HIPAA, Security Incidents, and Reportable Events

May 11, 2023 Lazarus Alliance 0 Comment

In the interconnected world of digital health information, safeguarding Protected Health Information is paramount. Healthcare providers must legally follow the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy and maintain trust, and this compliance includes understanding what it means to identify and deal with security incidents.

Among these, the concepts of security incidents, reportable events, and the implementation of the Breach Notification Rule are particularly critical. These aspects of HIPAA are at the heart of ensuring that health information remains confidential and that violations are promptly addressed and communicated appropriately.

This article explains the obligations of HIPAA-covered entities and their business associates under the Breach Notification Rule regarding reportable events. We will explore how to identify security incidents, determine their severity, ascertain if they constitute a reportable event, and understand the necessary steps for notification during a breach.

What Are the Proposed Rule Changes to HIPAA Coming in 2023?

May 3, 2023 Lazarus Alliance 0 Comment

In response to changes in the medical industry due to COVID-19, the Department of Health and Human Services (HHS) and Substance Abuse and Mental Health Services Administration (SAMHSA) have put forth a Notice of Proposed Rulemaking to streamline how doctors can access mental health information.

This article will discuss this rule change and why it seeks to address the gaps between HIPAA disclosure and mental health information protections.

What Is ISO 27017 and How Does it Inform Cloud Security?

Apr 6, 2023 Lazarus Alliance 0 Comment

As cloud computing continues gaining popularity, organizations increasingly turn to cloud services to store and process their data. However, with this increased reliance on cloud services comes a heightened risk of data breaches and cyber attacks, making cloud security a critical concern for businesses of all sizes.

To address these concerns, the International Organization for Standardization (ISO) has published a code of practice for information security controls for cloud services–ISO 27017. This standard provides guidelines and general principles for securing cloud-based systems and protecting against potential security threats.

This article will explore the critical components of ISO 27017 and their importance in securing cloud-based systems. We will also discuss some of the best practices for implementing ISO 27017 in your organization and the benefits that it can provide. Finally, we will examine some challenges organizations may face when implementing ISO 27017 and guide them on overcoming them.