The 2021 Guide to HIPAA Compliance

HIPAA compliance featured

Table of Contents

  1. What is HIPAA?
  2. HIPAA Compliance Terminology
  3. What Are the Three Rules of HIPAA Compliance?
  4. What Is the HIPAA Privacy Rule?
  5. What Is the HIPAA Security Rule?
  6. What Is the HIPAA Breach Notification Rule?
  7. What Is the HITECH Act?
  8. What Is the Omnibus Rule?
  9. What Does HIPAA Compliance Entail?
  10. What Are the Penalties for Not Meeting HIPAA Compliance?
  11. What Can I Do to Ensure That My Organization is HIPAA Compliant?


What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act signed into law by President Bill Clinton in 1996. HIPAA was put into place to protect patient data from theft or loss. 

Why is this important? Private Health Information (PHI) is considered some of the most sensitive data that a person can have. It was determined that it was critical to protect PHI for patients and that this responsibility fell on healthcare providers who used that information for treatment, research, or billing purposes. 

With the emergence of electronic PHI (ePHI) and digital technologies like networked communication and electronic recordkeeping, HIPAA became that much more important. HIPAA was therefore conceptualized to protect ePHI no matter where it is. 

Read More

Top Cyber Security Threats facing SMBs today

SMB Cyber Security

Cyber Security Threats to SMBs

Most of the time, when we think about the most public cyber security attacks and data breaches, we generally associate them with large enterprises. The truth is cyber attacks are not limited by company size. 

According to the 2019 Cost of a Data Breach report by the Ponemon Institute, “small businesses face disproportionately higher costs than larger organizations when it comes to breaches.”

Small and Medium Size Businesses (SMBs) can be very profitable targets for bad actors because they have fewer resources and little in-house expertise to plan, implement, and execute a cybersecurity incident response plan. Business drivers and modernization needs make it an even trickier balancing act with the new norm of working from home. While large corporations can afford to spend vast sums of money on cybersecurity, SMBs must make every dollar count by identifying and focusing on top security threats. 

Read More

ISO 27000 Demystified

ISO 2700 Blog Post

ISO what?

The ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) provide a globally recognized framework for best-practice information security management: the ISO/IEC 27000 family of mutually supporting information security standards (also known as the ISO 27000 series).

The most well-known of the series is ISO 27001, which sets out the specification for an ISMS (information security management system).
The series is developed and published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Read More