HIPAA Newsletter May 2016 Archive

Your HIPAA Compliance Companion

            "How much is your data worth to you?" is a question that cyber criminals have been making millions from. Ransomware is a variety of malware that holds your digital information (or assets) hostage and demands payment for release. This activity has seen a rise in popularity in the past few years and made headlines around the globe.
            Although this isn't the first wave of ransomware proliferation, the technique has been used for decades, it may be the largest and most dangerous yet for several reasons.
            First, the sheer number of ransomware programs being created by novice and expert criminals alike increases the likelihood that your computer system will suffer an attempted attack. The sheer amount of ransomware in the wild also proves difficult for anti-virus programs to keep up with.
Second, the sprawling variety of ransomware infection methods means that people must constantly become aware of new attack vectors while trying to live and work in a fast-paced world. Here are just a few examples:
  • Malicious advertisements on "secure" websites (i.e. websites using HTTPS)
  • Attachments to seemingly legitimate emails (phishing)
  • Fake security warnings and alerts
  • Fake copies of trusted programs propagated through file sharing websites
Third, ransomware is becoming increasingly sophisticated. As discussed, many methods encrypt your data and then threaten to destroy the private (decryption) key if your payment isn't made within a certain deadline.
Ransomware encryption algorithms are getting stronger and the decryption keys are less likely to be discovered to regain control of your data as they were in the past.  In short, the "Bad Guys" are getting smarter; when ransomware is done well and adequate preventive measures and incident response procedures aren't in place, the choice is exactly what the extortionists want-pay or lose it all.

Heretofore, there are no documented cases where ransomware has led to the injury or death of a patient. Unfortunately, this will happen sooner rather than later. In the ransomware attack in Melbourne Australia the bad guys allegedly started changing patient data until the ransom was paid. For the U.S. healthcare industry, ransomware takes HIPAA compliance out of the "necessary evil" realm to an issue front and center with respect to patient safety. There is simply no going back to the good 'ole days of HIPAA where the dirty little secret was the HIPAA was an unenforced paper tiger, with a maximum penalty of $25,000.00. This is simply not your Daddy's HIPAA anymore!
            Our May 2016 HIPAA Survival Guide webinar will focus on the current and emerging trends in ransomware. We will discuss its nature, different types of ransomware, the variety of methods extortionists use monetize it, and proactive measures and incident response best practices that organizations can take to prevent and mitigate the harm ransomware can cause. The webinar will also analyze implications for HIPAA's Security Rule and, in particular, the Breach Notification Rule. 

EXPRESSO: Coming Soon
It is an intuitive application that combines Software with Wetware to produce what we call Processware.
Processware is the "X Factor" missing in other products in the marketplace. It allows you to prepare, monitor, enhance and improve your Risk Assessment process and at the same time reduce the "cyber threats" your organization faces on a daily basis from the ever changing threat landscape.
     Even More About EXPRESSO
     Expresso is a software-as-a-service ("SaaS") App that embodies the NIST seven (7) step process ("Methodology") for performing a Risk Assessment. Expresso builds on the NIST foundation to facilitate performing Risk Assessments by rationalizing the Methodology in a manner that makes it accessible to lay persons.
     What QuickBooks Online ("QBO") did for accounting Expresso does for Risk Assessments. QBO did not eliminate all the work associated with accounting, what it did was transform accounting from a necessary evil, something to be avoided at all costs and/or handed over to a third party, to something that a business  person could master at some basic to intermediate level. 
    Expresso comes with pre-populated with (T)hreats, (V)ulnerabilities, and potential business (I)mpacts to your organization making the calculation of (R)isks easier than the tedious process that our competitors offer. In addition to pre-populating of Threats, Vulnerabilities and Impacts, Expresso allows you to modify all pre-populated data in a manner that best fits your organization.
     Expresso will become the "go to" product as it embodies the NIST protocols and as such makes an HHS Audit of your Risk Assessment completely on point.
Rather than a collection of disorganized spreadsheets you have one location to draw your Threats, Vulnerabilities and Impacts you created along with the corrective action you have taken. 
EXPRESSO was designed by Carlos Leyva, a nationally recognized legal authority and thought leader on HIPAA Rules. 
Introductory Offer: All Subscription Plan Holders of record as of  March 15, 2016 will receive EXPRESSO at no additional charge when released.
Act now and save $1700.00 the first year and $800.00 each year you renew.
     The cost of purchasing or renewing our Subscription Plan will increase on March 16, 2016. On March 16, 2016 the price of our Subscription Plan with Expresso will increase to $2495.95 for the first year with a renewal price of $1295.95. 
     If you purchase or renew our Subscription Plan between now and March 15, 2016 you will essentially be GRAND FATHERED IN and get Expresso for FREE. Once GRAND FATHERED IN your renewal price will never be more than $495.95!
     In short, those who have a Subscription Plan as of March 15, 2016 will receive the benefit of renewing your Subscription Plan at the current renewal price of $495.95 as a sincere thank you for your patronage.
HIPAA Audit Preparation Training Suite
     Our HIPAA Audit Preparation Training Module gets you up to speed on how to prepare for an HHS audit by focusing on the 169 requirements that HHS has published in its Audit Protocol. HHS' 169 requirements span the following HIPAA Rules: 1) the HIPAA Security Rule; 2) the HIPAA Privacy Rule; and 3) the Breach Notification Rule.
     We walk you through how to eliminate the guess work when preparing for an HHS audit. This training module provides comprehensive coverage regarding what HHS will require you to address should it launch a HIPAA audit of your organization. It also provides a methodology for addressing the "big picture" questions that may provoke the "deer in the headlights" look for the unprepared. 

This package includes the following Audit Preparation Training Modules:
  1. Audit Preparation Training Over View
  2. Security Rule Audit Preparation Training
  3. Privacy Rule Audit Preparation Training
  4. Breach Notification Audit Preparation Training
Available for Download to Subscription Plan Holders
 Accountable Care Organizations Survival Guide
Your ACO Compliance Companion
NEW! From The ACO Survival Guide
ACO Regulations Training Module
       ACO regulations are inherently complex. ACOs require a complete understanding of these regulations  because the Medicare Shared Savings Program regulations determine how an ACO gets paid. This training is divided into three sections to make it easier to understand. Session One is all about eligibility and the application process. Session Two discusses the regulatory basis for quality performance standards and Session Three covers pay for performance and revenue tracks.
Our ACO training is essential for organizational accountability and a provides a method of tracking education for existing staff as well as new hires. Our training program comes with the downloadable digital video/audio files and an ACO Regulations Quiz and Answer Key.
For more information about Accountable Care Organizations Click Here
HIPAA Survival Guide Product Videos 
 Subscription Plan  Privacy Rule Checklist 
 Breach Notification Training   Breach Notification Framework   HIPAA CSMM Checklist 
HIPAA Survival Guide Store

Jumpstart your Compliance Initiative with our Subscription Plan Suite
or choose from Individual Compliance Products to fit your needs.
Products Training Checklists
Model Mobile Policy HIPAA Audit Preparation Training  NEW Privacy Rule Checklist
Model Privacy Rule Policy HIPAA Security Rule Audit Preparation Training NEW Security Rule Checklist 
Model Notice of Privacy Practices Privacy Rule Training Cloud, Social Media and Mobile Checklist
Model Security Rule Policy Breach Notification Training Three Checklist Combo Package
Breach Notification Framework Business Associate Training  
Breach Notification Policy HITECH Core Training Combo  
HIPAA Frameworks Combo
Omnibus Rule Training  
HIPAA Survival Guide 4th Edition Mobile Devices Training  
Business Associate Agreement Social Media Training  
Security Rule For Business Associates Risk Assessment Training  
Business Associate-to-Business Associate Agreement Risk Management Program Training  
  HITECH Act Training  
  Security Rule Training  
  Agile Compliance Training
  *Subscription Plan Only
Stay in the "Loop" - Join the HIPAA Survival Guide Conversation On
Copyright 2015 All Rights Reserved