As a HIPAA privacy or security officer, you are used to seeing HIPAA compliance issues pop up out of nowhere. You don’t have the time to chase down the details of every security incident in your organization. However, security incident tracking doesn’t...
HIPAA requires you to keep unauthorized people from viewing protected health information (PHI). Even when you’re disposing of unneeded PHI, you must still keep the data secure. According to the Department of Health and Human Services (HHS), “covered entities are not...
Administrative Safeguards Physical Safeguards Technical Safeguards The Security Rule defines administrative safeguards as “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures...
In 2012-2013, the University of Texas MD Anderson Cancer Center had three data breaches involving unencrypted devices. An unencrypted laptop had been stolen from an employee’s home, and they had lost two unencrypted USB thumb drives. These incidents compromised the...
Mobile devices are commonplace in modern offices. As a covered entity (CE) or a business associate (BA), you will undoubtedly have mobile devices and media to manage. Electronic protected health information (ePHI) is not only on your desktop computer but may be on...