OMG USB! Physical Media and Protecting PHI

HIPAA featured

Imagine this scenario: you’ve received some test results from some procedure. Those results are to be moved between institutions because you have doctors in different departments of a healthcare system. 

Normally, we’d think that these institutions would electronically transmit these results through some secure channel… but then you see that your doctor has your results, in hand, in a USB key that they plug into their computer. 

This, of course, is a considerable risk. HIPAA regulations require that institutions protect PHI in specific ways with straightforward controls, and many threats can undermine physical media. 

So, what’s the issue with using USB thumb drives? 

 

Read More

What is NIST 800-66, and How Does it Apply to HIPAA?

nist 800-66 featured

Cybersecurity is a community practice. Different innovations and discussions about new vulnerabilities, threats and controls inevitably influence security implementations in multiple markets and industries, depending on their applicability. This is just as true for healthcare, an industry generally governed by HIPAA. HIPAA, however, is complex, and organizations working in healthcare often look outside their own industry to help them better understand cybersecurity outside just hitting compliance checklists. That’s where NIST 800-66 comes in. 

In this article, we’ll discuss HIPAA security and how it relates to NIST 800-66. This NIST document helps healthcare providers under HIPAA understand more advanced security controls that could support their compliance, privacy and cybersecurity controls. 

 

Read More

Lazarus Alliance HIPAA Audit, HITECH, NIST 800-66

Lazarus Alliance HIPAA Audit, HITECH, NIST 800-66 and Meaningful Use audit services

HIPAA Audit, NIST 800-66 and Meaningful Use Audits; we are ready when you are!

The professionals at Lazarus Alliance are completely committed to you and your business success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility.

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.

Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately and securely. A HIPAA Audit, NIST 800-66 or Meaningful Use audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.

Lazarus Alliance HIPAA Audit Services