Items listed under "Critical Infrastructure"

Cybersecurity – Control of Portable Media and Devices Part 2

Last week I provided an overview of portable media and noted that while it is convenient, it can also be a pathway for malware to enter a digital system. To protect your digital system and prevent this from happening here are some...  [Read More]

Cybersecurity – Control of Portable Media and Devices Part 1

Portable media is anything that can be used to hold information in a form that a computer may read. This information can be manually exchanged between computer based devices. It can be magnetic tape, CDs, DVDs, memory sticks, flash drives, smart cards,...  [Read More]

Office of Civil Rights HIPAA Privacy, Security, and Breach Notification Program

On March 21st the Office of Civil Rights (OCR) announced the launch of Phase 2 of the HIPAA Audit Program. Phase 2 of the HIPAA Audit Program will review the policies and procedures of the covered entities and their business associates to...  [Read More]

FDA Draft: Postmarket Management of Cybersecurity in Medical Devices

The FDA recently released new guidance for managing cybersecurity in medical devices. The guidance emphasizes the manufacturers need to monitor, identify, and address cybersecurity vulnerabilities and exploits. This document is guidance and does not establish legally enforceable responsibilities. Through this document as...  [Read More]

OCR Releases Crosswalk between HIPAA Security Rule and NIST Cybersecurity Framework

On February 24th the Office for Civil Rights (OCR) in conjunction with the National Institute of Standards and Technology (NIST) and the Office of the National Coordinator for Health (ONC) released a crosswalk, between the Cybersecurity Framework and the Health Insurance Portability...  [Read More]

EHNAC Releases Final 2016 Criteria Versions for 18 Accreditation Programs

The security of the data that rests in the servers of the health care industry is of great concern to the general public and government agencies. Assuring that the data remains confidential, its integrity remains secure, yet accessible, are worthy objectives. The...  [Read More]

EHNAC Releases Final 2016 Criteria Versions for 18 Accreditation Programs

The security of the data that rests in the servers of the health care industry is of great concern to the general public and government agencies. Assuring that the data remains confidential, its integrity remains secure, yet accessible, are worthy objectives. The...  [Read More]

Risk Analysis in Healthcare

Recently a healthcare organization was fined $850,000 for HIPAA violations. At the top of the list of non-compliant activities was the failure of the organization to conduct a thorough risk analysis of all of its ePHI (electronic protected health information.) The HIPAA...  [Read More]

Does The National Security Letter effect our privacy?

As US citizens we are very concerned with our right to individual privacy and we protect that right judicially. The Privacy Act of 1974 provides safeguards against invasion of personal privacy through the misuse of records by Federal Agencies. This Act was...  [Read More]

Offshore Outsourcing in Healthcare Legal Considerations

When a healthcare organization makes the decision to outsource a service offshore and the service includes offshoring PHI…what are the legal obligations? The first thing the organization should do is identify all of the state and federal laws related to the offshoring...  [Read More]