In previous postings we have talked about HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Security Concerns in Healthcare & How to Alleviate Them Over the past few years, healthcare organizations have seen […]
A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.
Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and is comprised of standards and implementation specifications. Each Security Rule standard is a requirement: a covered entity must comply with all of the standards […]
Now that 2016 has come to a close and we have started 2017, I wanted to take a moment to review some of the information security stories from last year, and provide some insight on how you can protect yourself from them in 2017 since those issues are not going away any day soon.
In performing SOC audits for Linford & CO, the clear majority of organizations do a great job providing reasonable assurance they are meeting all their controls. But I wanted to hit on a list of seven common mistakes that seem to pop up to hopefully help your organization identify them before they become
Linford and Company is now bringing our royalty audit expertise to the television network market by providing cable subscriber audits.
Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.
The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]
The topic of de-identification of personal information has come up in discussions with clients several times in the past year. In each scenario, our client or potential client is collecting and maintaining a store of personal information which must be protected from breach—customer records, payment card industry cardholder data, electronic protected health information (ePHI), etc. […]
One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.