Bulletproof Office Helping You to Better Enable Your IT

By: Steve | May 18, 2015


Everyone has a role to play in the privacy and security of electronic health information — it is truly a shared responsibility. The Office of the National Coordinator for Health Information Technology (ONC) provides resources to help you succeed in your privacy and security responsibilities. This Guide to Privacy and Security of Electronic Health Information (referred to as “Guide”) is an example of just such a tool.

The intent of the Guide is to help health care providers ― especially Health Insurance Portability and Accountability Act (HIPAA) Covered Entities (CEs) and Medicare Eligible Professionals (EPs) from smaller organizations ― better understand how to integrate federal health information privacy and security requirements into thei...

By: Steve | April 02, 2015


Now, that would be a great tune - a bit catchy, don't you think? Yes, rather silly and, as we know, with the size of the fines being handed out for "willful neglect," enabling and maintaining compliance is a serious matter.


HIPAA compliance is not easy.  If it was, every healthcare provider would be fully compliant, and many continue to struggle with understanding exactly what needs to be done.  No-one wants to deal with the coming pain as the Health and Human Services Office for Civil Rights amps up its enforcement audits.

If you are a healthcare provider with a desire to efficiently, effectively and inexpensively work through your compliance program, I have a prescription for you!  


The first step is to receiv...

By: Steve | March 19, 2015


 Cybercriminals are constantly developing new tactics and business models because it is so profitable! And while all systems are vulnerable, some are more at risk than others. Criminals of all types are lazy and cybercriminals also look for the "easy" way in.  Consequently, those with the weakest security are the most frequent targets. 

Fortunately, there are specific measures you can take to make your organization a less attractive target. These measures will substantially reduce your risk and improve the safeguards that protect your data, including important customer and employee data.

Upgrade Your Firewall

You’re operating a business, and the first thing you need is a firewall that provides commercial-grade protection. Too...

By: Steve | February 05, 2015

Golden Laptop

A $250,000 fine has been paid to the Department of Health and Human Services for the breach of 148 patients' data when a laptop was stolen from the vehicle of a QCA Health Plan of Arkansas employee. The laptop was not encrypted.

"Covered entities and business associates must understand that mobile device security is their obligation. Our message (with this large fine) is simple: encryption is your best defense against these incidents," said Susan McAndrew, Office for Civil Rights deputy director of health information privacy. 

Chances are, your laptop or tablet often goes where you go, carrying Practice data and patient record information from office to vehicle to home and back again. Throw in a side trip to the grocery store, ...

By: Steve | December 19, 2014

The Cloud

83% of Healthcare Providers Use Cloud Services

Almost 85 percent of healthcare providers are already using cloud services in some form, and nearly all are considering expansion of their use in the future. The market for cloud services in healthcare is on pace to grow at a rate of 20 percent per year, reaching $5.4 billion by 2017. The cloud is here to stay, and for good reason.

Benefits of Moving to the Cloud

Having your technology hosted offsite, in the cloud, by HIPAA compliant IT experts, i.e. vetted Business Associates, provides many potential benefits:

  • It frees your office from the complex, often expensive and labor-intensive processes associated with replacing aging equipment, installing software security updates, backing up...

By: Steve | December 09, 2014

The HIPAA Security Rule imposes a number of requirements that the HHS Office For Civil Rights (OCR) has begun auditing for compliance, including four requirements related to information system and ePHI activity, as outlined below:

HIPAA §164.308(a)(1)(ii)(D) requires healthcare providers to implement procedures to regularly review records of information system activity, such as audit logs, access reports and security incident tracking reports.

ePHI Data Breach Statistics

HIPAA §164.312(B) requires healthcare providers to implement hardware, software,and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information(ePHI). 

HIPAA §164.308(a)(5)(ii)(C) require...

By: Steve | November 11, 2014

email danger

The Department of Homeland Security (DHS) is warning of an active email phishing campaign designed to install a new version of banking malware on computers, and virtually everyone is a target, including entities within the U.S. government, foreign governments, the U.S. education sector, commercial businesses, and state, local, and tribal organizations. The phishing campaign involves emails with malicious links or attachments.


By: Steve | October 27, 2014

paper files

This is the last in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.

These views are strictly my own based upon information gathered at the conference.

New Standard for Data Breach Impact

By: Steve | October 15, 2014

medical jargon

This is the second in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security Conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.

These views are strictly my own based upon information gathered at the conference.

You Must Have a Compliance Program and a Culture of Compliance

As conference leaders made very clear, HIPAA Compliance has two parts.  One is a comprehensive compliance plan, with documentation that confirms your adherence to HIPAA regulations.  The second is a “Culture of Compliance” that you create every day in your practice, medical center or hospital.  Think of one as the letter of the law, and the second as the spirit of the law....

By: Steve | October 09, 2014

Some highly important information was presented at the HIPAA Security Conference recently by the HHS Office For Civil Rights (OCR) and NIST in Washington DC.

OCR Announces New HIPAA Audit and Enforcement Program