Blog Archives


Malware monster wins again!

Takeaways: The latest OCR resolution makes specific points on what OCR considers reasonable and appropriate technical safeguards of the Security Rule.  If you aren’t up to date with all of your software, it does matter very much once malware finds you. There are points in this latest OCR resolution that have been mentioned time and again. […]

Read More

And the hits just keep on coming!

Takeaways: Yet another notice that HIPAA enforcement and liability is not something to keep putting off until later.  The web of liability means it is no longer just yourself you have to worry about being caught up in audits or breaches. And the hits just keep on coming!  She says dripping with sarcasm….. If you […]

Read More

The fines are coming! The fines are coming!

To borrow from Longfellow’s poem: Listen my children and you shall hear Of the midnight ride of Paul Revere, In this case, it isn’t a midnight ride but a late afternoon speech by Jerome B. Meites, a chief regional civil rights counsel at HHS, in Chicago.  Historians say Revere never uttered the famous phrase and neither […]

Read More
Bite the Bullet

5 Tips to Just Get Your Risk Analysis Done

Doing a Security Risk Analysis is high on many lists right now.  Not only is it the number one thing OCR has defined as not being done properly, but it is also a required element for Meaningful Use attestation.  We have been getting a lot of traffic to our Risk Analysis Content page most likely […]

Read More
XP released

Does XP swan song affect your HIPAA compliance?

We started working with our clients on replacing XP machines in their technology plans in 2013. No one is surprised when we come calling for the last few they have installed in 2014.  They have been hearing we were removing them for a long time.  But, not everyone has had that much warning it seems. […]

Read More
HIPAA Perimeter Security

HIPAA Penetration Testing?

Being an IT company that specializes in HIPAA compliance we get a lot of interesting inquiries that leave us scratching our heads.  HIPAA penetration testing is one of the areas.  We get an inquiry to perform penetration testing for a new customer.  Almost always the request is coming from a CE or BA that hasn’t […]

Read More

Jimi Hendrix and HHS Resolutions

A famous Jimi Hendrix quote goes: I’ve been imitated so well I’ve heard people copy my mistakes. Aspiring guitarists work hard to imitate Hendrix to this day.  His music is well documented and played daily around the world.  If you want to make a name for yourself duplicate him, even his mistakes. What does that have […]

Read More

HIPAA Audits: Coming Soon to an Office Near You

The OCR is reviewing the results of the 2012 pilot audits.  They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]

Read More

HIPAA Security Rule Step #1: Perform a Risk Analysis

In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis.  Not that the administrator was doing anything wrong but the understanding of what is a Risk Analysis was missing some very important parts. The HIPAA Security Rule requires CEs […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More