Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. Websolv Computing, dba ecfirst, has successfully completed the requirements and is qualified as a PCI QSA.
Discuss your PCI DSS requirements, including risk and vulnerability assessment, penetration testing, policy development, and training with ecfirst.
Lahey Hospital and Medical Center (Lahey) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Lahey will pay $850,000 and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary and specialty care in Burlington, Massachusetts.
Lahey notified OCR that a laptop was stolen from an unlocked treatment room during the overnight hours on August 11, 2011. The laptop was on a stand that accompanied a portable CT scanner; the laptop operated the scanner and produced images for viewing through Lahey’s Radiology Information System and Picture Archiving and Communication System. The laptop hard drive contained the protected health information (PHI) of 599 individuals. Evidence obtained through OCR’s subsequent investigation indicated widespread non-compliance with the HIPAA rules, including:
In addition to the $850,000 settlement, Lahey must address its history of noncompliance with the HIPAA Rules by providing OCR with a comprehensive, enterprise-wide risk analysis and corresponding risk management plan, as well as reporting certain events and providing evidence of compliance.
Contact ecfirst to learn more about how to conduct a comprehensive and thorough risk analysis exercise with a credible risk management program.
Just as the banks of a river, compliance safeguards and cyber security controls are vital to mitigating the risk to business. Like water in a river, sensitive, confidential information flows through all areas of the business. How prepared is the business from cyber attacks to compromise Personally Identifiable Information (PII) or confidential data such as Electronic Protected Health Information (EPHI)?
Over the past year, the cost of data breaches due to malicious or criminal attacks has increased from an average of $159 to $174 per record. Cyber attacks on healthcare organizations as well as business associates are on the rise. HIPAA mandates require that the EPHI processing applications meet defined requirements. Healthcare applications must be formally assessed to ensure HIPAA mandates are met. A cyber attack on an enterprise application may lead to a breach with EPHI accessed by unauthorized individuals.
Cybersecurity is a national security issue that requires strong collaboration between the public and private sectors to accurately assess emerging threats and prevent future breaches. Learn what the health plan community is doing in partnership with government and other stakeholders to protect consumers, identify potential threats and secure member information. Learn what other industries are doing and lessons that might be translated to the health plan community.
Businesses must conduct a comprehensive and thorough assessment of the potential vulnerabilities to the confidentiality, integrity and availability of all confidential information, such as Personally Identifiable Information (PII).
Over $25 M in HIPAA Fines & 31 M Records Compromised! Medical records left unattended & accessible to unauthorized individuals
Technical Vulnerability Assessment is a HIPAA Compliance Mandate
IRVINE, CALIFORNIA, USA â€“ May 25, 2014: A key requirement of the HIPAA Security Rule compliance mandate is that organizationsâ€™ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability (CIA) of all sensitive information such as Personally Identifiable Information (PII) or Protected Health Information (PHI).
ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA, provides the industry’s most flexible program for security staffing.
IRVINE, CA USA — HIT/HIPAA UPDATE NEWS SERVICE — MARCH 20, 2014: Compliance mandates, such as HIPAA and HITECH, as well as international security standards such as ISO 27000 and PCI DSS, require organizations to develop a comprehensive and actionable set of policies and supporting capabilities.
Compliance Mandates & BYOD: Audit Ready?
Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security
NEWPORT BEACH, CALIFORNIA USA â€“ March 4, 2014
Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry.
Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program.
IRVINE, CALIFORNIA, USA â€“ March 2, 2014: The HIPAA regulations require covered entities and business associates to comply with the HIPAA Security Rule. The HIPAA Security Rule: Reference Guide is a must have document that captures three core areas of information for each Standard defined in the mandate: Definition, Guidance Questions and Audit Readiness.
HIPAA (ecfirst) – The Final Privacy and Security Rules of HIPAA have escalated the compliancy efforts of every healthcare organization. ecfirst will present key components of the new regulations, outline penalties for non-compliance, and provide recommendations for planning, preparing and executing sound HIPAA compliance policies and procedures.
IRVINE, CALIFORNIA, USA â€“ Feb 6: We are surrounded by headlines every day about businesses and organizations compromised by cyber attacks. Security is only as strong as the weakest link and the hackers are having a field day with mining weak links in enterprise security.
DES MOINES, IOWA, USA â€“ February 6, 2014: There is no integrated, comprehensive approach to security and privacy that respects applicable federal requirements under FISMA, HIPAA, HITECH, ACA, the Privacy Act, Tax Information Safeguarding Requirements, and state and other federal regulations.
IRVINE, CALIFORNIA, USA â€“ Jan 24, 2014: The recent massive data breach at U.S. retail giant Target is becoming a nightmare. Over 110 million impacted and details continue to emerge about Personally Identified Information (PII) compromised from credit card swipe machines and other systems.
IRVINE, CALIFORNIA, USA â€“ January 16, 2014: A key requirement of Meaningful Use is that organizationsâ€™ conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability (CIA) of all Protected Health Information (PHI). This is defined in the core objective and associated measurement. It impacts Eligible Professionals (EP) and Eligible Hospitals (EH)…
BOSTON â€“ Former owners of a Marblehead-based medical billing practice and four pathology groups have agreed to collectively pay $140,000, settling allegations that sensitive medical records and confidential billing information for tens of thousands of Massachusetts patients were improperly disposed of at a public dump, Attorney General Martha Coakley announced today …