Recorded Webinars

George Pappas, CEO of Intraprise Health, joins Karen Jagoda, host of the Empowered Patient Podcast, to discuss the complex cybersecurity challenges in healthcare, largely due to outdated and diverse IT systems. George explains, “The net situation is that these large technology companies that serve healthcare and hospital systems and large…

Healthcare organizations understand they need to improve their cybersecurity and risk management processes – but most struggle to establish a consistent approach to these challenges.  That is why industry experts promote the NIST cybersecurity framework (CSF) as an essential tool for healthcare organizations. With robust guidance across five key “functions,”…

From the Change Healthcare attack to the increased enforcement of penalties for HIPAA breaches, the last year has sent a clear message to healthcare leaders: a refreshed approach to risk management is needed.  But what exactly should that approach look like? And do emerging models like integrated risk management (IRM)…

The Office for Civil Rights (OCR) has dealt nearly $6 million1 in fines for HIPAA non-compliance in 2024. However, for many healthcare cybersecurity teams, the regulations are highly complex, and the “three rules” of HIPAA are still unclear, making a violation far more likely.highly complex and the “three rules” of…

The Health Insurance Portability and Accountability Act (HIPAA) is a critical part of any healthcare organization’s compliance program. From annual security risk assessments (SRAs) to ongoing remediation efforts, healthcare cybersecurity teams are heavily occupied with these regulations.  However, many organizations are still not sure exactly what the risks of non-compliance…

Few phrases fill healthcare professionals with more anxiety than “HIPAA violation.” From public disgrace to seven-figure fines, the last few years have shown just how serious non-compliance can be for organizations and individuals.   But what are the most common HIPAA violations? And how can you ensure your organization doesn’t fall…

There’s a good reason the term “HIPAA headache” resonates with healthcare cybersecurity teams: the sheer complexity of the regulations can make it hard to even know whether your organization is currently compliant – let alone do anything about potential breaches.  One of the biggest contributors to that complexity is the…

With the threat from cybercriminals growing and the cost of breaches rising, healthcare cybersecurity is no longer just a question of compliance – it is a matter of patient and organizational safety.  This Week Health recently brought George Pappas, Intraprise Health CEO, and Scott Mattila, Intraprise Health CSO, onto their…

Change Healthcare’s billion-dollar ransomware attack has woken many leaders up to the urgent necessity of stronger cybersecurity. But most media reports focus on only a handful of high-profile risks – and obscure many other urgent threats to healthcare cybersecurity.   This article redresses that imbalance, exploring five underestimated risks healthcare cybersecurity…

The healthcare sector’s long-overdue digital revolution has enhanced patient care, communication, and organizational efficiency. But the transformation came with a hidden cost – and leaders have only recently begun to pay it sufficient attention.  Large, complicated digital supply chains offer the perfect opportunity for cybercriminals to infiltrate healthcare systems and…

The healthcare industry is undergoing a cybersecurity reckoning – and executives are finally taking proactive steps to tackle the evolving and looming threat of cybercrime.  The average healthcare organization has increased cybersecurity headcount by 30% since 2019, with the security’s share of the IT budget growing from 5% to 7%…

The healthcare industry is experiencing a long-overdue digital revolution. 74% of American patients used telehealth in 2023, while the size and value of the Internet of Medical Things (IoMT) is projected to grow nearly 600% by 2032. But this rapid transformation presents a challenge for cybersecurity leaders.  More interconnected digital…

When a cyber-attack forced Change Healthcare to shut down 111 different services and pay a $22 million ransom in early 2024, it sparked enough outrage to prompt an investigation from Congress.   This was one of America’s largest health information exchange (HIE) platforms, responsible for roughly a third of the country’s…

Third-party vendors are the Achillies heel of healthcare cybersecurity. As providers have become more aware of cyberthreats, attackers have changed tactics. Rather than attempting to access data from hospitals directly, a growing number of criminals target third-party vendors whose products are integrated within these organizations’ digital ecosystems – and often…

Cybersecurity remediation management could be summed up in a single phrase: clarity is power.   With clear instructions and a deep understanding of the goals, risks can be addressed and resolved quickly and effectively; without them, budgets overrun, teams miscommunicate, and the entire process can last months longer than necessary.  That…

With the growing complexity of risk assessments and changing healthcare compliance regulations, IT and Security leaders are looking for a new approach that acknowledges the true business impact of cyber threats within healthcare organizations – and our recent webinar explored integrated risk management (IRM) as a perfect way of achieving…

With the increased severity and frequency of all forms of cybercrime, it’s not surprising that the demand for penetration testing as a preventative measure has grown enormously. Properly done, a penetration test can provide a valuable overview of where vulnerabilities exist that can be exploited by hackers – and give…

Navigating cybersecurity in a healthcare organization can feel like being a lookout aboard the Titanic: you can see the iceberg coming, but how do you convince the captain to change course?  This blog offers insights to help leaders clarify the true threat of cyberattacks and build urgency within the c-suite.…

Every enterprise healthcare organization understands the importance of cybersecurity, but few have robust processes in place to efficiently remediate vulnerabilities or adapt to future challenges. This puts them at serious risk in 2024.   Security and data breaches impose costs vastly surpassing regulatory fines, with our clients reporting they’ve experienced liabilities…

  Remediating cybersecurity vulnerabilities is not something for your “to-do” list – it is an urgent priority in 2024.  The average healthcare data breach costs nearly $11 million, and given that figure has steadily risen over the years, it is likely to become even more expensive this year. But fixing…

    Completing your c is an important step towards maintaining compliance, but you cannot stop there.   Data breaches from exploited credentials require an average of 341 days to be contained and remediated. So you need to start fixing any vulnerabilities discovered in your 2023 SRA now to avoid…

  The Biden administration officially ended the COVID-19 Public Health Emergency (PHE) over six months ago. But many healthcare enterprises still have not addressed the implications this has on HIPAA compliance.   During the pandemic, the Office of Civil Rights (OCR) announced a range of exceptions and waivers to help healthcare…

A recent wave of HIPAA security breaches has sent a clear message to the healthcare industry: regardless of a covered entity’s size or presence, the reputational and financial risks associated with any form of non-compliance are simply too big to ignore. And with the number of cybersecurity incidents reported to…

  Every healthcare covered entity must complete their HIPAA Security Risk Assessment (SRA) by December 31st – and time is quickly running out. But many private practices and healthcare organizations are not sufficiently prepared to complete their SRA alone. The assessment is lengthy and complex, and most organizations simply do…

In the ever-evolving world of healthcare, protecting sensitive patient information isn’t just a good practice—it’s the law.   HIPAA has long been the North Star guiding healthcare organizations toward data security and patient privacy, while employee HIPAA training is often the first step taken to ensure compliance.  But while HIPAA compliance…

The deadline for submitting your HIPAA security risk assessment (SRA) is getting closer.  And the biggest mistake small and medium-sized businesses (SMBs) can make is waiting until the last minute to start thinking about the assessment.   Many healthcare organizations, especially small ones, feel heavily burdened by the complexities of the…

HIPAA compliance is changing. New ways of working in the healthcare industry, the migration to digital, and evolving technologies have driven updates to the HIPAA privacy rule in 2023 that will become fully enforceable in 2024. But it’s not just the official rules that have changed; it’s also the approach to…

Healthcare organizations that have many locations often resort to making the difficult choice of sampling care delivery locations to manage cost and scope when performing their annual HIPAA Security Risk Assessment (SRA). As our previous article on location sampling illustrates, organizations struggle to fully assess all locations due to the…

The HIPAA Security Rule requires that Covered Entities and participating Business Associates perform an annual Security Risk Assessment (SRA) to demonstrate that they are taking steps to safeguard Protected Health Information (PHI).     While conducting an SRA is a straightforward idea, how this applies to larger organizations with multiple care delivery…

Healthcare organizations in the United States have been the most compromised by data breaches for several years, and that’s not likely to stop anytime soon. That’s why organizations in the healthcare industry, regardless of size, must conduct an annual security risk assessment (SRA) to identify vulnerabilities, remediate risk, prevent dangerous…

Almost all healthcare organizations in the United States – large and small – are required by the Federal Government to complete an annual HIPAA Security Risk Assessment.  The purpose is to certify that they are taking adequate steps to protect sensitive patient health information that is in their care. Unfortunately,…

We’re over halfway through the calendar year– have you started your HIPAA SRA yet? Between the endless day-to-day needs of an organization and complicated HIPAA requirements, many organizations elect to wait until the end of the year to conduct their HIPAA assessment. While it may be tempting to push your…

Given how complex and time-consuming HIPAA compliance has become, it’s unsurprising that a growing number of software solutions have hit the market – all promising to make the process smoother, simpler, and more efficient.  But which software will serve your organization’s specific needs – and how can you be sure…

HIPAA security and privacy are cornerstones of basic healthcare security practice. Why? Because your organization’s stored protected health information (ePHI) is the single most important vulnerability your company or medical practice has. ePHI is very valuable to hackers, is sometimes easily available to be stolen, and you face significant fines…

Between 2009 and 2021, the Office of Civil Rights (OCR) received 4,419 data breach reports involving 500 or more medical records for healthcare entities.  And that number just keeps growing.  So, what can you do if you experience the loss of protected health information (PHI) that results in an OCR…

Hospitals and healthcare providers carry a heavy load when it comes to security: not only is patient data among the most sought-after resources for cybercriminals, but it is also among the most heavily regulated areas of cybersecurity.   These issues are exacerbated by:  Complex digital supply chains: A medium-sized hospital…

Post-COVID cybersecurity has been driven to new heights of threats, costs, awareness, and accountability. With the latest Becker Healthcare press releases regarding breaches, it’s no surprise that cyber-insurance premiums are increasing by 50% or more. Every healthcare organization we speak with has Board-level “cyber” reporting and accountability.  What can you…

Any healthcare cybersecurity or risk management professional will tell you that HITRUST is the definitive “Gold standard” for compliance and risk mitigation. Why? It stems from thorough, precise methodology combined with a holistic view of verified, implemented controls and organizational processes. There’s simply no substitute in today’s sophisticated, high-stakes era…

Legal fees. OCR fines. Insurance costs. Community embarrassment. When it comes to a cybersecurity breach, the price healthcare organizations have to pay adds up, both literally and figuratively.  That’s where cyber insurance for healthcare comes in. Insurance can help cover the steep cost of data breaches; no wonder the cyber…

Cyberattacks have always been common in the healthcare industry, but activity has increased sharply in the past few years.  Healthcare organizations worldwide averaged 1,463 cyberattacks per week in 2022, up 74% compared with 2021. The average cost of each breach is about $10 million, making healthcare the largest and fastest-growing…

Between 2017 and 2021, complaints about HIPAA violations increased by 39%, and significant breaches reported increased by 58%.  There are several reasons why HIPAA violations continue to increase, including covered entities and internal employees not knowing the full extent of the HIPAA Privacy Rule and its mandatory protection of PHI. …

On the average search engine result page, you can find countless articles dedicated to one complex topic: exceptions to the HIPAA Privacy Rule.  With headlines such as “Exceptions to the HIPAA Privacy Policy” becoming fairly prevalent, it’s easy for covered entities to mistakenly believe that they can be more lax…

  “HIPAA: The federal law many people don’t actually understand.”  That’s the telling title of a recent news article, which goes on to state that it’s not spelled “HIPPA” or “HIPPO,” but rather HIPAA, the elusive healthcare-related act that even healthcare professionals sometimes get wrong.   Many hear about HIPAA within…

In 2022, 36% of all data breaches involved phishing.  Phishing in healthcare has become an increasingly popular tactic for cybercriminals looking to breach databases and collect sensitive health records to sell or hold ransom.  What exactly is phishing, why is it so dangerous, and how can HIPAA training for medical…

  An individual’s medical and healthcare records often contain sensitive identifying information that many bad actors would like to get their hands on.  It’s no surprise, then, that 95% of identity theft incidents come from stolen healthcare records.  Health records have to be protected at all costs, which is why…

As of November 2022, the Office for Civil Rights (OCR) has settled 126 cases of HIPAA violations for over $133 million.  Complying with the HIPAA Privacy Rule is a critical, ever-evolving piece of healthcare and patient privacy. A breach of HIPAA can – and often does – result in costly…

There is a 75.6% chance of a breach of at least five million healthcare patient records in the next year.   This is especially problematic for small healthcare organizations; 20% of small practices have experienced a breach, and 75% of breaches reported to the HHS were hacking or IT incidents.   Mitigating…

With the number of possible violations that can land you with fines or even criminal charges, following HIPAA regulations is critical to protecting your patients’ privacy and keeping your practice alive. Constant vigilance and routine security and privacy risk assessments are vital to staying compliant.  But what if you are…

HIPAA compliance can feel like a moving target: not only do the rules regularly change to reflect new medical technologies – the OCR’s enforcement of those rules has steadily increased over the years, too.   As a result, many healthcare security teams feel overwhelmed and underprepared. Hospitals are estimated to spend…

HIPAA compliance remains a critical and ever-evolving piece of healthcare and patient privacy. HIPAA (Health Insurance Portability and Accountability Act) protects sensitive patient data and health information, upholding the integrity of medical and healthcare organizations and supporting patient rights. However, with the ongoing and explosive escalation of new technologies like…

HIPAA compliance is a foundational requirement for any healthcare organization. However, the ever-increasing complexity and frequency of cyber-attacks require healthcare organizations to invest more resources in cybersecurity and risk management strategies to further protect their digital assets and data. The 405(d) HICP security practices were architected by the Department of…

What is 405(d)?  With security incidents and breaches increasing year over year within the healthcare sector, it is up to both public and private organizations and cybersecurity experts to build a more secure healthcare system. In 2015, congress passed the Cybersecurity Act to help combat the increase in cyber threats…

Are you looking for some best practices to complete your HIPAA  compliance this year? We can help! Here are a few things you can do throughout the year that will go a long way to ensuring security and compliance. Many organizations put off completing their Security Risk Assessment (SRA) until…

    Many organizations wonder how to adequately plan for compliance and security tasks throughout the year. Security and privacy challenges are continuing to evolve which means your 2022 roadmap needs to keep up to meet compliance requirements and reduce your risks. This roadmap checklist includes annual, quarterly, and ongoing…

During a recent webinar we received several questions about the new i1 and r2 HITRUST assessment options. For easy reference, we’ve summarized the questions and answers in this blog post. Q. What was the basis for deciding which controls go into i1? A. HITRUST took several frameworks and industry segments…

Understanding the nuances of the new HITRUST assessment portfolio can be difficult, especially when trying to determine which assessment is right for you. In this blog we will outline the types of HITRUST assessments, their differences, key characteristics, and possible use cases for each. Starting with the highest level of…

What is a HITRUST assessment scope and why is it so important? Scoping is the process of outlining the systems and datasets you plan to include in your HITRUST assessment. It is a necessary step in the HITRUST process and should be your first level of engagement with HITRUST. Scoping…

In Part 2 of this episode with Michaela Iorga, PhD, Senior Technical Lead at NIST and OSCAL Strategic Director, Vikas and Dr. Iorga discuss how the NIST Open Security Controls and Assessment Language (OSCAL) is being utilized in real world settings to automate the risk assessment process. Dr. Iorga describes…

Written by Sarah Reiter, SVP Strategic Partnerships with Health eFilings On November 2, 2021, the Centers for Medicare and Medicaid Services (CMS) issued the Final Rule for the 2022 MIPS program.  These rules detail the requirements for this MIPS reporting period, which started on Jan. 1, 2022, and align with…

The Intraprise Health NIST Assessment Platform was designed to help organizations adopt the NIST Framework and identify and prioritize cybersecurity risks. The NIST Cybersecurity Framework provides organizations with a “common language” to measure security risks and a clear way to communicate compliance to internal and external stakeholders. Build a comprehensive…

In this coffee chat, Michaela Iorga PhD, Senior Technical Lead at NIST and OSCAL Strategic Director, provides an overview of NIST’s Open Security Controls Assessment Language (OSCAL). OSCAL is a true innovation which has the promise of transforming the risk assessment process. Michaela discusses why NIST launched the project, provides…

Let’s be honest, if you are reading this, you probably still have “complete your HIPAA Security Risk Assessment (SRA)” on your to-do list and you are wondering what you can do to get it done before the end of the year. (December 31st is right around the corner) We understand procrastination, but we also understand the importance…

Many organizations use time-consuming and inaccurate manual processes for compliance, such as complicated spreadsheets and uninspired templates. Simple, automated, and affordable, our software focuses on efficiency as well as accuracy, helping remove the administrative burden of compliance. Watch the short video below to learn more. Take the confusion out of…

Managing HIPAA compliance can be a messy, complex process; especially for hospitals and health systems managing compliance for hundreds of individual clinics and practices. It can be difficult to track, maintain and report on risk management and cybersecurity efforts. Many organizations are using time-consuming manual processes such as spreadsheets and emails for compliance, which can require a significant investment of time,…

Importance of a Business Associate Agreement The Privacy Rule under HIPAA requires the safeguarding of protected health information (PHI) and applies to all covered entities (CE) – healthcare providers, health plans and healthcare clearinghouses. Most providers do not carry out ALL their necessary healthcare functions. Billing, medical software, and electronic…

In part two of this discussion, serial entrepreneur and innovator Serge Loncar shares the latest trends and uses of tech in the home health setting with a specific focus on elderly care. Learn about the use of sensors that enable “smart” fabrics, mirrors and door knobs. Serge describes how these…

HIPAA compliance can be difficult to approach on your own. Healthcare providers and their business associates are required to perform an annual HIPAA Security Risk Assessment (SRA) to ensure that proper physical, administrative, and technical controls are in place to protect health information. By performing a security risk assessment, not…

A cybersecurity nightmare “IT just informed us that our main software platform has been hacked.” A statement no CISO wants to hear. Do you have a plan for what to do next? Are you prepared to handle this? How will you recover servers and client data? As an organization, are…

Remote work is here to stay  Many of us have been working remote for over a year now. The pandemic hit in March of last year and virtually all industries had to adapt. The transition was sudden at the time, and IT and security personnel quickly had to organize their workforce to successfully work remotely. Work from Home (WFH) is no longer a temporary solution…

A Changing World of Health Care The health care and HIPAA landscape have changed dramatically since the beginning of 2020. Reliance on telehealth and telecommuting has put practices at further risk for security breaches. Cyber Threats (Ransomware, Email Phishing, etc.) are increasing and becoming more successful. These are just a…

Proposed changes to the HIPAA Privacy Rule are expected to be finalized in late 2022, with compliance enforcement likely beginning in 2023. These changes reflect the health care industry’s increased use of mobile communication, telehealth platforms and electronic health records, as well as updates to right to access requirements that…

The Establishment of HIPAA The Health Insurance Portability and Accountability Act, also known as HIPAA, was established on August 21, 1996. HIPAA was created to promote the portability and accountability of health insurance coverage. Consequently, it has affected the way healthcare organizations handle all facets of information management, including reimbursement,…

Healthcare, specifically the health system, health plan and life sciences sectors are market segments that pose significant regulatory and risk management challenges for companies trying to innovate in this space. In this discussion, serial entrepreneur Serge Loncar shares real-world insights about tough lessons learned about investing early on in security,…

With the industry suffering from severe and constant ransomware attacks, Hector and Vikas talk about strategies that security leaders can take from holistic and complete approaches, real-time threat alerting, new emerging, highly-scalable cloud-based security training solutions to the need for a Chief Ransomware Strategist/Officer. Disclaimer: The content in this chat…

In this episode, Vikas and Hector explore emerging uses of blockchain and crypto in healthcare. Several use cases are explored from global COVID vaccine distribution, medication management and adherence, medical device IoT implants to democratizing data for healthcare consumers and providers. Learn about Merkel trees and other aspects of the…

Vikas welcomes Hector and learns about his spirit animal before discussing the latest threat management trends focusing on SIEM, SOAR and XDR. What’s the difference between these acronyms? How should these solutions be implemented? What does the future of automated threat intelligence look like? They also discuss how leading threat…

Download the White Paper

The NIST RMF is increasingly being seen as the gold standard for industries with critical or highly sensitive data needs – such as healthcare. It is an effective security planning and management framework that enables a comprehensive picture of organizational risk. This helps organizations build a solid risk management strategy, understand the areas that matter most to their organizational security and enable them to properly perform their essential business functions.   NIST RMF:…

What is the purpose of a HIPAA Privacy and Security Officer? First and foremost, appointing a HIPAA Security and a HIPAA Privacy Officer is a requirement, per 164.308(a)(2). In the past, healthcare providers were not protecting patient information as they should, so the federal government stepped in and implemented the…

The Health and Human Services, Office for Civil Rights (OCR) is the governing body that enforces HIPAA and the consequences of HIPAA non-compliance. Periodically, the OCR will send out updates and announcements of recent HIPAA infractions. These announcements typically outline the HIPAA violation, the fine associated, and what corrective action…

Serving our country is meaningful for Intraprise Health, especially for those employees who have served in the U.S. military. As a healthcare focused IT security firm, located in Yardley, Pennsylvania, Intraprise Health relies on its strong core of veterans to navigate the ever-changing cybersecurity landscape. Read full article

Insurance Data Security Risk Assessment and Reporting The state of Virginia announced this week that they have made changes to state HIPAA laws (14VAC5-430) and are now formally requiring health insurers to perform an annual NIST-based Cybersecurity Risk Assessment. The new requirements were released in a statement from the Commonwealth of…

A recent report showed that healthcare is the biggest target for cyberattacks globally. But with large vendor networks, increasingly complex IT systems and a range of regulations to contend with – under HIPAA, Meaningful Use, PCI, COBIT and ISO – the sector struggles to manage these risks.  That is why…

What is the LADMF? Healthcare organizations must access the LADMF to keep records up to date and prevent fraud. LADMF stands for Limited Access Death Master File, it is a database maintained by the Social Security Administration and contains over 86 million records on deceased individuals. This online file has many…

HIPAA laws can be complex and challenging, but they are also increasingly critical for healthcare practices to understand and be in compliance. As more of your practice becomes digital in one form or another—electronic health records (EHRs), remote patient monitoring, practice management systems, medical billing software—your risk of a breach…

What should I do? Navigating the world of HIPAA can be difficult; and in the event of discovering a breach, many are unsure of how to proceed. According to the Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR), “a breach is an impermissible use or disclosure…

Need to complete your annual HIPAA training? Get started today with the HIPAA One® Knowledge Center! HIPAA One® Training Platform HIPAA training is an important element of any HIPAA compliance program. At Intraprise Health, our goal is to provide a training solution that simplifies the HIPAA compliance and certification process. As…

Intraprise Health is excited to announce the new features and updates for our HIPAA One® Summer Release 2020. The updates added to the HIPAA One® platform are designed to enhance the user experience through easier navigation, simplified workflows, and customized reporting. As an industry-leader for HIPAA compliance, our goal is…

What is Telehealth? The Health Resources Services Administration (HRSA) defines telehealth as, “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health, and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”…

HITRUST has been a trusted framework since it was founded in 2007. It was created to champion programs that safeguard sensitive information and manage information risk. Intraprise Health is one of the first certified HITRUST assessors and is 100% healthcare focused.  We know the importance of ensuring organizations are secure…

Note: This information has been updated, please visit our Microsoft Office 365 page. Health and Human Services (HHS) defines a Business Associate as, “any entity or person that is not directly employed by a provider, but who works with and on behalf of the provider and has access of the…

As healthcare payers surge to meet the increasing needs of their members and health system partners, their IT and security teams are gleaning some timely reminders that scalability and adoption of a risk management framework are critically important in times of crisis. What is Scalability in Healthcare? Scalability is a…

May 2020 As the reality of working from home sinks in, many remote workers and their employers are seeing the appeal fade quickly. We all know that remote work is not quite as simple as it sounds. Technical, operational, and communication challenges are quickly presenting themselves when workforce members overload…

COVID-19 phishing emails: The second virus you didn’t see coming As the Coronavirus spreads around the world, much of the workforce has been invited to work remotely for the next few weeks. It is important to uphold current security measures as well as implement new security measures to ensure the…

During a public health emergency, it can be confusing to know what information can be shared about individuals who have contracted COVID-19 and those suspected of exposure. To help organizations navigate the complexities of sharing information, we want to walk through what disclosures are permitted. Before we jump in, it…

As COVID-19 changes the way many healthcare organizations are operating, Intraprise Health has been compiling a list of resources that we think will be useful to your organization.  Our team of cybersecurity experts has been fielding questions from clients on many of these topics.  Links to resources such as securing your work from home force, to…

We’ve received several inquiries from our colleagues in the healthcare industry related to the increased prevalence of remote work and contingency operations. Given these uncertain times, we wanted to share a few thoughts that might help as we proceed into some new and uncomfortable realities. Business as Usual (As Much…

With the recent Coronavirus outbreak, many healthcare professionals and business associates have questions about staying HIPAA compliant during a public health emergency. It can be confusing to know what information to trust. We have complied a list below of trusted sources for COVID-19 updates and HIPAA.   COVID-19 Resources: CDC.gov/coronavirus…

As we continue to rely on the interoperability of our computer systems in our everyday lives, we must remember this interconnectivity comes with a price. The ability to access devices remotely over the internet has created a new world of ease and freedom which can be manipulated by malicious actors. It’s quite eye-opening in its simplicity: If a device is…

Last week the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a press release announcing that West Georgia Ambulance has agreed to pay a settlement of $65,000. In addition to the monetary penalty, the organization agreed to adopt a corrective action plan that includes two years of monitoring…

It has been another busy year for Healthcare IT. Between acquisitions, changes in regulations, and IoT, there has been a lot of progress. However, there is one trend we aren’t so proud of and that is the number of breaches that have happened in 2019. If you made it to…

Even though Meaningful Use, now MIPS, has been in production since 2012, often, we hear healthcare providers tell us they haven’t started their HIPAA compliance because they are too small to worry about being audited. Some also claim that the Office of Civil Rights (OCR) has eased their enforcement of…

If you work in the healthcare industry, you have heard the term HIPAA. Many healthcare professionals understand the basics of HIPAA, but few know what is required to fulfill HIPAA requirements and to be “HIPAA compliant.” This is especially concerning because organizations that don’t understand are neglecting to prioritize their…

War on Drugs It was the 1970’s: a time of disco dancing, polyester suits, and crazy nights. It was also time of increasing stress, depression, and anxiety following the Vietnam war and Watergate scandal. Many people were looking for an escape and turned to alcohol and drugs. This new era,…

New cybersecurity questions have been added to the HIPAA One® Security Risk Assessment. Cyberattacks on healthcare organizations are continuing to rise and the threat of a breach is a top concern for many organizations. Each time we turn on the news there is a new report of a ransomware attack…

Read the latest article by Intraprise Health’s CEO, Sean Friel in Security Magazine. “As the person in charge of your healthcare organization’s information technology, one of your responsibilities is protecting patients’ and clients’ information. This can be difficult because third-party vendors with whom you contract can unwittingly jeopardize the security…

BLUF: multi-factor authentication (MFA) utilizing SMS (i.e. text messaging) leaves an organization open to vulnerabilities. IT departments, users, and platform operators should cease use in lieu of vastly more secure app-based or hardware options. If you are serious about security, it is time to think twice about using text-messaging (SMS)…

It’s no secret that organizations across the world in nearly all verticals have been reeling from the destructive effects of ransomware over the past several years. News outlets have been flooded with tales of lost productivity, revenue, and exorbitant sums paid. And from our experience, a substantial majority of these…

Today’s modern networks require flexibility to allow workers to work from multiple locations.  One of the most common methods to achieve remote network access is a Virtual Private Network (VPN).  VPN’s can come in all shapes and sizes, from hosted to on-premises, to in the cloud, and can be built…

I recently read a story about a man who won the lottery. Unlike most, this man opted for an annuity payment rather than the lump sum payment. This resulted in a smaller yet substantial sum of money being awarded annually over a twenty-year period. As time went on, the man…

Intraprise Health introduced new software designed to prevent healthcare security breaches by monitoring third-party risks across the enterprise and improving security management processes. To help healthcare organizations manage and automate security programs, Intraprise Health introduced BluePrint Protect Security Risk Management Software. The software service intends to provide users with a…

BluePrint’s visualization software coalesces security program data from disparate sources into a central “source of truth” founded on the company’s workflow automation and rules engine. Intraprise Health BluePrint Protect can help detect, manage security risks BluePoint coalesces security program data from disparate sources into a central “source of truth” founded…

News Update: healthcare organizations are being hacked 24/7. Those experiencing a ransomware attack can feel similar to having your home burglarized. In many cases, targeted hacking is financially motivated to hold data hostage and make payroll.  Hackers target executives because they have a lot of access to secured information. With…

Why HITRUST? More than 81 % of U.S. hospitals and health systems and 80 % of U.S. health plans use the HITRUST Common Security Framework (CSF). It provides an implementation standard that is understood and accepted throughout the healthcare industry. Having HITRUST certification in place shows other healthcare entities that…

By Joshua Perri In today’s networks, having a strong defense at the perimeter-points is not sufficient to keep your data safe. The IT landscape moves very quickly and so do the threats that we face. Strong networks will implement additional defenses to protect the internal boundary points. These additional defenses…

The relationship between a covered entity and business associate requires a delicate balance of trust. This balance of trust works because each is invested in the security and protection of personal health information. As a covered entity, it is important to partner with business associates that have a strong security…

I love to spend time with my family. Some of our favorite outdoor activities include skiing and mountain biking. Unfortunately, this time of year it is hard to do either activity because the snow is too slushy to ski and the canyon trails are too muddy to mountain bike. However,…

Not Just a Government Tool: Tabletop Execise’s Value for Cybersecurity Government defense and response agencies from the Pentagon to FEMA, from state government to the EPA, have been conducting tabletop exercises (TTXs) for years. Why? In a word: they work. Cybersecurity attacks have been increasing in numbers and complexity against…

How do you best protect your hospital or health system from the unique threats posed by unprotected medical devices? We asked our expert Ryan Patrick, for some tips.

Inspira Health Network: Using CRM to Create an Engagement Ecosystem

Health network uses Dynamics 365 to transform care delivery and wow patients July 13, 2018 In a market where every provider delivers quality, Inspira Health Network wanted to go one step further by offering wow-factor patient service. So, the New Jersey–based healthcare provider adopted Microsoft Dynamics 365 to deepen its…

By Jeff Fisher Product and Client Strategy, Intraprise Health In 2016, Inspira Health Network came to Intraprise with a goal: “Wow the patient.” As reimbursement models shift and healthcare is becoming more consumerized, forward-thinking health systems like Inspira are seeking new market differentiators to draw in clients.

The Challenge of Medical Devices:  Medical devices represent significant exposure and potential vulnerability to healthcare organizations. There are thousands of medical devices in use even in small medical operations. These devices are generally made to meet a specific use, and not often created with security at top of mind. They…

Transport Layer Security (TLS), and its predecessor Secure Sockets Layer (SSL), have come under scrutiny by security researchers and advisors in the wake of numerous vulnerabilities that plague their older versions. SSL/TLS are cryptographic protocols utilized while web browsing, emailing, and using Voice Over IP (VOIP) services.

Organizational Resilience and Security Risk Assessments The importance of a Security Risk Assessment is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at…

Back in 2013, when Edward Snowden was in Hong Kong revealing he leaked documents detailing mass-surveillance programs by the U.S. government, the Department of Health and Human Services (HHS) was creating the Final Omnibus Rule. This rule extended its regulatory reach beyond covered entities (e.g. healthcare providers, health plans, and clearinghouses)…

Organizations in every industry are upgrading to Microsoft Office 365 to improve security. A common concern among healthcare professionals is that using Office 365 and Microsoft Teams exposes an organization to HIPAA violations. If Office 365 is implemented without the correct security configurations, that is likely true. However, Office 365…

Our complimentary HIPAA Security Checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR § 164.300 et seq. You can download our checklist here. For additional resources concerning Security Rule requirements and compliance assistance, see the Office for Civil Rights (OCR)…

Across the country, healthcare organizations have a Goliath size security problem. For an eight-straight year, healthcare has the highest breach-related costs of any industry at $408 per lost or stolen record, nearly three times the cross-industry average of $148. Without a commitment to cyber-security, healthcare entities and their valuable databases containing…

If you’ve heard the terms gap assessment and risk assessment used interchangeably before in privacy or security conversations, you are not alone. At Intraprise Health, we have found that there are quite a few misconceptions about these two approaches and how to differentiate between them. In this post, we’ll define…

Note: This information has been updated. Please visit our M365 Compliance page. On April 14, 2016, the European Union (EU) ratified the final version of the General Data Protection Regulation aka GDPR. The new GDPR regulation has been characterized as the most sweeping and impactful change to privacy and data…

A new acronym has begun popping up within the healthcare technology community and is slowly beginning to gain momentum in the way of media coverage and industry articles. If you’ve heard the term GDPR in the past few months and did not understand what it was referring to, know that you’re not alone. In fact,…

Guest Blog by Yiannis Koukouras, TwelveSec in collaboration with the HIPAA One/Intraprise Health team In our culture, something or someone is always trending. Whether it be bell-bottom jeans in the ’70’s, playing Nintendo in the ’80’s or watching stock market go up and down (whenever!), trends are a lenses through…

A recent HHS Office for Civil Rights email blast outlined a story that many of us have heard before: another business closed with significant monies paid out in fines. Filefax, Inc. has agreed to pay $100,000 to settle potential violations of the HIPAA Privacy Rule. Once a medical records storage company…

Note: This information has been updated. To see the latest updates, read our most recent blog. Last May, we wrote a “How To” blog on the Social Security Limited Access Death Master File (LADMF) aka DMF and the response has been overwhelming! The Intraprise Health team is delighted by how…

We updated our Microsoft Whitepaper in November of 2021. For more recent information on the subject, click here. The concept of the “Internet of Things” (IoT) is becoming an increasingly growing topic of conversation as  more and more companies are interconnecting everyday objects around us to the internet, such as:…

A common question among covered entities that we encounter time and time again is, “What is the difference between PCI and HIPAA Compliance?” This question becomes even more frequent when news breaks of breaches in businesses that are PCI-compliant and HIPAA covered entities. According to a recent Identity Theft Resource Center data…

Note: This information has been updated. You can read our latest LADMF blog here. In the world of HIPAA compliance, sometimes the only constant is change. It is not out of the norm for one of our clients to come to us with a question or request that at times,…

Note: This blog was written a few years ago. For up-to-date information regarding HIPAA security and privacy officers, please read our most recent blog on the subject. The concept of a HIPAA Security Officer is relatively new. Starting in 2012,  we have seen IT Managers and CIOs deputized as the “HIPAA Security Officer”…

In recent years, many healthcare organizations have faced the same question: Which department should be tasked with Health Insurance Portability and Accountability Act (HIPAA) compliance? More times than not, the finger points to IT. However, in doing so, organizations are overlooking the key component Human Resources (HR) should play in…

Healthcare cybersecurity has never been under more scrutiny – or more in need of improvement. The volume of data breaches has more than doubled since 2017, with more than $6 million in HIPAA fines from the Office for Civil Rights (OCR) in 2024 alone – all of which help explain…

There are several elements of working in healthcare that are not dissimilar from other careers in other industries. You need to come to work on time, work hard while clocked in, get along with the other staff members, be a good representative of your company and so on. But there’s…

Today, most dental offices run electronically. From having patients fill out forms to checking them in to appointments to filing dental records and more, it’s all done electronically. Why? Because the advancements of technology allow dentists to run their offices more efficiently than ever before. But since we live in…

The HIPAA Privacy Rule was put in place to provide rights to access and amend our protected health information (PHI), appropriate disclosures and help reduce fraud, waste and abuse. If your facility and its network aren’t HIPAA compliant, the costs may be significantly higher than taking action. HIPAA compliance violations…

Knowing the distinction between a covered entity and a business associate is essential because the Health Insurance Portability and Accountability Act Privacy Rule (HIPAA) is administered differently between the two. By knowing the distinction, Compliance Officers and staff can better understand the Office of Civil Rights’ (OCR) expectations of their…