Employee Fired for Inappropriately Accessing EHR Records By Mike Semel Even an ‘Internal Breach’ is a Breach According to an announcement on its website, Alabama-based DCH Health Systems fired an employee for accessing and viewing over 2,500 patient records “without ...
Don’t Use Webmail or Text Messages for Patient Info Definition Webmail includes the free mail services available on the Internet, like Gmail, Yahoo! Mail, Hotmail, etc. plus free e-mail accounts you may receive with an Internet service from Verizon, Time-Warner, ...
FTC Charges Company Displaying HIPAA Seal with Consumer Fraud Don’t make the same “stupid marketing mistake.” You may have heard me speak or write about the risk of businesses using phony HIPAA compliance seals in their marketing. My warnings were ...
HIPAA Business Associate Qualifying Questions Do You Believe the Vendor Is a Business Associate? The vendor: Provides a service that requires them to view patient information. Provides a service that requires them to store patient information. It does not matter ...
Why Technology Manufacturers, Service Providers, Help Desks & Managed Service Providers Must Comply with HIPAA HIPAA The Health Insurance Portability and Accountability Act (HIPAA) requires that electronic Protected Health Information (ePHI) be secured against loss or unauthorized access. Business Associates ...
When HIPAA Becomes Criminal By Mike Semel Former Hospital Employees Accused of Selling Patient Information Five former employees of Methodist Hospital in Memphis, TN, including a recently-licensed Registered Nurse, were indicted by a federal grand jury for allegedly selling medical ...
Federal Government Hands MSPs Big Opportunities HIPAA Safe Harbor law and DoD’s CMMC interim rule offer huge financial incentives for shoring up cybersecurity — which means cost justification for hiring MSPs. The federal government is handing MSPs big opportunities to ...
Are You Gambling Everything With Your Cybersecurity Strategy? Avoiding cybersecurity can be a federal offense. NOTE TO MSPs – Business owners and executives often resist making the cybersecurity investments they should, and channel pros often struggle to explain why they ...
Cybersecurity Policies Are Not Procedures, Systems, or Training By assuming that workers are trained and following policies, organizations may find out the hard way that they are wrong—and pay the price in penalties for lack of regulatory compliance. During an ...
Safe Harbor for Implementing a Government-Recognized Cybersecurity Program by Mike Semel Originally published at Reprinted with permission.