant: Is Training Enough?

In the ever-evolving world of healthcare, protecting sensitive patient information isn’t just a good practice—it’s the law.   HIPAA has long been the North Star guiding healthcare organizations toward data security and patient privacy, while employee HIPAA training is often the first step taken to ensure compliance.  But while HIPAA compliance…

Read More

Who’s Completing Your HIPAA SRA This Year? How to Decide

The deadline for submitting your HIPAA security risk assessment (SRA) is getting closer.  And the biggest mistake small and medium-sized businesses (SMBs) can make is waiting until the last minute to start thinking about the assessment.   Many healthcare organizations, especially small ones, feel heavily burdened by the complexities of the…

Read More

5 Things You Need to Know for HIPAA Compliance in 2024

HIPAA compliance is changing. New ways of working in the healthcare industry, the migration to digital, and evolving technologies have driven updates to the HIPAA privacy rule in 2023 that will become fully enforceable in 2024. But it’s not just the official rules that have changed; it’s also the approach to…

Read More

3 Strategies for Eliminating HIPAA Location Sampling Risks

Healthcare organizations that have many locations often resort to making the difficult choice of sampling care delivery locations to manage cost and scope when performing their annual HIPAA Security Risk Assessment (SRA). As our previous article on location sampling illustrates, organizations struggle to fully assess all locations due to the…

Read More

The Risk of Sampling Care Delivery Locations for Your HIPAA SRA

The HIPAA Security Rule requires that Covered Entities and participating Business Associates perform an annual Security Risk Assessment (SRA) to demonstrate that they are taking steps to safeguard Protected Health Information (PHI).     While conducting an SRA is a straightforward idea, how this applies to larger organizations with multiple care delivery…

Read More

5 Principles to Keep in Mind When Starting Your Security Risk Assessment

Healthcare organizations in the United States have been the most compromised by data breaches for several years, and that’s not likely to stop anytime soon.1  That’s why organizations in the healthcare industry, regardless of size, must conduct an annual security risk assessment (SRA) to identify vulnerabilities, remediate risk, prevent dangerous…

Read More

7 Reasons Why Your HIPAA SRA Is Taking Too Much Time

Almost all healthcare organizations in the United States – large and small – are required by the Federal Government to complete an annual HIPAA Security Risk Assessment.  The purpose is to certify that they are taking adequate steps to protect sensitive patient health information that is in their care. Unfortunately,…

Read More

Act Now: The Risks of Postponing Your HIPAA Security Risk Assessment

We’re over halfway through the calendar year– have you started your HIPAA SRA yet? Between the endless day-to-day needs of an organization and complicated HIPAA requirements, many organizations elect to wait until the end of the year to conduct their HIPAA assessment. While it may be tempting to push your…

Read More

The Five Best HIPAA Compliance Software Packages

What are the common challenges organizations have when complying with HIPAA?  There are several options when considering software packages to help you complete a required HIPAA annual security assessment.  As the provider of HIPAAOne, we thought it would be helpful to describe some ways these products fit a variety of…

Read More

10 Things You Should Demand of Your HIPAA Software

HIPAA security and privacy are cornerstones of basic healthcare security practice. Why? Because your organization’s stored protected health information (ePHI) is the single most important vulnerability your company or medical practice has. ePHI is very valuable to hackers, is sometimes easily available to be stolen, and you face significant fines…

Read More

Defending Yourself in the Event of an OCR Reportable Breach

Between 2009 and 2021, the Office of Civil Rights (OCR) received 4,419 data breach reports involving 500 or more medical records for healthcare entities.  And that number just keeps growing.  So, what can you do if you experience the loss of protected health information (PHI) that results in an OCR…

Read More

Cybersecurity and Assessments for Hospitals: From 0 to 100

Hospitals and provider organizations are entrusted with patient data that is among the most valuable to cybercriminals while at the same time among the most highly regulated (HITECH act/HIPAA Rule).     On top of this, a medium-sized hospital system operates several hundred software packages and hundreds of different types of connected…

Read More

How To Improve Your Healthcare Cybersecurity Posture In 2023

Post-COVID cybersecurity has been driven to new heights of threats, costs, awareness, and accountability. With the latest Becker Healthcare press releases regarding breaches, it’s no surprise that cyber-insurance premiums are increasing by 50% or more. Every healthcare organization we speak with has Board-level “cyber” reporting and accountability.  What can you…

Read More

HITRUST Certification Cost: How to Streamline & Scale the Comprehensive Process

Any healthcare cybersecurity or risk management professional will tell you that HITRUST is the definitive “Gold standard” for compliance and risk mitigation. Why? It stems from thorough, precise methodology combined with a holistic view of verified, implemented controls and organizational processes. There’s simply no substitute in today’s sophisticated, high-stakes era…

Read More

Cyber Insurance for Healthcare: Are You Compliant with Your Own Cyber Policy?

Legal fees. OCR fines. Insurance costs. Community embarrassment. When it comes to a cybersecurity breach, the price healthcare organizations have to pay adds up, both literally and figuratively.  That’s where cyber insurance for healthcare comes in. Insurance can help cover the steep cost of data breaches; no wonder the cyber…

Read More

Cybersecurity Nightmares: The Cost of Healthcare Cyberattacks in 2023

Cyberattacks have always been common in the healthcare industry, but activity has increased sharply in the past few years.  Healthcare organizations worldwide averaged 1,463 cyberattacks per week in 2022, up 74% compared with 2021. The average cost of each breach is about $10 million, making healthcare the largest and fastest-growing…

Read More

18 HIPAA Identifiers: What They Are & Why Knowing Them Matters

Between 2017 and 2021, complaints about HIPAA violations increased by 39%, and significant breaches reported increased by 58%.  There are several reasons why HIPAA violations continue to increase, including covered entities and internal employees not knowing the full extent of the HIPAA Privacy Rule and its mandatory protection of PHI. …

Read More

HIPAA Exceptions: What You Need to Know

On the average search engine result page, you can find countless articles dedicated to one complex topic: exceptions to the HIPAA Privacy Rule.  With headlines such as “Exceptions to the HIPAA Privacy Policy” becoming fairly prevalent, it’s easy for covered entities to mistakenly believe that they can be more lax…

Read More

HIPAA 101: What Does HIPAA Mean?

  “HIPAA: The federal law many people don’t actually understand.”  That’s the telling title of a recent news article, which goes on to state that it’s not spelled “HIPPA” or “HIPPO,” but rather HIPAA, the elusive healthcare-related act that even healthcare professionals sometimes get wrong.   Many hear about HIPAA within…

Read More

Avoid Phishing Attacks with HIPAA Training for Medical Office Staff

In 2022, 36% of all data breaches involved phishing.  Phishing in healthcare has become an increasingly popular tactic for cybercriminals looking to breach databases and collect sensitive health records to sell or hold ransom.  What exactly is phishing, why is it so dangerous, and how can HIPAA training for medical…

Read More

What Entities and Information Does HIPAA Protect?

  An individual’s medical and healthcare records often contain sensitive identifying information that many bad actors would like to get their hands on.  It’s no surprise, then, that 95% of identity theft incidents come from stolen healthcare records.  Health records have to be protected at all costs, which is why…

Read More

Back to the Basics: What is the HIPAA Privacy Rule?

As of November 2022, the Office for Civil Rights (OCR) has settled 126 cases of HIPAA violations for over $133 million.  Complying with the HIPAA Privacy Rule is a critical, ever-evolving piece of healthcare and patient privacy. A breach of HIPAA can – and often does – result in costly…

Read More

4 Steps to a Successful HIPAA Security Risk Assessment

There is a 75.6% chance of a breach of at least five million healthcare patient records in the next year.  This is especially problematic for small healthcare organizations; 20% of small practices have experienced a breach, and 75% of breaches reported to the HHS were hacking or IT incidents.  Mitigating…

Read More

How Small Physician Practices Can Assess HIPAA Security Risks

With the number of possible violations that can land you with fines or even criminal charges, following HIPAA regulations is critical to protecting your patients’ privacy and keeping your practice alive. Constant vigilance and routine security and privacy risk assessments are vital to staying compliant.  But what if you are…

Read More

5 Things You Need to Know for HIPAA Compliance in 2023

HIPAA compliance is changing. New ways of working in the healthcare industry, the migration to digital, and evolving technologies have driven updates to the HIPAA Privacy Rule, set to take effect in 2023. But it’s not just the official rules that have changed; it’s also the approach to compliance.  If…

Read More

4 Key Elements of HIPAA Compliance in Today’s Evolving Environment

HIPAA compliance remains a critical and ever-evolving piece of healthcare and patient privacy. HIPAA (Health Insurance Portability and Accountability Act) protects sensitive patient data and health information, upholding the integrity of medical and healthcare organizations and supporting patient rights. However, with the ongoing and explosive escalation of new technologies like…

Read More

405(d): What is it and why should you care?

What is 405(d)?  With security incidents and breaches increasing year over year within the healthcare sector, it is up to both public and private organizations and cybersecurity experts to build a more secure healthcare system. In 2015, congress passed the Cybersecurity Act to help combat the increase in cyber threats…

Read More

Keys to Successfully Achieving HIPAA Compliance

Are you looking for some best practices to complete your HIPAA  compliance this year? We can help! Here are a few things you can do throughout the year that will go a long way to ensuring security and compliance. Many organizations put off completing their Security Risk Assessment (SRA) until…

Read More

HITRUST i1 Frequently Asked Questions

During a recent webinar we received several questions about the new i1 and r2 HITRUST assessment options. For easy reference, we’ve summarized the questions and answers in this blog post. Q. What was the basis for deciding which controls go into i1? A. HITRUST took several frameworks and industry segments…

Read More

So Many HITRUST Offerings: Which Option Is Right For You?

Understanding the nuances of the new HITRUST assessment portfolio can be difficult, especially when trying to determine which assessment is right for you. In this blog we will outline the types of HITRUST assessments, their differences, key characteristics, and possible use cases for each. Starting with the highest level of…

Read More

Navigating Your HITRUST Assessment Scope

What is a HITRUST assessment scope and why is it so important? Scoping is the process of outlining the systems and datasets you plan to include in your HITRUST assessment. It is a necessary step in the HITRUST process and should be your first level of engagement with HITRUST. Scoping…

Read More

CMS Requirements for MIPS 2022 – What’s at Stake?

Written by Sarah Reiter, SVP Strategic Partnerships with Health eFilings On November 2, 2021, the Centers for Medicare and Medicaid Services (CMS) issued the Final Rule for the 2022 MIPS program.  These rules detail the requirements for this MIPS reporting period, which started on Jan. 1, 2022, and align with…

Read More

How to Quickly Address Your HIPAA Compliance Issues

Let’s be honest, if you are reading this, you probably still have “complete your HIPAA Security Risk Assessment (SRA)” on your to-do list and you are wondering what you can do to get it done before the end of the year. (December 31st is right around the corner) We understand procrastination, but we also understand the importance…

Read More

Addressing HIPAA Privacy Rules and Cybersecurity for Hospitals and Health Systems

Managing HIPAA compliance can be a messy, complex process; especially for hospitals and health systems managing compliance for hundreds of individual clinics and practices. It can be difficult to track, maintain and report on risk management and cybersecurity efforts. Many organizations are using time-consuming manual processes such as spreadsheets and emails for compliance, which can require a significant investment of time,…

Read More

The Simplest Way to Manage Your Business Associate Agreements

Importance of a Business Associate Agreement The Privacy Rule under HIPAA requires the safeguarding of protected health information (PHI) and applies to all covered entities (CE) – healthcare providers, health plans and healthcare clearinghouses. Most providers do not carry out ALL their necessary healthcare functions. Billing, medical software, and electronic…

Read More

Essential Tips for HIPAA Security, Privacy, & Breach Compliance

HIPAA compliance can be difficult to approach on your own. Healthcare providers and their business associates are required to perform an annual HIPAA Security Risk Assessment (SRA) to ensure that proper physical, administrative, and technical controls are in place to protect health information. By performing a security risk assessment, not…

Read More

Implementing cybersecurity measures BEFORE you experience a breach

A cybersecurity nightmare “IT just informed us that our main software platform has been hacked.” A statement no CISO wants to hear. Do you have a plan for what to do next? Are you prepared to handle this? How will you recover servers and client data? As an organization, are…

Read More

Remote Cybersecurity: Best Practices

Remote work is here to stay  Many of us have been working remote for over a year now. The pandemic hit in March of last year and virtually all industries had to adapt. The transition was sudden at the time, and IT and security personnel quickly had to organize their workforce to successfully work remotely. Work from Home (WFH) is no longer a temporary solution…

Read More

HIPAA Compliance in the Changing World of Healthcare

A Changing World of Health Care The health care and HIPAA landscape have changed dramatically since the beginning of 2020. Reliance on telehealth and telecommuting has put practices at further risk for security breaches. Cyber Threats (Ransomware, Email Phishing, etc.) are increasing and becoming more successful. These are just a…

Read More

Elevating Your Privacy Compliance

Proposed changes to the HIPAA Privacy Rule are expected to be finalized in late 2022, with compliance enforcement likely beginning in 2023. These changes reflect the health care industry’s increased use of mobile communication, telehealth platforms and electronic health records, as well as updates to right to access requirements that…

Read More

The History of HIPAA and HITECH: Everything You Need to Know

The Establishment of HIPAA The Health Insurance Portability and Accountability Act, also known as HIPAA, was established on August 21, 1996. HIPAA was created to promote the portability and accountability of health insurance coverage. Consequently, it has affected the way healthcare organizations handle all facets of information management, including reimbursement,…

Read More

NIST RMF: The “Prepare Step” of Implementation

The NIST RMF is increasingly being seen as the gold standard for industries with critical or highly sensitive data needs – such as healthcare. It is an effective security planning and management framework that enables a comprehensive picture of organizational risk. This helps organizations build a solid risk management strategy, understand the areas that matter most to their organizational security and enable them to properly perform their essential business functions.   NIST RMF:…

Read More

Choosing a HIPAA Security and Privacy Officer for Your Compliance Program

What is the purpose of a HIPAA Privacy and Security Officer? First and foremost, appointing a HIPAA Security and a HIPAA Privacy Officer is a requirement, per 164.308(a)(2). In the past, healthcare providers were not protecting patient information as they should, so the federal government stepped in and implemented the…

Read More

HIPAA Violations: Who Enforces Them & How to Avoid Them

The Health and Human Services, Office for Civil Rights (OCR) is the governing body that enforces HIPAA and the consequences of HIPAA non-compliance. Periodically, the OCR will send out updates and announcements of recent HIPAA infractions. These announcements typically outline the HIPAA violation, the fine associated, and what corrective action…

Read More

Military service to country provides Intraprise Health staff with lifelong memories and skills

Serving our country is meaningful for Intraprise Health, especially for those employees who have served in the U.S. military. As a healthcare focused IT security firm, located in Yardley, Pennsylvania, Intraprise Health relies on its strong core of veterans to navigate the ever-changing cybersecurity landscape. Read full article

Read More

New State order for Health Insurance Companies

Insurance Data Security Risk Assessment and Reporting The state of Virginia announced this week that they have made changes to state HIPAA laws (14VAC5-430) and are now formally requiring health insurers to perform an annual NIST-based Cybersecurity Risk Assessment. The new requirements were released in a statement from the Commonwealth of…

Read More

What Is HITRUST? The Definition and Benefits of HITRUST Certification

Today, covered entities and business associates are addressing a wide-range of regulatory requirements necessary to solve the growing complexities in the healthcare industry. Evolving technologies, migration to the Cloud, and cyber threats like ransomware are just a few top-of-the-mind issues. Combine those with regulations under HIPAA, Meaningful Use, PCI, COBIT…

Read More

We can help you access the LADMF

What is the LADMF? Healthcare organizations must access the LADMF to keep records up to date and prevent fraud. LADMF stands for Limited Access Death Master File, it is a database maintained by the Social Security Administration and contains over 86 million records on deceased individuals. This online file has many…

Read More

Understanding & Complying with HIPAA: Know Your Risks

HIPAA laws can be complex and challenging, but they are also increasingly critical for healthcare practices to understand and be in compliance. As more of your practice becomes digital in one form or another—electronic health records (EHRs), remote patient monitoring, practice management systems, medical billing software—your risk of a breach…

Read More

I have experienced a breach, now what?

What should I do? Navigating the world of HIPAA can be difficult; and in the event of discovering a breach, many are unsure of how to proceed. According to the Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR), “a breach is an impermissible use or disclosure…

Read More

Fast and Easy Online HIPAA Training & Certification

Need to complete your annual HIPAA training? Get started today with the HIPAA One® Knowledge Center! HIPAA One® Training Platform HIPAA training is an important element of any HIPAA compliance program. At Intraprise Health, our goal is to provide a training solution that simplifies the HIPAA compliance and certification process. As…

Read More

HIPAA One® Summer Release 2020

Intraprise Health is excited to announce the new features and updates for our HIPAA One® Summer Release 2020. The updates added to the HIPAA One® platform are designed to enhance the user experience through easier navigation, simplified workflows, and customized reporting. As an industry-leader for HIPAA compliance, our goal is…

Read More

The Protection of ePHI in the Face of Telehealth and COVID-19

What is Telehealth? The Health Resources Services Administration (HRSA) defines telehealth as, “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health, and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”…

Read More

HITRUST Assessments: Relying on the work of others

HITRUST has been a trusted framework since it was founded in 2007. It was created to champion programs that safeguard sensitive information and manage information risk. Intraprise Health is one of the first certified HITRUST assessors and is 100% healthcare focused.  We know the importance of ensuring organizations are secure…

Read More

Microsoft Office and HIPPA Business Associate Agreements

Note: This information has been updated, please visit our Microsoft Office 365 page. Health and Human Services (HHS) defines a Business Associate as, “any entity or person that is not directly employed by a provider, but who works with and on behalf of the provider and has access of the…

Read More

Healthcare Payers: Scalability and Risk Management-Based Prioritization

April 2020 As healthcare payers surge to meet the increasing needs of their members and health system partners, their IT and security teams are gleaning some timely reminders that scalability and adoption of a risk management framework are critically important in times of crisis. What is Scalability in Healthcare? Scalability…

Read More

Staying Alert: Coronavirus-themed phishing emails on the rise

COVID-19 phishing emails: The second virus you didn’t see coming As the Coronavirus spreads around the world, much of the workforce has been invited to work remotely for the next few weeks. It is important to uphold current security measures as well as implement new security measures to ensure the…

Read More

Coronavirus and HIPAA Compliance

During a public health emergency, it can be confusing to know what information can be shared about individuals who have contracted COVID-19 and those suspected of exposure. To help organizations navigate the complexities of sharing information, we want to walk through what disclosures are permitted. Before we jump in, it…

Read More
cybersecurity resources for healthcare

Resources for Healthcare Organizations During COVID-19 Pandemic

As COVID-19 changes the way many healthcare organizations are operating, Intraprise Health has been compiling a list of resources that we think will be useful to your organization.  Our team of cybersecurity experts has been fielding questions from clients on many of these topics.  Links to resources such as securing your work from home force, to…

Read More

Developing a HIPAA Contingency Plan in the Shadow of COVID-19

We’ve received several inquiries from our colleagues in the healthcare industry related to the increased prevalence of remote work and contingency operations. Given these uncertain times, we wanted to share a few thoughts that might help as we proceed into some new and uncomfortable realities. Business as Usual (As Much…

Read More

HIPAA Compliance Resources for COVID-19

With the recent Coronavirus outbreak, many healthcare professionals and business associates have questions about staying HIPAA compliant during a public health emergency. It can be confusing to know what information to trust. We have complied a list below of trusted sources for COVID-19 updates and HIPAA.   COVID-19 Resources: CDC.gov/coronavirus…

Read More
Penetration Testing - why you need it

What is a Penetration Test & How Do You Request One?

As we continue to rely on the interoperability of our computer systems in our everyday lives, we must remember this interconnectivity comes with a price. The ability to access devices remotely over the internet has created a new world of ease and freedom which can be manipulated by malicious actors. It’s quite eye-opening in its simplicity: If a device is…

Read More

Lessons learned from a $65,000 HIPAA fine

Last week the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a press release announcing that West Georgia Ambulance has agreed to pay a settlement of $65,000. In addition to the monetary penalty, the organization agreed to adopt a corrective action plan that includes two years of monitoring…

Read More

The Present (and Future) of Healthcare IT Security

It has been another busy year for Healthcare IT. Between acquisitions, changes in regulations, and IoT, there has been a lot of progress. However, there is one trend we aren’t so proud of and that is the number of breaches that have happened in 2019. If you made it to…

Read More

HIPAA Enforcement is Here to Stay

Even though Meaningful Use, now MIPS, has been in production since 2012, often, we hear healthcare providers tell us they haven’t started their HIPAA compliance because they are too small to worry about being audited. Some also claim that the Office of Civil Rights (OCR) has eased their enforcement of…

Read More

Top HIPAA Compliance Pitfalls to Avoid

If you work in the healthcare industry, you have heard the term HIPAA. Many healthcare professionals understand the basics of HIPAA, but few know what is required to fulfill HIPAA requirements and to be “HIPAA compliant.” This is especially concerning because organizations that don’t understand are neglecting to prioritize their…

Read More

Substance Abuse and HIPAA

War on Drugs It was the 1970’s: a time of disco dancing, polyester suits, and crazy nights. It was also time of increasing stress, depression, and anxiety following the Vietnam war and Watergate scandal. Many people were looking for an escape and turned to alcohol and drugs. This new era,…

Read More

Raising the standard of cybersecurity

New cybersecurity questions have been added to the HIPAA One® Security Risk Assessment. Cyberattacks on healthcare organizations are continuing to rise and the threat of a breach is a top concern for many organizations. Each time we turn on the news there is a new report of a ransomware attack…

Read More

Why it might be time to ditch SMS for MFA

BLUF: multi-factor authentication (MFA) utilizing SMS (i.e. text messaging) leaves an organization open to vulnerabilities. IT departments, users, and platform operators should cease use in lieu of vastly more secure app-based or hardware options. If you are serious about security, it is time to think twice about using text-messaging (SMS)…

Read More

Mitigating the Risks of Ransomware Attacks

It’s no secret that organizations across the world in nearly all verticals have been reeling from the destructive effects of ransomware over the past several years. News outlets have been flooded with tales of lost productivity, revenue, and exorbitant sums paid. And from our experience, a substantial majority of these…

Read More

What to Know About Split Tunneling

Today’s modern networks require flexibility to allow workers to work from multiple locations.  One of the most common methods to achieve remote network access is a Virtual Private Network (VPN).  VPN’s can come in all shapes and sizes, from hosted to on-premises, to in the cloud, and can be built…

Read More

Security is a necessity, NOT a luxury

I recently read a story about a man who won the lottery. Unlike most, this man opted for an annuity payment rather than the lump sum payment. This resulted in a smaller yet substantial sum of money being awarded annually over a twenty-year period. As time went on, the man…

Read More

Ransomware: 3 ways to protect your organization

News Update: healthcare organizations are being hacked 24/7. Those experiencing a ransomware attack can feel similar to having your home burglarized. In many cases, targeted hacking is financially motivated to hold data hostage and make payroll.  Hackers target executives because they have a lot of access to secured information. With…

Read More

How to Prepare for HITRUST Certification: Gaining Organizational Support

Why HITRUST? More than 81 % of U.S. hospitals and health systems and 80 % of U.S. health plans use the HITRUST Common Security Framework (CSF). It provides an implementation standard that is understood and accepted throughout the healthcare industry. Having HITRUST certification in place shows other healthcare entities that…

Read More

Zero Trust Architecture and the Future of Networking

By Joshua Perri In today’s networks, having a strong defense at the perimeter-points is not sufficient to keep your data safe. The IT landscape moves very quickly and so do the threats that we face. Strong networks will implement additional defenses to protect the internal boundary points. These additional defenses…

Read More

A Balance of Trust: New Guidelines for Business Associates Under HIPAA

The relationship between a covered entity and business associate requires a delicate balance of trust. This balance of trust works because each is invested in the security and protection of personal health information. As a covered entity, it is important to partner with business associates that have a strong security…

Read More

Don’t get caught! Five ways to avoid a phishing scam

I love to spend time with my family. Some of our favorite outdoor activities include skiing and mountain biking. Unfortunately, this time of year it is hard to do either activity because the snow is too slushy to ski and the canyon trails are too muddy to mountain bike. However,…

Read More

Tabletop Exercises in Cybersecurity: Unappreciated and Underutilized

Not Just a Government Tool: Tabletop Execise’s Value for Cybersecurity Government defense and response agencies from the Pentagon to FEMA, from state government to the EPA, have been conducting tabletop exercises (TTXs) for years. Why? In a word: they work. Cybersecurity attacks have been increasing in numbers and complexity against…

Read More

4 Tips to Help You Protect Your Medical Devices

How do you best protect your hospital or health system from the unique threats posed by unprotected medical devices? We asked our expert Ryan Patrick, for some tips.

Read More

DV-NJ HIMSS Post-Conference Blog

Inspira Health Network: Using CRM to Create an Engagement Ecosystem

Read More

Patient Engagement Platform at Inspira Health Network

Health network uses Dynamics 365 to transform care delivery and wow patients July 13, 2018 In a market where every provider delivers quality, Inspira Health Network wanted to go one step further by offering wow-factor patient service. So, the New Jersey–based healthcare provider adopted Microsoft Dynamics 365 to deepen its…

Read More

Inspira Health Network: Using CRM to Create an Engagement Ecosystem

By Jeff Fisher Product and Client Strategy, Intraprise Health In 2016, Inspira Health Network came to Intraprise with a goal: “Wow the patient.” As reimbursement models shift and healthcare is becoming more consumerized, forward-thinking health systems like Inspira are seeking new market differentiators to draw in clients.

Read More
Webinar: Scaling Third Party and Enterprise Risk Management webinar

Four Tips to Help Protect your Medical Devices

The Challenge of Medical Devices:  Medical devices represent significant exposure and potential vulnerability to healthcare organizations. There are thousands of medical devices in use even in small medical operations. These devices are generally made to meet a specific use, and not often created with security at top of mind. They…

Read More

POODLE and the BEAST: Ensuring you’re protected with Transport Layer Security

Transport Layer Security (TLS), and its predecessor Secure Sockets Layer (SSL), have come under scrutiny by security researchers and advisors in the wake of numerous vulnerabilities that plague their older versions. SSL/TLS are cryptographic protocols utilized while web browsing, emailing, and using Voice Over IP (VOIP) services.

Read More

Take a fresh look at your annual Security Risk Assessment (SRA)

Organizational Resilience and Security Risk Assessments The importance of a Security Risk Assessment is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at…

Read More

Am I a Business Associate Under HIPAA? Why Should I Care?

Back in 2013, when Edward Snowden was in Hong Kong revealing he leaked documents detailing mass-surveillance programs by the U.S. government, the Department of Health and Human Services (HHS) was creating the Final Omnibus Rule. This rule extended its regulatory reach beyond covered entities (e.g. healthcare providers, health plans, and clearinghouses)…

Read More

Configuring Microsoft Office 365 for HIPAA Compliance

Organizations in every industry are upgrading to Microsoft Office 365 to improve security. A common concern among healthcare professionals is that using Office 365 and Microsoft Teams exposes an organization to HIPAA violations. If Office 365 is implemented without the correct security configurations, that is likely true. However, Office 365…

Read More

HIPAA Security Checklist

Our complimentary HIPAA Security Checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR § 164.300 et seq. You can download our checklist here. For additional resources concerning Security Rule requirements and compliance assistance, see the Office for Civil Rights (OCR)…

Read More

Healthcare Continues to Dominate Breach Related Costs

Across the country, healthcare organizations have a Goliath size security problem. For an eight-straight year, healthcare has the highest breach-related costs of any industry at $408 per lost or stolen record, nearly three times the cross-industry average of $148. Without a commitment to cyber-security, healthcare entities and their valuable databases containing…

Read More

Similar But Different: HIPAA Gap Assessment vs. Risk Assessment

If you’ve heard the terms gap assessment and risk assessment used interchangeably before in privacy or security conversations, you are not alone. At Intraprise Health, we have found that there are quite a few misconceptions about these two approaches and how to differentiate between them. In this post, we’ll define…

Read More

Windows 10 and GDRP vs. HIPAA Compliance

Note: This information has been updated. Please visit our M365 Compliance page. On April 14, 2016, the European Union (EU) ratified the final version of the General Data Protection Regulation aka GDPR. The new GDPR regulation has been characterized as the most sweeping and impactful change to privacy and data…

Read More

GDPR and the Impact on U.S. Healthcare Providers

A new acronym has begun popping up within the healthcare technology community and is slowly beginning to gain momentum in the way of media coverage and industry articles. If you’ve heard the term GDPR in the past few months and did not understand what it was referring to, know that you’re not alone. In fact,…

Read More

Cloud Security in Healthcare

Guest Blog by Yiannis Koukouras, TwelveSec in collaboration with the HIPAA One/Intraprise Health team In our culture, something or someone is always trending. Whether it be bell-bottom jeans in the ’70’s, playing Nintendo in the ’80’s or watching stock market go up and down (whenever!), trends are a lenses through…

Read More

What are the Consequences of Violating HIPAA?

A recent HHS Office for Civil Rights email blast outlined a story that many of us have heard before: another business closed with significant monies paid out in fines. Filefax, Inc. has agreed to pay $100,000 to settle potential violations of the HIPAA Privacy Rule. Once a medical records storage company…

Read More

We’ve Helped Many Access the LADMF! Need Assistance?

Note: This information has been updated. To see the latest updates, read our most recent blog. Last May, we wrote a “How To” blog on the Social Security Limited Access Death Master File (LADMF) aka DMF and the response has been overwhelming! The Intraprise Health team is delighted by how…

Read More

Newly Released Whitepaper Co-Authored with Microsoft

We updated our Microsoft Whitepaper in November of 2021. For more recent information on the subject, click here. The concept of the “Internet of Things” (IoT) is becoming an increasingly growing topic of conversation as  more and more companies are interconnecting everyday objects around us to the internet, such as:…

Read More

PCI vs. HIPAA Compliance

A common question among covered entities that we encounter time and time again is, “What is the difference between PCI and HIPAA Compliance?” This question becomes even more frequent when news breaks of breaches in businesses that are PCI-compliant and HIPAA covered entities. According to a recent Identity Theft Resource Center data…

Read More

Need to Access the LADMF? We can help

Note: This information has been updated. You can read our latest LADMF blog here. In the world of HIPAA compliance, sometimes the only constant is change. It is not out of the norm for one of our clients to come to us with a question or request that at times,…

Read More

HIPAA Security Officer

Note: This blog was written a few years ago. For up-to-date information regarding HIPAA security and privacy officers, please read our most recent blog on the subject. The concept of a HIPAA Security Officer is relatively new. Starting in 2012,  we have seen IT Managers and CIOs deputized as the “HIPAA Security Officer”…

Read More

What is HR’s Role in HIPAA Compliance?

In recent years, many healthcare organizations have faced the same question: Which department should be tasked with Health Insurance Portability and Accountability Act (HIPAA) compliance? More times than not, the finger points to IT. However, in doing so, organizations are overlooking the key component Human Resources (HR) should play in…

Read More

OCR HIPAA Audit Program: What You Need to Know

Note: This blog was written a few years ago and there have been changes to HIPAA audit protocols not reflected here. For more up-to-date information, check out our more recent blogs, or contact us for a quick call. With the pinnacle of patient breaches hopefully behind us (e.g. Anthem/WellPoint breach,…

Read More

7 Ways Employees Can Help Prevent HIPAA Violations

There are several elements of working in healthcare that are not dissimilar from other careers in other industries. You need to come to work on time, work hard while clocked in, get along with the other staff members, be a good representative of your company and so on. But there’s…

Read More

Dental HIPAA Compliance: What You Should Know

Today, most dental offices run electronically. From having patients fill out forms to checking them in to appointments to filing dental records and more, it’s all done electronically. Why? Because the advancements of technology allow dentists to run their offices more efficiently than ever before. But since we live in…

Read More

5 Most Common HIPAA Privacy Violations

The HIPAA Privacy Rule was put in place to provide rights to access and amend our protected health information (PHI), appropriate disclosures and help reduce fraud, waste and abuse. If your facility and its network aren’t HIPAA compliant, the costs may be significantly higher than taking action. HIPAA compliance violations…

Read More

Key Differences of Covered Entity vs. Business Associate

Knowing the distinction between a covered entity and a business associate is essential because the Health Insurance Portability and Accountability Act Privacy Rule (HIPAA) is administered differently between the two. By knowing the distinction, Compliance Officers and staff can better understand the Office of Civil Rights’ (OCR) expectations of their…

Read More