Cyber Security and HIPAA Compliance

Michelle Bilsky, VP of Risk Management // June 13, 2017

Cyber Threats have become a serious issue in healthcare IT over the past few years.  Every day there are attempts to break into secure computer environments in order to either ransom the owners' information to themselves or just to steal that information and sell it to someone else.  Medical records go for about $60 per record (that’s what the hacker is paid by the buyer) whereas simple credit card records go for about $10 per record.  The reason that medical records are so valuable is simple – the information doesn’t change.  A person cannot turn off their medical record or change their birthdate, however, we can cancel a credit card and render it useless. For more guidance and materials continue to the full article by clicking below. 



TruthMD, MedFax™ Sign Multi-Year Agreement With MedMal Direct Insurance Company

April 26, 2017

MedMal Direct Insurance Company is thrilled to announce a new partnership with MedFax™ – a leading provider of healthcare data and primary source information for physicians and surgeons across the country.  MedMal Direct Chief Executive Officer, Butler Ball, says, “By leveraging this unique and ground-breaking source of physician data, we will be able to create additional value to our current and future policyholders through greater transparency and insight, allowing us to further lower the cost of insurance for thousands of physicians.”



$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

April 21, 2017

Below is yet another OCR case involving a single stolen laptop which then led to further investigation by OCR and that investigation showed a lack of policies and procedures which may have prevented this event.  The lack of policies has been at the root of all major settlements and the corrective action plans instituted by the OCR is going to be a very long and “painful” process for CardioNet.  These incidents are the reason all covered entities and business associates must have a Security Risk Assessment and implement policies and procedures.