The Schellman Blog

“Clouds come floating into my life, no longer to carry rain or usher storm, but to add color to my sunset sky,” said Bengali polymath Rabindranath Tagore. It’s a nice, optimistic sentiment, but if you’re a healthcare provider using the cloud, you’re likely thinking that, in your position, clouds are still plenty capable of ushering storms where your HIPAA compliance is concerned. The Health Insurance Portability and Accountability Act (HIPAA) provides clear rules about the storage and sharing of protected health information (PHI). All organizations that handle PHI are required to comply with HIPAA standards, but that can become a little trickier if you engage a cloud service provider (CSP). As long-time, highly experienced HIPAA assessors, we provide valuable insight and services that help organizations avoid any HIPAA missteps. In this article, we’re going to outline eight things you can do to ensure you stay compliant when engaging a cloud service provider (CSP) so that your cloud doesn’t “usher in any storms.”

Leading provider of attestation and compliance services strengthens commitment to sustainability by helping clients measure, report, and manage their ESG performance with the addition of an experienced leader.

If you’ve just completed your first SOC examination and received your final report, you might be confused about what you’re looking at. As a seasoned SOC assessor firm with over two decades of experience, we’ve provided thousands of organizations with a SOC report, and we want to help you avoid any potential confusion over the contents.

In the famed series Lord of the Rings, the unlikely hero Frodo Baggins offers to carry the terrible burden of the One Ring to Mordor in order to destroy it and save all of Middle Earth from evil. Immediately after he makes this decision, he says, “Though I do not know the way.”

Someone once said that "a marathon is hundreds of miles. The finish is the last 26.2." Maybe that “someone” worked at the Office of Civil Rights (OCR) because they are coming to the “finish” at the end of their latest marathon, though it’ll still take some work and time to get over the line.

In the film classic, Indiana Jones and the Raiders of the Lost Ark, our hero Indy tries to beat the booby trap security in a cave to steal a golden idol. He thinks he’s won when he switches the idol for a similarly sized bag of sand, but then finds he has to navigate flying darts, a dropping wall, and a chasm before he’s through.

In the legendary Lord of the Rings series, leaders from different societies create a fellowship of nine different people tasked with saving Middle-Earth. The idea wasn’t originally to send nine, and there were obvious reservations about trusting some of the Fellowship with such a serious mission. (Looking at you, Pippin.)

Within the healthcare assessment space, there are a lot of different options and standards organizations can choose from to demonstrate their cybersecurity posture, HITRUST CSF among them. Since its introduction, the HITRUST CSF has become an industry-agnostic information risk management and regulatory compliance framework that meets the needs of a wide range of organizations.