Episode 10: ONC Sample Seven-Step Approach for Implementing a Security Management Process
Release Date: 07/17/2015
Help Me With HIPAA
In the world of cybersecurity, small businesses have their own set of unique challenges. As AI technology becomes more common, using AI in cybersecurity sounds promising, but it's crucial to handle it wisely to avoid new risks. These tools are powerful, but they need to be used carefully because they can also open up new kinds of cyber threats. Small businesses need to build a strong culture of security, making sure everyone is up to speed and constantly testing their defenses against attacks. It's also vital for them to keep their security practices flexible to stay ahead of new threats and...
info_outline Attackers Enjoy Sweet Fruit of Patience - Ep 454Help Me With HIPAA
Aristotle once said, “Patience is bitter, but its fruit is sweet.” That's totally spot on when you think about cybersecurity threats and how sneaky cybercriminals can be. These attackers plant their harmful seeds and just hang back, waiting for the right time to take advantage of old weaknesses. Their patience and careful planning mean they can strike effectively, sometimes after years of waiting, showing just how tricky it is to handle digital security. It really highlights why we need to be on our toes all the time, with solid and forward-thinking security measures to guard our sensitive...
info_outline Learning From The MGM Hack - Ep 453Help Me With HIPAA
One Friday night in September last year, a massive hack at the MGM Grand caused quite a stir in Las Vegas. Cybercriminals used tricky tactics to slip through the cracks, infiltrating the network, and disrupting services at the hotel and casino. It's a wake-up call for everyone to step up their security game and stay one step ahead in this fast-changing world of cyber threats. More info at
info_outline Mitigate MSP Risks - Ep 452Help Me With HIPAA
MSPs are like the backstage crew for your business's IT show, handling everything from network management to cybersecurity. But here's the kicker: while they're busy protecting you, they've got to make sure they're not accidentally opening the back door for trouble with their own tools and business practices in the process of delivering their services. Security is a shared responsibility. More info at
info_outline Vendors Surprised By Vetting - Ep 451Help Me With HIPAA
In an increasingly interconnected and data-driven world, the importance of rigorous vendor vetting cannot be overstressed. Vendors ticking a box saying that they use a framework for data security and compliance isn’t enough anymore. It is a critical due diligence process that helps clients build secure, compliant, and mutually beneficial business relationships, minimizing risks and enhancing overall business performance. And with the recent Change Healthcare attack, vendors can expect to receive more rigorous questionnaires from their clients and the heightened expectations for transparency...
info_outline Change HC Attack, What The... - Ep 450Help Me With HIPAA
As Change Healthcare ransomware attack unfolds, concerns are escalating regarding patient care and safety, pushing the Healthcare Sector Coordinating Council's (HSCC) 5 Year Strategic Plan into the spotlight. Donna and David talk with Gary Salman, CEO of Black Talon Security, on the ongoing situation, what is known and unknown, and its potential long-term effects. With the attack exacerbating issues within the healthcare system and highlighting the urgent need for robust cybersecurity measures, we explore the implications for patient data, the healthcare industry's response, and what this...
info_outline HIPAA Summit Review 2024 - Ep 449Help Me With HIPAA
For more than a decade, Donna has immersed herself in the plethora of sessions from the National HIPAA Summit, extracting a wealth of insights into the present and future landscape of HIPAA. Today, she will impart her top three takeaways from this year’s Summit, essential knowledge for navigating the road ahead. Buckle up folks, because these insights are far from trivial. More info at
info_outline Critical to Stable Condition in 5 Years - Ep 448Help Me With HIPAA
Healthcare is inherently about trust; trust between patients and providers, trust in the efficacy of treatments, and increasingly, trust in the technology that underpins modern medicine. However, this trust is under siege by an evolving landscape of cyber threats. Today, we tackle the critical status of healthcare cybersecurity and the concerted effort the Health Sector Coordinating Council Cybersecurity Working Group has developed to transition the industry to a stable posture over the next five years. More info at
info_outline NIST, Moobot, Ransomware AI Impact - Ep 447Help Me With HIPAA
The rapid advancement of AI could soon eclipse our understanding, with its capability to predict and even manipulate human behavior. Today, we will dive into how AI is reshaping our understanding and preparedness for the digital threats lurking around the corner. Plus, NIST just released guidance that can be used to help improve the healthcare sector’s cybersecurity posture and assist with achieving compliance with the HIPAA Security Rule. More info at
info_outline Insider Breach Gets Huge OCR Settlement - Ep 446Help Me With HIPAA
OCR recently announced a jaw-dropping settlement that should have every healthcare professional on high alert. An insider breach that had staggering repercussions, leading to a monumental $4,750,000 settlement and a two year CAP. HHS has also released new cybersecurity resources and guidance and more is to come. There is no excuse anymore folks. Cybersecurity is everyone’s responsibility and OCR’s enforcement of privacy and security failures is picking up. More info at
info_outlineONC recently published an updated guide for Privacy and Security of Electronic Health Information. This episode David and Donna discuss what that guide calls the Seven-Step Approach for Implementing a Security Management Process.
Links
Guide to Privacy and Security of Electronic Health Information
Notes
The 7 Steps
Step 1: Lead Your Culture, Select Your Team, and Learn
Assign your officers, make sure they are trained, show compliance is a top down commitment
Step 2: Document Your Process, Findings, and Actions
If you can't prove it then it didn't happen. Document your decisions, plans and activity
Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)
Review or perform your Security Risk Analysis and current security assessment
Step 4: Develop an Action Plan
The plan needs to address all the things you identified in your assessments, policies, and procedures
Step 5: Manage and Mitigate Risks
This is where your project management skills come into play making sure you have addressed all the risks in your Analysis and new ones aren't showing up
Step 6: Attest for Meaningful Use SecurityRelated Objective
If you are attesting make sure you have done the previous steps
Step 7: Monitor, Audit, and Update Security on an Ongoing Basis
Remember it isn't a project that has a beginning and ending date