Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Healthcare Assessments | HIPAA

By: Schellman
May 23rd, 2024

Perhaps believing they’re simply too small for the government to consider, some smaller healthcare providers will choose to either fly under the radar or hope that regulators of the Health Insurance Portability and Accountability Act (HIPAA) won’t notice their lack of correct processes and controls. However, this likely won’t work—in fact, over 55% of HIPAA fines in 2022 were levied against small practices.

Blog Feature

Healthcare Assessments | HITRUST

By: Michael Seegel
April 24th, 2024

Though HITRUST released v11 of the HITRUST CSF back in January 2023, as of April 16, 2024, HITRUST released CSF v11.3. Standard practice is for HITRUST to update their CSF annually—at a minimum—and this v11.3 is a relatively minor revision with two main differences:

Blog Feature

Healthcare Assessments | HITRUST

By: Michael Williams
April 23rd, 2024

For any organization committed to robust cybersecurity hygiene, due diligence isn’t just for your interior systems, operations, facilities, and people—it also requires vetting your service relationships with suppliers to ensure they’re also secure. This is something Microsoft clearly understands, given their rigorous Supplier Security & Privacy Assurance (SSPA) Program they require. And for said suppliers participating in the SSPA Program, there are benefits to further extending your security compliance through HITRUST certification.

Blog Feature

Healthcare Assessments | HIPAA

By: Schellman
February 1st, 2024

Successfully managing your HIPAA risk means accounting for those introduced by your vendors that are supplementing existing business processes in different ways. Vendors can make you vulnerable in a variety of ways, which means a variety of solutions becomes necessary.

Blog Feature

Healthcare Assessments

By: Schellman
January 17th, 2024

As you may remember, when Tom Sawyer was asked to paint a fence, he ended up outsourcing the job and even got his chosen “vendors” to pay him for the privilege. What was an assigned chore ended up being done by others and turning a profit for Tom.

Blog Feature

Healthcare Assessments

By: Schellman
November 15th, 2023

With over two decades of HIPAA history behind us, more than a decade of mandatory compliance and federal compliance enforcement, and a shortage of resources to help hospitals achieve compliance, the healthcare industry is still plagued by non-compliance issues every year—particularly regarding risk and access management.

Blog Feature

Healthcare Assessments | Artificial Intelligence

By: Jerrad Bartczak
November 7th, 2023

To accommodate the ever-evolving cybersecurity threat landscape, HITRUST has released HITRUST CSF v11.2.0, updating its framework to include more pertinent concepts—one of the most notable additions is artificial intelligence (AI) risk management content.

Blog Feature

Healthcare Assessments

By: Schellman
October 31st, 2023

If you’re in healthcare, you likely already know that maintaining HIPAA compliance requires a very thorough risk assessment. What you may not know is that HIPAA risk assessments are also an aspect of the law that is too often overlooked.

{