Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - August 15th, 2017

How Often Should Healthcare Employees Receive Security Awareness Training?

Regular Security Awareness Training is a Requirement of Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The rule requires covered entities to “Implement a security awareness and training program for all members of its workforce (including management)”. After the provision of initial training, HIPAA requires healthcare employees to receive periodic security updates. While HIPAA does not stipulate how often these “periodic security updates” should be issued, OCR points out that monthly security updates work well for many healthcare organizations, with additional training provided bi-annually. An effective security awareness program must provide ongoing training; raising awareness of new threats as they emerge and when threat intelligence is shared by Information Sharing and Analysis Organization (ISAOs).


5 Lessons Learned in OCR HIPAA Settlements

Healthcare organizations cannot assume that they will never experience a data breach or data security incident. Failure to update safeguards or audit controls could lead to an OCR HIPAA settlement, which could be paired with a high fine and a lengthy recovery process. There are several key lessons to be learned from OCR HIPAA settlements over the past two years. Covered entities and their business associates should review their approaches to HIPAA compliance and ensure that employees at all levels are properly and regularly trained. 5 areas of concern that have been overlooked in terms of data security:

  1. Business Associate Agreements
  2. Audit Controls
  3. Risk Management
  4. Breach Notification &
  5. Basic HIPAA Safeguards

HIPAA Compliance Checklist

If your organization has access to electronic Protected Health Information (ePHI), it is recommended that you review the HIPAA compliance checklist which can help ensure that your organization complies with the HIPAA regulations covering the security and privacy of confidential patient data. Failure to comply with HIPAA regulations can result in substantial fines being issued and criminal charges and civil action lawsuits being filed should a breach of ePHI occur. Ignorance of HIPAA regulations is not considered to be a justifiable defense by the Office for Civil Rights of the Department of Health and Human Services (OCR). The OCR will issue fines for non-compliance regardless of whether the violation was inadvertent or resulted from willful neglect. Check out the HIPAA compliance checklist here. 


OCR deputy: Have policies in place to avoid a HIPAA compliance review

Almost every breach case that HHS investigates, healthcare organizations can not demonstrate satisfactory compliance in following areas, according to deputy director for health information privacy for the HHS Office for Civil Rights. 

  1. Having failed to perform a risk analysis,
  2. Having failed to manage and identify risk
  3. Not having clear business associate agreements 
  4. Not having policies and procedures in place
  5. Having failed to report a breach within 60 days of discovery.

The purpose of an audit is to allow OCR to take a look at what a healthcare organization is doing from a compliance perspective, outside the context of a formal investigation. The surest way to go from an audit to an enforcement review is not to respond to an audit notification. Common mistakes can turn an audit into a compliance review. Just by showing HHS all your policies and procedures, they can give you a report card of where you are from a compliance standpoint.


Watch our brief intro video!

This is a must for all physicians and their staff to view. Outlined are 5 basic steps to HIPAA Compliance. All medical providers must also assess their HIPAA Compliance status annually by conducting a HIPAA Security Risk Assessment every year, review their policies and procedures annually and train their employees every year.

Visit - a Cyber Security service provider with focus on HIPAA Compliance services. We are Cybersecurity and Compliance Specialists,  Let us be your first line of defense against a cyber attack. Call us at (844) 55-CYBER or email us at today!

Upcoming Events!

Webinar: Best Practices for Compliance and Security in the Cloud October 4, 2017 @ 2:00 pm

Sanjay Deo, President of 24By7Security, Inc. will host a webinar in partnership with Care Analytics.

More Information....

ISSA 2017 International Conference - Oct 9 - 11, 2017

Michael Brown of 24By7Security, Inc. will be speaking on Cyber Resilience at the ISSA 2017 International Conference being hosted at the Sheraton Hotel and Marina in San Diego, California.

More Information....

Georgia ISSA Atlanta Conference - Nov 15, 2017 @ 8:00 am

24By7Security is pleased to sponsor Atlanta’s premier security conference, “Paradigm of Dependable Security” and will be exhibiting and networking there.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER