Bulletproof Office Helping You to Better Enable Your IT

By: Steve | December 09, 2014

The HIPAA Security Rule imposes a number of requirements that the HHS Office For Civil Rights (OCR) has begun auditing for compliance, including four requirements related to information system and ePHI activity, as outlined below:


HIPAA §164.308(a)(1)(ii)(D) requires healthcare providers to implement procedures to regularly review records of information system activity, such as audit logs, access reports and security incident tracking reports.

ePHI Data Breach Statistics

HIPAA §164.312(B) requires healthcare providers to implement hardware, software,and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information(ePHI). 


HIPAA §164.308(a)(5)(ii)(C) require...

By: Steve | October 27, 2014

paper files

This is the last in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.


These views are strictly my own based upon information gathered at the conference.

New Standard for Data Breach Impact

By: Steve | October 15, 2014

medical jargon

This is the second in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security Conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.


These views are strictly my own based upon information gathered at the conference.

You Must Have a Compliance Program and a Culture of Compliance


As conference leaders made very clear, HIPAA Compliance has two parts.  One is a comprehensive compliance plan, with documentation that confirms your adherence to HIPAA regulations.  The second is a “Culture of Compliance” that you create every day in your practice, medical center or hospital.  Think of one as the letter of the law, and the second as the spirit of the law....

By: Steve | October 09, 2014

Some highly important information was presented at the HIPAA Security Conference recently by the HHS Office For Civil Rights (OCR) and NIST in Washington DC.

OCR Announces New HIPAA Audit and Enforcement Program

By: Steve | August 15, 2014

Good Security Habits for Mobile Devices

iPhone

The good news about our smart phone society is that those convenient little devices are just so very powerful! All those awesome games and apps! And the ease of communication and collaboration, whether it be by phone, text or video!  

By: Steve | June 17, 2014

Be sure to utilize a Domain Controller

Within the context of the Microsoft world, a Domain Controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain.

Protecting ePHI
Protecting ePHI

A Domain is a concept whereby a user may be granted access to a number of computer resources with the use of a single username and password combination. By implementing a DC, you create a more locked down network security environment and allow for the implementation of security rules across all of your networked devices. A great by-product of implementing a DC is that it can also serve to increase your network speed.