Securing protected health information (PHI) is one of the paramount cybersecurity concerns of many organizations, both inside and outside the healthcare industry. This information, if released to unauthorized parties, could lead to significant personal harm to patients that organizations must avoid at all costs. 

The Healthcare Insurance Portability and Accessibility Act (HIPAA) governs the protection of PHI, and in doing so, provides the framework by which healthcare organizations must act toward that mission. However, HIPAA isn’t the only source of truth for securing PHI. For additional guidance, compliance and security officers and technical managers will look to another document, NIST 800-66. 

Read More

Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure. 

However, understanding that HIPAA is a requirement for operation doesn’t necessarily make compliance or effective cybersecurity much easier to implement. That’s why an initiative conceived by government agencies, known as the Health Industry Cybersecurity Practices (HICP), was put into action to align security along with government and industry best practices. 

Read More

The Healthcare Insurance Portability and Accountability Act (HIPAA) is one of the more complex regulations in the U.S., due in no small part to the complicated and open-ended nature of the law. 

What should companies do? In this case, covered organizations are turning to risk-based assessments to help them support their security approaches. 

Here, we will discuss how risk plays a role in the rule of HIPAA law. 

Read More