Blog

Have you ever picked out a hike in the mountains, but once you arrive at the base and look up, you think to yourself, “oh man, I have to climb that?” Your enthusiasm might bleed away a little bit.

Prolific and unique musician MF Doom once said, “I'm always trying to show versatility. I'm juggling, and I'm flipping fire, and I'm chewing gum and rhyming at the same time... on a unicycle, while playing the drums.”

If you’ve ever tried to learn another language, you know that it’s incredibly difficult to just jump in—self-instruction can be difficult, disorganized, and overwhelming. It’s helpful, when setting off on this ambitious endeavor, to engage with a helpful tool that features a more structured approach with instruction on specific concepts. Let’s face it—if there’s something out there that can simplify complex ideas, it just makes sense to take advantage of it.

On May 24th, The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a fact sheet on direct liability of Business Associates under HIPAA. For reference, if an organization is unsure about if it is a Business Associate, a good resource can be found here.

“Do I really need to retain all my HIPAA audit logs for 6 years?”

EXECUTIVE SUMMARY Anthem has settled a data breach case for $115 million. It is one of the largest settlements ever and holds lessons for healthcare risk managers. • The breach was traced to one employee clicking on a link. • Investigators cited insufficient monitoring of key logs. • The case illustrates the importance of a robust risk analysis/risk management program. Anthem’s recent $115 million settlement — one of the largest ever in a consumer data breach — shows how costly a breach can be for a healthcare organization. Risk managers should remember that even a much smaller breach could be financially devastating. A California federal district judge approved the settlement resolving a 2015 data breach at Anthem that exposed the data of 78 million members. The settlement will be divided among 19.1 million plaintiffs in the class-action lawsuit. Each can claim up to $10,000 to cover out-of-pocket expenses related to the breach and can receive free credit monitoring services beyond what Anthem has already provided. (The settlement agreement is available online at: https://bit.ly/2jx3ehy.) While the numbers and costs associated with this breach are staggering, the issues at the root of it are quite simple, says Dianne J. Bourque, JD, an attorney with the Mintz law firm in Boston. “Someone clicked on a phishing email, intruders gained access to Anthem’s PHI [protected health information], and the ensuing enforcement action revealed that Anthem has no enterprisewide risk analysis,” Bourque says. “We see this fact pattern almost daily. The only thing different about the Anthem case is the large number of individuals affected.” “The Anthem breach should stand as a reminder to healthcare risk managers that this could easily happen to their organizations if they don’t pay attention to compliance fundamentals, especially a comprehensive security risk analysis, ongoing employee training — both formal and informal — and information system activity review,” she added. The Anthem breach should strike fear in healthcare leaders, says Mark Bower, general manager and chief revenue officer with Egress Software in Boston. “This is a shot across the bow for every CEO, CIO, and CFO,” Bower says. “Not every organization can absorb settlements of this size, not to mention the ongoing management and escalation costs, punitive fines from regulations like HIPAA and GDPR [General Data Protection Regulation], and revenue losses from customer churn that are also associated with data breaches.” The class-action suit shows that consumers possess a healthy appetite for compensation following a breach of their data, Bower says. Organizations that handle PHI, especially highly sensitive patient data, should use this to gauge what is acceptable financial risk when securing data, and invest in technology and training accordingly, he says.

When you were growing up, did your mother keep a special collection of dinnerware? Maybe she had a particular cabinet she kept it in, or maybe it was just hidden away for special occasions, but the point is, your mom had her reasons and designated those plates as unique and worth further protection.

According to the United States Department of Transportation, more than 50% of the combined total of fatal and injury crashes occur at or near intersections. It makes sense then for drivers to take special care when navigating these spots on the road.