Blog

We know you have a lot of questions. That’s why our team has curated top-notch resources to help you along your healthcare cybersecurity and compliance journey.

State Attorney General HIPAA Enforcement Ramps Up, Value of an OCR-Quality Risk Analysis® Has Never Been Higher

State Attorney General HIPAA Enforcement Ramps Up, Value of an OCR-Quality Risk Analysis® Has Never Been Higher

Many Chief Information Security Officers and Chief Compliance Officers often express concern to us about the potential disruption and cost that can come from an Office for Civil Rights (OCR) investigation, not to mention the reputational damage that will result from a settlement or monetary penalty. An appearance on the wall of shame is a mere blemish compared to the negative publicity of an OCR fine or settlement. However, the possibility of a State Attorney General (AG) action is often underestimated and overlooked. If a State AG enforcement is not top of mind for you and your board, it should be.
Key Takeaways From Breakfast & Breaches® | D.C.

Key Takeaways From Breakfast & Breaches® | D.C.

Clearwater’s recent Breakfast & Breaches event in Washington, DC brought together an outstanding group of leaders with unique insight on the growing problem of how to keep protected health information secure. Drawing on their combined decades of experience working across the compliance spectrum, our panelists and moderator challenged the audience’s thinking with regard to how their organizations analyze and manage risks.
Managing Third-Party Information Security Risk

Managing Third-Party Information Security Risk

Clinical laboratory provider Quest Diagnostics recently acknowledged that a billings collections vendor it works with suffered a data breach on its web payment system that may have exposed information of nearly 12 million of Quest’s patients. The third-party company, Elmsford, N.Y.-based American Medical Collection Agency (AMCA), is contracted with Optum360 LLC, which in turn provides payment services to Quest.
NIST and Telehealth: Securing the Remote Patient Monitoring Ecosystem

NIST and Telehealth: Securing the Remote Patient Monitoring Ecosystem

We are living in an exhilarating time in the world of healthcare. A common theme among many healthcare related stories and articles we come across today is that things which were once thought to be a matter of science fiction are now moving closer to becoming a reality. A Feb 27, 2019, article from Forbes Magazine, entitled, “Telemedicine: The Latest Futuristic Tech Prediction from The Jetsons To Come True,” brought up a cartoon show from 1962, “The Jetsons,” in which depicted patients video conferencing physicians for diagnosis and treatment as being something commonplace.
What Does OCR’s Lowering of Maximum Annual Caps Mean for Covered Entities?

What Does OCR’s Lowering of Maximum Annual Caps Mean for Covered Entities?

The Office for Civil Rights (OCR) gave notice in the Federal Register that it is lowering the maximum annual caps for all HIPAA culpability tiers, except for the willful neglect without timely correction tier. There has been uncertainty for some time as to whether OCR’s interpretation of the statute was appropriate with regard to the $1.5M annual limit for all culpability levels.
Cyber and Privacy Risks Are Bleeding Over into Medical Professional Liability Risks | Update from the Cayman Captive Forum

Cyber and Privacy Risks Are Bleeding Over into Medical Professional Liability Risks | Update from the Cayman Captive Forum

Over November 27th to 29th, the 26th annual Cayman Captive Forum was held in Grand Cayman.  Over 1,400 specialists including captive directors, CFOs, CROs, service providers and captive managers from around the world met to discuss the issues most pressing to the captive insurance industry.  One of the key topics discussed was the apparent evolution from what started out as “HIPAA compliance risk” to “cybersecurity risk” to a “patient safety risk” and now “medical professional liability risk”.
Protecting Investments: Why Healthcare Private Equity Investors Must Increase Focus on Cybersecurity Risk

Protecting Investments: Why Healthcare Private Equity Investors Must Increase Focus on Cybersecurity Risk

Private equity investments in the healthcare industry have been increasing dramatically. In the past three years ...
Anthem Breach Learnings: HITRUST Certification Is Not A Replacement for An Enterprise Security Risk Analysis

Anthem Breach Learnings: HITRUST Certification Is Not A Replacement for An Enterprise Security Risk Analysis

The recent $16 million HIPAA settlement with Anthem, Inc. in the wake of the 2015 breach of nearly 79 million ...
Medical Device Security and CIO Insomnia

Medical Device Security and CIO Insomnia

During a conversation over drinks with a number of CIOs at a recent healthcare conference, I discovered that the ...
Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment–Part 3

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment–Part 3

Is there a more challenging position anywhere in information security than that of a healthcare organization’s ...
Strengthening Your Cybersecurity Ecosystem — One Step at a Time

Strengthening Your Cybersecurity Ecosystem — One Step at a Time

Every day, it seems, cyber criminals figure out new ways to attack hospitals and compromise patient data and ...
Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment – Part 2

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment – Part 2

Healthcare CIOs, CISOs, and other information risk management leaders face daunting challenges when it comes to ...

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Featured Resource