If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).
The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper or oral.
The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]
The topic of de-identification of personal information has come up in discussions with clients several times in the past year. In each scenario, our client or potential client is collecting and maintaining a store of personal information which must be protected from breach—customer records, payment card industry cardholder data, electronic protected health information (ePHI), etc. […]
One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.
In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
Entities seeking to demonstrate Health Insurance Portability and Accountability Act (HIPAA) compliance to their customers and potential customers have several options available.
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
The EU General Data Protection Regulation, or “GDPR” as its called, is expected to become law in late 2015 or early 2016. It is meant to modernize the personal data protection rules across the EU’s 28 member countries. Reportedly, it will address current topics like social networking, cloud services, globalization, and much more.