What is MDM and why do I want it? - Ep 110

Mobile devices are susceptible to malware attacks, phishing, and other security vulnerabilities just the same as laptops and desktops.  The systems most of us have in place are directed at managing the security for laptops and desktops, however.  It is important to expand your security controls to address the growing threat that mobile devices introduce to your network and systems regularly.  

In most cases, it is important to have a "home base" tool that can talk to and monitor the mobile devices.  That is where MDM comes into play.  For most people that brings us to the question: What is MDM and why do I want it?

 

For more: HelpMeWithHIPAA.com/110

Check out the episode!

eCW Whistleblower Made The Difference - Ep 109

There are countless times we have covered the "my EHR vendor handles HIPAA for me" misconception. The recent $155 million whistleblower lawsuit settlement between eClinicalWorks (eCW) and the government really brings it home how wrong you can be about EHR vendors.

Meaningful Use attestations relied heavily on the vendors supplying proper information. eCW set up thousands of organizations to take a major hit based on the details in this case and it's settlement. Especially, when you take into account that eCW is one of the biggest EHR vendors out there.

CIA of PHI is the objective of the entire Security Rule under HIPAA. Unreliable data created by an application is clearly a data Integrity issue. If you can't trust the data can you trust the system at all?

If you have knowledge of this kind of stuff going on somewhere you should review it closely. It includes civil payments by developers and project managers not just the C-Suite folks involved.

 

For more information: HelpMeWithHIPAA.com/109

Check out the latest episode!

5 Stages Of Grief During A Cyber Attack - Ep 108

The 5 stages of grief during a cyber attack really do follow the process of dealing with grief in those familiar 5 stages. Many don't realize that ransomware attacks aren't always just the result of someone clicking in an email and running a program.  As Erie County Medical Center found out recently, ransomware attacks can come from a hacker being active in your network too.  Those 5 stages of grief during a cyber attack for them and others we have seen is what we will be discussing today.  

We have a special guest with us for today's discussion too.  David Benton with Altep is joining us.  David is a super IT forensics dude.  The CSI of the nerds, so to speak.  He is helping us review this topic.

More information at HelpMeWithHIPAA.com/108

Check out the latest episode!

10 Ways HIPAA Should Have Stopped Rodeo Drive Breach - Ep 107

A major breach of PHI was announced by a Beverly Hills plastic surgeon's office on Jun 1. There are so many things about this case from the fact that it involved a malicious insider to how many different ways proper HIPAA policies and procedures would have stopped it, if not prevented it completely. Celebrity patients records breached in this case may make it hit home with a lot of folks who haven't worried too much about those protections until now.

We have talked about insiders as a major vulnerability a lot lately and this one really makes it big news! 15,000 files with medical and personal information. Added to that are pictures including those of celebrity patients records breached without them even know the pictures existed!

More info at HelpMeWithHIPAA.com/107

Check out the latest episode!

Disclosure of PHI in May OCR settlements - Ep 106

OCR continued their enforcement trend for 2017 with 2 more settlements announced in May.  These stand out on their own because the focus is specific disclosure of PHI instead of major breaches.  A total of three patients were involved in these large settlements.  This week we review what transpired and what OCR found as violations of privacy for these three patients.

 

For more information go to HelpMeWithHIPAA.com/106

 

Check out the latest episode!