Why you need a gateway security solution

Business today is all about connectivity. Available data suggests email and web access represent 90 percent of business-critical applications used by small- and mid-sized companies. Yet the gains in efficiency and productivity that companies have realized by incorporating the Internet into their business models have also benefited malware authors. Threats that once took months to infect a few thousand computers can now reach hundreds of thousands in mere minutes.

Gartner suggests that between 80 and 95 percent of all email entering a company’s network is spam ….two to six percent carries a threat such as viruses, Trojans and rootkits.

Continue reading

Time To Take Notice

This week’s news highlights the growing need to take proactive steps to protect sensitive data. It’s time to take notice, before your organization has to give notice of a data breach.

The Office of Civil Rights (OCR), responsible for enforcing HIPAA regulation, has announced the hiring of KPMG of McLean, VA to implement an audit program of covered entities and business associate compliance with the HIPAA privacy and security standards. This action marks the first time proactive “periodic audits”, as required by the HITECH Act, will be implemented. Until now, investigations have been in response to complaints.[1] Continue reading

Office for Civil Rights Gets Tough on HIPAA Violations

For the second time this week, the Department of Health and Human Services (HHS) has announced stiff penalties for HIPAA violations. This may signal the start of stronger HIPAA enforcement action by the Office for Civil Rights (OCR) and a sign of things to come when HHS rolls out its HIPAA compliance audit program as mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

On February 22nd, HHS announced a landmark civil monetary penalty (CMP) against Cignet Health of Prince George’s County, Md., for violations of the Privacy Rule. The $4.3 million penalty was imposed for failing to provide 41 patients with copies of their records in the time frame required by HIPAA, and for failing to cooperate with the OCR investigation. It was the first time a penalty was assessed for Privacy Rule violations, and the first time the increased penalty amounts authorized by Section 13410(d) of the HITECH Act were applied. Continue reading

Willfull Neglect – $4.3 Mil. Penalty Results

As I reviewed the provisions of HIPAA Security and Privacy provisions with a lead surgeon who heads a small but bustling medical practice, I could tell he would rather be in a treatment room with a patient than sitting in the lunch room with me discussing one of a legion of requirements and regulations. “Do other doctors really do this?” he asked, his head buried in his hands.

Protecting sensitive data is a hot button. Criminal data theft and fraud have grown alongside the explosion of day-to-day dependence on the internet, wireless and mobile technology. The Identity Theft Resource Center reported 662 data breaches in 2010, affecting 16,167,542 records. 76% of these records included Social Security numbers.

Continue reading

Healthcare and Email – Dangerous Assumptions

Email has truly become our central production form of communication, both internally and externally. We rely on the ease and rapidity of messaging, and our ability to readily attach documents, pictures or other relevant information. And we are increasingly going mobile (read that as “real time”) with our email connectivity. A recent comScore study revealed that Americans are increasingly using their mobile phones and tablets to access email on the run.

As a result, the information we find useful to have in email is increasing. And services like GMail have made it easy to integrated email, calendaring and contacts all available from web browsers, mobile devices and our home computers – all for a very reasonable price indeed! But hang on here… when we use our “personal” email in such a fashion, what have we really given to these third party providers? Are we really secure? Are we even compliant? Continue reading

Medical Technology and Compliance

What a subject! And what a dynamic and challenging industry for both health care providers and the various vendors they use to keep a practice running. We are going to try to get the latest and most relevant issues which are constantly arising and bring them here for awareness and discussion. Comments will always be welcome, but highly moderated. So play nice!