HITECH – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Tue, 24 May 2011 04:06:50 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 An Authoritative Compliance Security for an Unwavering Presence https://www.aegify.com/an-authoritative-compliance-security-for-an-unwavering-presence/ https://www.aegify.com/an-authoritative-compliance-security-for-an-unwavering-presence/#comments Tue, 24 May 2011 04:06:50 +0000 http://www.egestalt.com/blog/?p=95 As per the 2011 Data Breach Investigations Report (DBIR) released by Verizon there has been a considerable drop in the number of compromised records- from 361 million in 2008 to 144 million in 2009 and less than 4 million in 2010. Security breach incidents have reduced to 1% in the healthcare sector while the hospitality…

The post An Authoritative Compliance Security for an Unwavering Presence appeared first on Aegify.

]]>
As per the 2011 Data Breach Investigations Report (DBIR) released by Verizon there has been a considerable drop in the number of compromised records- from 361 million in 2008 to 144 million in 2009 and less than 4 million in 2010. Security breach incidents have reduced to 1% in the healthcare sector while the hospitality industry has experienced the maximum number (40%), followed by the retail sector (25%) and the financial services sector (22%). The investigated data for 2010 was a joint effort between Verizon with 94 incidents and the U.S. Secret Service with 667 incidents making the total to a massive 761.

It has been found that 92% of the breaches occur through external sources. These sources use sophisticated hacking methodologies and different types of malware to gain access to the vulnerable IT systems. Currently the criminals are targeting the payment systems, as the U.S. Secret Service has clamped down all malware activities with a strict vigil on hosting services. It has also been seen that the small business organizations and medical practitioners fall easy prey to these heinous crimes as they do not have a reliable infrastructure and proactive policies to ward off these intrusive acts.

As per the HITECH Act any incident that poses a security risk to the personal health information of 500 people or more have to be reported. Penalties in the form of expensive fines are imposed on those found guilty of violating the HITECH Compliance regulations. Thus every medical and healthcare organization has to ensure the establishment of a regularized and compact security policy throughout the entire operation leaving no opportunities for any unauthorized access.

The best way to deal with all issues related to security, compliance and risk is to invest in the automated SecureGRC SB compliance solution that has all the capabilities to deliver compelling performances and create an invincible force against any malicious attacks. These solutions are cloud based services that constantly track and monitor all activities and provide real-time information instantly. With the help of the compliance management software solution the organizations are made aware of the new and revised regulations and the security policies of the organizations are updated immediately and automatically.

Often healthcare organizations suffer losses due to employees’ negligence or due to inadequate information and training. The automated compliance solution provides a respite to the organizations by providing intelligent analytical assessments and reporting facilities that help to keep track of the compliance status. A strict authentication process is deployed that thwarts all damaging attempts. With the services offered on the cloud, any mid-sized or a small organization can easily afford this solution to use it as a remedy for reviving their declining operations. Now with a trustworthy and inexpensive healthcare compliance tool within easy reach, there is no excuse for falling into a trap and losing one’s hard-earned reputation.

The post An Authoritative Compliance Security for an Unwavering Presence appeared first on Aegify.

]]>
https://www.aegify.com/an-authoritative-compliance-security-for-an-unwavering-presence/feed/ 1
Saying No to Health Breaches https://www.aegify.com/saying-no-to-health-breaches/ https://www.aegify.com/saying-no-to-health-breaches/#respond Tue, 29 Mar 2011 06:33:14 +0000 http://www.egestalt.com/blog/?p=93 A recent federal list announced that there have been serious health information breaches that affected nearly 8.3 million people since September 2009. With 3 government agencies looking into Heath Net breaches including the case of 9 missing server drives from a California data center that was managed by IBM, the actual gravity of the situation…

The post Saying No to Health Breaches appeared first on Aegify.

]]>
A recent federal list announced that there have been serious health information breaches that affected nearly 8.3 million people since September 2009. With 3 government agencies looking into Heath Net breaches including the case of 9 missing server drives from a California data center that was managed by IBM, the actual gravity of the situation cannot be stressed enough. The Office of Civil Rights that generally adds such breaches to its official list upon confirmation of details has not yet added the Health Net breaches. As per the final version of the breach notification rule, all breaches affecting 500 individuals or more should be reported to OCR including the people who are affected by the breach and this should be done within 60 days.

Over 50% of the major health breaches that have been reported, most of them are concerned with either the loss or the theft of computer devices. This has underlined the need to install encryption security methods to laptops etc. On the other hand the Health Net breach incidents are more focused on ways and means to protect storage media effectively. The OCR is doing its best to get all healthcare providers to abide as per HIPAA / HITECH compliance requirements; in fact it has even requested for increased funding to ensure enhanced enforcement efforts. But the fact still remains that the onus to meet all the compliance measures still rests on the healthcare providers themselves. There is likely to be an addition to the HITECH breach notification rule sometime later this year, which would ensure that all doubts about what kind of security breaches should be reported are all simplified and laid out clearly.

Recently Cignet Health and Massachusetts General Hospital were slapped with severe penalties. Such increasing incidences of security breaches are indeed alarming; small businesses need to equip themselves with a solution that can help them address such breaches efficiently. SecureGRC SB, a solution that is provided on the cloud, can fulfill all HIPAA / HITECH Compliance requirements pertaining to small businesses. With its central repository for all documentation purposes pertaining to HIPAA, it can send reminders to ensure compliance regulations are maintained and can ensure complete maintenance of track records of business associates.

More often than not, small medical healthcare providers cannot meet the expense of costly solutions nor can they obviously pay the hefty penalties for any non-compliance issues. The best option for such businesses is to opt for a unique IT healthcare compliance solution that is not only economical, and accurate, but also assists them in meeting all the healthcare compliance requirements efficiently. And with SecureGRC SB, small healthcare providers can easily say an emphatic no to health breaches!

The post Saying No to Health Breaches appeared first on Aegify.

]]>
https://www.aegify.com/saying-no-to-health-breaches/feed/ 0
Time to Make Data Breaches a Thing of the Past https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/ https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/#respond Mon, 21 Mar 2011 02:52:50 +0000 http://www.egestalt.com/blog/?p=91 The media is abuzz with news of data breaches especially with websites like the Health and Human Services (HHS) tracking them. As per the Office of Civil Rights, there were close to 9,109 data breaches by Sept 2010, averaging 25 data breaches per day! The HSS had earlier issued a given set of regulations to…

The post Time to Make Data Breaches a Thing of the Past appeared first on Aegify.

]]>
The media is abuzz with news of data breaches especially with websites like the Health and Human Services (HHS) tracking them. As per the Office of Civil Rights, there were close to 9,109 data breaches by Sept 2010, averaging 25 data breaches per day! The HSS had earlier issued a given set of regulations to healthcare providers about notifying individuals whenever a health information breach occurs.

Breach reporting has become an intrinsic and important element of the HITECH Compliance regulations. All data breaches crossing over 500, are required to be reported to the HHS within 60 days, while data breaches under 500 can be submitted annually. These breaches although not published by the HHS, they are compiled and sent to congressional committees as per the HITECH stipulations. With data breaches resulting in not just penalties but also the erosion of precious reputation and image of different health care providers, it is time that health care providers take efficient compliance measures to abide as per HIPAA and HITECH regulations effectively.

The idea is to work smartly and bring about complete visibility with an effective and economical security solution as far as safeguarding of security of patient’s health information is concerned. Most small health care practitioners worry about the investment aspect involved in installing compliance solutions, but here is eGestalt’s SecureGRC SB, which is an ideal solution especially for small medical practices. A one-stop solution, it allows health care providers to abide as per the compliance regulations of HIPAA/HITECH.

A web-based solution, SecureGRC SB offers a unique approach to tackle security and data breach issues. Owing to its ability to deliver services on the cloud, it can capture information and keep you updated constantly in case of any changes in regulatory policies. SecureGRC SB is an economical, easy to use web based solution that can help small medical practitioners be HIPAA Compliant. It is high time that small healthcare practices opt for a suitable compliance healthcare solution to tackle data breaches intelligently and make data breaches a thing of the past.

The post Time to Make Data Breaches a Thing of the Past appeared first on Aegify.

]]>
https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/feed/ 0
Drawing-Out A Strikingly Compliant Role https://www.aegify.com/drawing-out-a-strikingly-compliant-role/ https://www.aegify.com/drawing-out-a-strikingly-compliant-role/#comments Wed, 09 Mar 2011 06:33:04 +0000 http://www.egestalt.com/blog/?p=88 While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a…

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a subway train!

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH Compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information.

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
https://www.aegify.com/drawing-out-a-strikingly-compliant-role/feed/ 8
Cignet Pays A Heavy Price for HIPAA Violation! https://www.aegify.com/cignet-pays-a-heavy-price-for-hipaa-violation/ https://www.aegify.com/cignet-pays-a-heavy-price-for-hipaa-violation/#comments Fri, 25 Feb 2011 12:20:07 +0000 http://www.egestalt.com/blog/?p=86 A recent incident of HIPAA violation has reinforced the need for health care organizations to focus on creating and keeping the records efficiently for easy access; most do not create the records in the first place!  If they have not, the  tendency has been to subdue their responsibilities towards enforcement of security compliance measures with…

The post Cignet Pays A Heavy Price for HIPAA Violation! appeared first on Aegify.

]]>
A recent incident of HIPAA violation has reinforced the need for health care organizations to focus on creating and keeping the records efficiently for easy access; most do not create the records in the first place!  If they have not, the  tendency has been to subdue their responsibilities towards enforcement of security compliance measures with HIPAA and HITECH regulations at times not knowing what to do and how to go about it. When a charge received, they then wake up to the fact. And in the case of Cignet, additional penalties were levied for not being co-operative with the investigative agency! As per report, Cignet Health of Prince George’s County Md. has been charged a whopping $4.3 million as civil money penalty (CMP) for denying accessibility to 41 patients to their medical records. Further it was also alleged that Cignet assumed a non co-operative stance willfully as it did not furnish the records when demanded by the Office for Civil Rights (OCR). Why and how did this happen? The law provides exceptions for not sharing the information. The organization had no such defenses for taking recluse under exceptions! If a set of policies and procedures had been there, perhaps, it would have been much easier for them – at least to have reduced the penalty – not 4.5 Million USD.
With such incidents and reports of severe penalties, the security compliance situation among healthcare organizations has become quite a talking point. Yet it is quite startling to see that despite the imposition of the HIPAA and HITECH rules there seems to be no change in the callous attitude of some health organizations. Conversely there are some who religiously try to follow the compliance regulations, but fail to deliver the desired output. This could be due to lack of visibility in assessing the security requirements of the organizations leading to engagement of incompetent strategies and solutions. Many a times organizations become victims of security breaches as they are incapable of purchasing new infrastructure that could help them remain compliant with the new and updated regulations. Most of them face massive pressures as they struggle to cope with revised and updated regulations while trying to maintain control over their budgets.

It does not matter whether the cause of the damage is intentional or accidental. But the repercussions can definitely matter a lot to any healthcare organization. It is difficult to recover from the penalties and is an uphill task to rebuild the years of reputation that can get washed away instantly with just one unfortunate accident. The SecureGRC SB is an ideal solution that helps all medical organizations to stay compliant not only with HIPAA/ HITECH requirements but also with other compliance regulations such as PCI Compliance, SOX and ISO 27002. The unique approach to settle all security issues and tackle all data breach possibilities is laudable. This is a web-based solution that delivers services on the cloud. It deploys a monitoring system that constantly monitors and captures real-time information and keeps providing regular status through the front dashboard.

This solution does not entail the purchase of any new infrastructure and thus saves organizations from the worry of investing in new hardware. SecureGRC SB provides optimum healthcare compliance assistance as it is affordable, and due to its automatic updating capabilities organizations can modify their existing practices according to the revised regulations. It also facilitates tracking and monitoring the activities of business associates by providing the best HITECH Compliance management solutions. Though negligence and callousness are unforgivable as far as a patient’s confidentiality is concerned the automated SecureGRC SB can help eliminate the possibility of such occurrences and provide safer and secure medical grounds for patients and providers.

The post Cignet Pays A Heavy Price for HIPAA Violation! appeared first on Aegify.

]]>
https://www.aegify.com/cignet-pays-a-heavy-price-for-hipaa-violation/feed/ 9
Safe and Secure Compliance Practices For Small Business https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/ https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/#comments Mon, 21 Feb 2011 12:07:01 +0000 http://www.egestalt.com/blog/?p=83 It is a strangely paradoxical situation that despite revised and stricter compliance regulations the number of security breaches seems to rise. The HIPAA mandate was enforced to tone down risks threatening patients’ personal records. But there has hardly been any positive report of effective progress towards a threat free environment. As per a recent study…

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

]]>
It is a strangely paradoxical situation that despite revised and stricter compliance regulations the number of security breaches seems to rise. The HIPAA mandate was enforced to tone down risks threatening patients’ personal records. But there has hardly been any positive report of effective progress towards a threat free environment.

As per a recent study conducted by Redspin – the leading service provider of HIPAA risk analysis and IT security Compliance, between August 2009 and December 2010 6 million people have been affected due to security breaches. The number accounts for only those security breaches reported to the Department of Health and Human Services, which means that the actual number may have exceeded 6 million.

It is an alarming fact that despite efforts to tighten security measures, medical organizations especially the small practices are constantly a soft target for various kinds of illegitimate activities. And this is not just because of hackers who use sophisticated technology to disarm the security system, but also due to loss and theft of mobile devices which have become predominantly a regular practice.

The freedom to use USBs, cell phones, laptops etc to keep pace with the competitive world has made the employees and organizations overlook the discreet use of such confidential data and its dire consequences. Business Associates have been identified as another vulnerable link resulting in security breaches.

The small medical practices are consistently faltering in being compliant with the HIPAA/HITECH regulations as they are incapable of stretching their budgets to employ new infrastructure and deploy solutions to curb all malpractices.

SecureGRC SB is a one-stop solution for all security and risk assessment needs without any additional costs for a new infrastructure. This service is provided on the cloud which therefore fulfills all HIPAA / HITECH compliance requirements pertaining to small business. Small businesses are provided with complete control to gauge the requirements for HIPAA and HITECH through a simple self assessment menu.

The SecureGRC SB contains a central repository for all documentation purposes pertaining to HIPAA. It sends reminders to ensure compliance regulations are maintained. It follows an automatic updating schedule as per the latest and revised regulations. It provides reports regarding the compliance status for auditing. The solution ensures maintenance of a track record of the business associates and provides plug-ins in case of any PCI-DSS compliance requirement.

Small businesses can neither afford expensive solutions nor penalties for non-compliance. They need to adopt an astute approach towards IT healthcare compliance to achieve high scores. SecureGRC SB is the perfect solution – an affordable, precise and simplified option with guaranteed results.

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

]]>
https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/feed/ 5