Posts

Aris Medical Solutions Blogs

Keeping you informed and prepared

Security Rule requirements, Part 4, Evaluations 45 CFR § 164.308(a)(8)

Many practices think once they have conducted a risk analysis, they are done with their HIPAA compliance efforts. Unfortunately, a risk analysis is just the beginning! You must document your ongoing HIPAA efforts through evaluations. 45 CFR § 164.308(a)(8) Evaluation – HIPAA...
Read More

Cosmetic Practice Fined – No one is immune from HIPAA

April 15, 2021 By Suze Shaffer | Aris Medical Solutions Recently a cosmetic practice was fined $30,000 to settle potential HIPAA Privacy Rule violations. In the past many practices believed if they did not accept insurance payments (considered as a...
Read More

Security Rule requirements, Part 3 – Contingency Planning

When it comes to planning for a disaster, most people think “that won’t happen to me”. Under HIPAA, you are required to ensure the integrity, confidentiality, and available of ePHI. When creating your contingency plan, it is necessary to review...
Read More

HIPAA Security Rule requirements, Part 2 – Security Awareness and Security Incident Procedures

What the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS) considers as reasonable and appropriate safeguards are always open for discretion. Every organization is different, and what may work for one, may not for...
Read More

HIPAA Security Rule requirements, Part I

It is hard to believe we are in 2021, but I am sure you are like the rest of us and glad to see 2020 in the rear-view mirror. As we move into this new year, we need to look...
Read More

OCR Issues Audit Report on Health Care Compliance

Yesterday, the Office for Civil Rights (OCR) at the Department of Health and Human Services (DHHS) released its 2016-2017 HIPAA Audits Report. Although this seems outdated, it typically takes this long to compile the data.  They reviewed selected covered entities...
Read More

Looking back at 2020 and HIPAA Compliance Violations

During this pandemic, the Office for Civil Rights (OCR) relaxed some of the requirements for Telehealth. This has since been retracted. Make sure the service you are using is in fact HIPAA compliant and you have a business associate agreement...
Read More

OCR enforces potential HIPAA violations for failure to remove a terminated employee’s access to Protected Health Information (PHI)

When an employee is terminated, it is necessary to remove access to protected health information (PHI) immediately. It is just as important for employees not to share their log-in credentials with anyone. The City of New Haven, Connecticut found out...
Read More

Cyber Alert: Ransomware Activity Targeting the Healthcare and Public Health Sector

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA,...
Read More

Responsibilities of a HIPAA Compliance Officer

While the nation was shut down and people were suffering, hackers were busy at work. It is coming to light how many organizations have had a data breach and have been hit with ransomware. Now more than ever all organizations...
Read More

Inventory lists and network mapping, why they are so important!

First, it is required under HIPAA that medical organizations and business associates ensure the confidentiality, integrity, and availability of ePHI. Part of a HIPAA compliance program requires an entity to conduct a HIPAA risk analysis to determine where ePHI is...
Read More

HIPAA Fines assessed to small practices

We find this difficult to talk about especially during these trying times. However, we feel it is important for all practices to know that HIPAA violations and fines have not disappeared during this pandemic. Investigations take a long time and...
Read More

Telemedicine on the other side of the Pandemic

By Suze Shaffer July 15, 2020 The Office for Civil Rights (OCR) back in March relaxed it’s enforcement for non-compliance with regards to telemedicine. They permitted the use of audio/video communication applications such as Facetime, Google hangouts, Zoom, and Skype...
Read More

Cell phone use in the workplace causing distrust

By Suze Shaffer March 15, 2020 We all have been annoyed at one time or another when we arrive at a counter or a place of business and the person is on their cell phone and we are ignored. Of...
Read More

A Patient’s Right of Access is still an issue for many Covered Entities

By Suze Shaffer February 15, 2020 Many covered entities struggle to understand what is “right of access” for individuals. Under HIPAA and the Omnibus Rule, a patient has the “right” to request a copy of their medical record in the...
Read More

HIPAA in 2020 – How the protection of our privacy maybe changing

By Suze Shaffer January 15, 2020 Hindsight is always 2020, as we begin this new year, let’s try to make that a current sight! By now, those of you who have been using Windows 7 computers and 2008 Servers have...
Read More

RIPlace technique allows malware to bypass anti-malware programs

By Suze Shaffer Like we don’t have enough to worry about, now this! Security researchers are saying this new technique is effective even against systems that are patched and run anti-virus scans. This process allows ransomware to encrypt files on...
Read More

Are you sharing TMI – Too Much Information?

By Suze Shaffer When designing your website we all think it’s a great idea to “share” who are team is. Although, it is necessary in healthcare because patients want to see who your staff is and get to know them,...
Read More

Ransomware is a REAL threat…

By: Aris Medical Solutions We all hope that we do not fall victim to ransomware, but we need to do more than just hope. All businesses, especially healthcare must have a contingency plan that includes data recovery in the event...
Read More

How much does a data breach really cost?

We really don’t want to scare organizations, but this is a real problem and we feel this must be disclosed. A data breach costs an organization on many different levels. The cost of notification, credit monitoring, remediation, then comes fines...
Read More
1 2 3 4
©2021 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC