The Schellman Blog

While most healthcare providers don’t recognize that managing and securing payment data follows the same notions as managing and securing protected health information (PHI), from concept to implementation, these can, and should, work hand in hand.

If you’re a healthcare organization, you likely understand that third-party risk management (TPRM) remains a significant challenge.

Do you or someone you love have a taste for luxury? If so, you may have shelled out for a bag from a high-end designer—Gucci, Kate Spade, Coach, Louis Vuitton, and the like. But of course, these can go for thousands of dollars, so in many cases, it makes more sense to instead indulge in a cheaper knock-off. It looks basically like the real deal, so there’s no problem, right?

We all likely remember how COVID-19 overwhelmed healthcare systems and workers across the globe. It was a crazy time of momentous struggle as the world tried to adjust to dealing with a new deadly virus—and we’re still not completely out of it.

Ever heard the story about the boy who put his finger in a dike to plug a leak? He did it because he knew a small leak could turn into a major breach—the sea would come crashing through to destroy his town. So, he sat there all night until help came, to ensure everything would remain safe.

In the hit film Interstellar, scientists discover a wormhole around the planet Saturn that leads to another galaxy far, far away and sends a team of astronauts through it to see if they can find a new home for humanity. It’s a journey that was made light years shorter—and more efficient.

“Clouds come floating into my life, no longer to carry rain or usher storm, but to add color to my sunset sky,” said Bengali polymath Rabindranath Tagore. It’s a nice, optimistic sentiment, but if you’re a healthcare provider using the cloud, you’re likely thinking that, in your position, clouds are still plenty capable of ushering storms where your HIPAA compliance is concerned. The Health Insurance Portability and Accountability Act (HIPAA) provides clear rules about the storage and sharing of protected health information (PHI). All organizations that handle PHI are required to comply with HIPAA standards, but that can become a little trickier if you engage a cloud service provider (CSP). As long-time, highly experienced HIPAA assessors, we provide valuable insight and services that help organizations avoid any HIPAA missteps. In this article, we’re going to outline eight things you can do to ensure you stay compliant when engaging a cloud service provider (CSP) so that your cloud doesn’t “usher in any storms.”

In the famed series Lord of the Rings, the unlikely hero Frodo Baggins offers to carry the terrible burden of the One Ring to Mordor in order to destroy it and save all of Middle Earth from evil. Immediately after he makes this decision, he says, “Though I do not know the way.”