The 2021 Guide to HIPAA Compliance

HIPAA compliance featured

Table of Contents

  1. What is HIPAA?
  2. HIPAA Compliance Terminology
  3. What Are the Three Rules of HIPAA Compliance?
  4. What Is the HIPAA Privacy Rule?
  5. What Is the HIPAA Security Rule?
  6. What Is the HIPAA Breach Notification Rule?
  7. What Is the HITECH Act?
  8. What Is the Omnibus Rule?
  9. What Does HIPAA Compliance Entail?
  10. What Are the Penalties for Not Meeting HIPAA Compliance?
  11. What Can I Do to Ensure That My Organization is HIPAA Compliant?


What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act signed into law by President Bill Clinton in 1996. HIPAA was put into place to protect patient data from theft or loss. 

Why is this important? Private Health Information (PHI) is considered some of the most sensitive data that a person can have. It was determined that it was critical to protect PHI for patients and that this responsibility fell on healthcare providers who used that information for treatment, research, or billing purposes. 

With the emergence of electronic PHI (ePHI) and digital technologies like networked communication and electronic recordkeeping, HIPAA became that much more important. HIPAA was therefore conceptualized to protect ePHI no matter where it is. 

Read More

Compliance and Risk Management in the Spotlight: Lessons Learned from the SolarWinds Hack

Solarwinds security breach

We recently wrote an article discussing, briefly, a data breach for the security firm FireEye. At the time, FireEye claimed that the breach was the result of a foreign attack, a state-sponsored cyberattack, an event that has unfortunately become the norm in 2020. As we, along with the rest of the country, have learned the FireEye breach was connected to the massive SolarWinds hack, one that many are calling one of the largest security breaches in U.S. history. 

Here, we’ll talk about some of the basics of the attack, including how it happened and its impact. The lessons we can learn from the SolarWinds hack can emphasize just how important risk management is for companies large and small across the U.S.

Read More

ISO 27000 Demystified

ISO 2700 Blog Post

ISO what?

The ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) provide a globally recognized framework for best-practice information security management: the ISO/IEC 27000 family of mutually supporting information security standards (also known as the ISO 27000 series).

The most well-known of the series is ISO 27001, which sets out the specification for an ISMS (information security management system).
The series is developed and published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Read More