Tags ArchivesHITRUST

Healthcare Letter Follow Up standard

Frequent readers may remember that I sent a letter to a healthcare provider (who is anonymously referred to as Dr. Leo Spaceman) because he used a four digit, numeric PIN to access all of my medical records (assuming that he would also be using that same one for ANY patient).  Well, Dr. Spaceman responded. OK, I’m sure his admin responded, not personally him. But the response is a classic example of someone who has been asked a question like this before and had a pre-canned answer prepped.  I don’t think I’m the only person to observe Dr. Spaceman doing this. Dear Resident ((No, he didn’t say resident, but I think it would be funny and fitting if he did)): I ...

Continue Reading

Healthcare Security, the New Front standard

HIPAA tried to address it, HITRUST and HITECH are the newest entrants into the mix, but health care is just he latest example of an industry’s information technology significantly outpacing its ability to secure it.  If you’ve heard me speak on where I think the next big area that hackers will go after, you’ve heard some stories about what I would do if I were the bad guy. Last week I had a routine doctor checkup, and I watched my doctor type in a four digit password to access all of my records (and presumably any record in the practice).  Any security professional reading this has had a similar experience with someone in authority accessing data with weak credentials, and ...

Continue Reading

Guest Post: HITECH Alters HIPAA—Will HIPAA be ‘Hip’? standard

The following is a guest post by Bindu Sundaresan, a consulting manager in our Risk & Compliance consulting practice. With the current “non-stimulating” economy, there is a lot of talk about the “stimulus” bill which is impacting all areas of the US economy. One such impact is the reason for today’s blog post. A portion of the new economic stimulus bill, called the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), will have a significant impact on Health Insurance Portability and Accountability Act of 1996(HIPAA). This new law revives HIPAA (which has been around for over a decade), but has many a time gone unnoticed/ not strongly enforced, and no incentive to comply, amongst the other ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!