HIPAA Security and Privacy Advisors, LLC

HIPAA Security and Privacy Advisors (HSP Advisors) is a specialized Healthcare Privacy and Security consulting firm dedicated to serving the needs of the healthcare industry.  Started by Bill Miaoulis, HSP Advisors brings over 19 years experience in Healthcare Security and Privacy.  We provide the most cost effective methodologies and experience in completing  Mock HIPAA Security and Privacy Audits, Risk Analysis to meet meaningful use, Policy and Procedure Development, Security Staff Augmentation, Security and Privacy Training, Project Management and Disaster Recovery Planning.  We would welcome the opportunity to work with you. 

*************

Check this page often for the latest Healthcare Security and Privacy related articles.  

The modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules are now available (see article below) and will be official published on January 25th.  Download you copy now.

one of the current article shows  the continued involvement of the Attorney General of the Commonwealth of Massachusetts with heath care practices and their business associates.  All organizations should have a process in place to ensure that they and their business associates have the appropriate controls in place.  If you need help in developing a process to manage your business associates, contact us today.

Idaho State University (ISU) has agreed to pay $400,000

Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This settlement involves the breach of unsecured electronic protected health information (ePHI) of 17,500 individuals who were patients at an ISU clinic.

The Office for Civil Rights (OCR) opened its investigation after ISU notified HHS that the ePHI of approximately 17,500 individuals was accessible at its Pocatello Family Medicine Clinic because an ISU server firewall was disabled.  OCR investigators found that ISU did not apply proper security measures and policies to address risks to ePHI and did not have in place procedures for routine review of information system activity which could have detected the breach in the firewall much sooner. Overall, ISU failed to ensure the uniform implementation of required Security Rule protections at each of its covered clinics. 

 

The Press Release can be found on the HHS News page:http://www.hhs.gov/news/ and the Resolution Agreement can be found on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/isu-agreement.html.

 

Mobile Security: More Than Encryption (PodCast and Article)

Get the Podcast and Article Here:  HealthcareInfo Security

HIPAA-compliance consultant Bill Miaoulis outlines a number of critical steps that many healthcare organizations fail to take to ensure the security of data on mobile devices.

Even when healthcare organizations encrypt their Mobile computing devices, they often neglect other steps that can help prevent data breaches, Miaoulis says.

The Legislation of Privacy: New Laws That Will Change Your Life

There are more laws and proposed laws that protect Privacy.   A good summary can be found at the link below.

http://www.backgroundcheck.org/the-legislation-of-privacy-new-laws-that-will-change-your-life/

Proposed and Current Laws include:
Protect Our Health Privacy Act of 2012

The Protecting Children from Internet Pornographers Act of 2011

Genetic Information Nondiscrimination Act of 2008

The GPS Act

Commercial Privacy Bill of Rights

Electronic Communications Privacy Act

Children's Online Privacy Protection Act

Application Privacy, Protection, and Security Act of 2013

Location Privacy Protection Act of 2011

Cyber Intelligence Sharing and Protection Act (CISPA)

FISA Amendment Act of 2008

Video Privacy Protection Act