On Dec 1, 2015, a $3.5 million fine was levied against Triple-S Management Corporation, formerly known as American Health Medicare Inc., for HIPAA violations. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including:

• Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’ PHI;
• Impermissible disclosure of its beneficiaries’ PHI to an outside vendor with which it did not have an appropriate business associate agreement;
• Use or Disclosure of more PHI than was necessary to carry out mailings;
• Failure to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI; and
• Failure to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

Here is the latest information on U.S. Department of Health & Human Services’ website: http://1.usa.gov/1XDjyVY.

Are you at risk?  If you’re a healthcare provider or a business associate/vendor, you are.  Protect your organization against HIPAA and other compliance risks with Aegify Compliance Manager, part of Aegify RSC Suite.

Aegify RSC Suite, conceptualized and designed in Cupertino, CA, provides bulletproof risk, security and compliance protection for healthcare, financial and retail companies throughout the USA.  Discover just how affordable peace of mind is at Aegify.com or by emailing sales@aegify.com.

The post $3.5 million fine levied against Triple-S Management Corporation for HIPAA violations appeared first on Aegify.

Think about healthcare.  Offense is a given.  There are frequent C-Suite discussions about new services, attracting the best clinical talent, effective community outreach and the like.

What about defense?  Sure, providers have whole departments to reduce risk in its many insidious forms, but playing defense in the SRC (security, risk and compliance) arena just isn’t as sexy as playing offense.  Unfortunately, mistakes on the defensive side of the ball can wipe out years of good offense work.

With this pleasant thought, let’s turn out attention toward data security.  Doesn’t it seem like data breaches happen disproportionately in healthcare?  I haven’t seen any definitive numbers to prove this point, but I am convinced healthcare breaches are more common because of the shear amount of healthcare data being put on computers and into the cloud.

According to peer60, 96% of hospitals claim health information security is a huge priority for them.

Key findings include:

• There are multiple obstacles to security, risk and compliance but key challenges revolve around lack of budget and non-compliant employees.
• While lack of budget is an issue for most providers, it is especially so for smaller hospitals.
• Although total threat prevention is daunting, significant optimism exists, especially at the manager and director levels. While 54% of CIO’s said threat prevention is impossible, only 22% of security managers and directors responded the same way.  This is good news!
• Hospitals with 500+ beds see fault with the underlying security weakness of Healthcare IT systems, not their SRC efforts.

I would like to invite you, your compliance officer, CSIO, CIO, CFO and any other appropriate team members to dedicate an hour to improving your game on the defensive side of the ball.  Sure, offense is sexy.  But, as winning coaches know, defense wins the game and ensures your healthcare organization’s long-term safety.

Join me for Aegify’s next helpful webinar, “HIPAA Omnibus: How to do Security Risk Analysis” on Tuesday July 7 at 11am PT.  This valuable webinar is designed to help you analyze and quantify your security risk and give you a practical roadmap for risk reduction and compliance for today and tomorrow.  As a special bonus, we’ll outline the Aegify disruptive SRC solution that can save your organization up to 80%.

To register for this webinar, please click HERE.  On behalf of all of us at Aegify, we look forward to your participation on Tuesday, July 7 at 11a PT.

Yours truly,
Anupam Sahai
Co-Founder & CEO, Aegify Inc., Cupertino, CA, USA

About Aegify:

Aegify’s comprehensive, unified platform uniquely operates at the intersection of security, risk and compliance for healthcare providers and their business associates. Discover what more than 400 other organizations already know: Aegify is the affordable, disruptive solution for IT security and compliance management, vulnerability analysis and risk management.

Aegify earned the highest rating of 5 out 5 stars by SC Magazine for Features, Performance, Documentation, Support and Overall Rating (June 2014).

The post Offense is Sexy. Defense Wins the Game appeared first on Aegify.

There was large number of information security breaches since 2009 ranging from thefts of hard drives (BlueCross Blueshield of Tennessee), laptop (AvMed), and backup tapes (New York City Health &Hospitals Corp.) resulting in compromising sensitive medical and health information of millions of people. Even as the full and final version of the HITECH breach notification rule is expected to be released later this year as part of an ‘omnibus’ package that would include several rules, the current version requires that organizations should conduct risk assessment to determine any incident that could be a potential threat and if it does cause harm, the eventual breach must be reported.

So is it really that difficult for healthcare organizations to take the right action as far mitigating such information risks are concerned? Actually no! It is not difficult if a prudent medical practitioner or healthcare enterprise owner ensures that healthcare compliance measures are in place by adopting the appropriate HITECH compliance solution. All that a healthcare organization needs to do is to enforce such a security policy that can restrict any unauthorized access. SecureGRC, an automated compliance solution from eGestalt, can help healthcare organizations deal with their compliance woes comprehensively. The solution is so designed that it can identify, remediate and maintain HIPAA and HITECH compliance for all healthcare organizations that handle Patient Health Information.

SecureGRC is equipped to help healthcare organizations achieve and maintain compliance to regulations set forth in both HIPAA and HITECH acts. Additionally, since the solution can be delivered via Cloud, not requiring any custom hardware investments, the compliance solution is actually future-proof! The solution not only automates the audit process but also provides concrete evidence of what risks need to be addressed and also how it should be addressed. eGestalt makes it easy to stay clear of Health information breaches with its fully optimized solution that addresses all healthcare compliance issues.

The post Staying Clear of Health Information Breaches appeared first on Aegify.

It has been found that 92% of the breaches occur through external sources. These sources use sophisticated hacking methodologies and different types of malware to gain access to the vulnerable IT systems. Currently the criminals are targeting the payment systems, as the U.S. Secret Service has clamped down all malware activities with a strict vigil on hosting services. It has also been seen that the small business organizations and medical practitioners fall easy prey to these heinous crimes as they do not have a reliable infrastructure and proactive policies to ward off these intrusive acts.

As per the HITECH Act any incident that poses a security risk to the personal health information of 500 people or more have to be reported. Penalties in the form of expensive fines are imposed on those found guilty of violating the HITECH Compliance regulations. Thus every medical and healthcare organization has to ensure the establishment of a regularized and compact security policy throughout the entire operation leaving no opportunities for any unauthorized access.

The best way to deal with all issues related to security, compliance and risk is to invest in the automated SecureGRC SB compliance solution that has all the capabilities to deliver compelling performances and create an invincible force against any malicious attacks. These solutions are cloud based services that constantly track and monitor all activities and provide real-time information instantly. With the help of the compliance management software solution the organizations are made aware of the new and revised regulations and the security policies of the organizations are updated immediately and automatically.

Often healthcare organizations suffer losses due to employees’ negligence or due to inadequate information and training. The automated compliance solution provides a respite to the organizations by providing intelligent analytical assessments and reporting facilities that help to keep track of the compliance status. A strict authentication process is deployed that thwarts all damaging attempts. With the services offered on the cloud, any mid-sized or a small organization can easily afford this solution to use it as a remedy for reviving their declining operations. Now with a trustworthy and inexpensive healthcare compliance tool within easy reach, there is no excuse for falling into a trap and losing one’s hard-earned reputation.

The post An Authoritative Compliance Security for an Unwavering Presence appeared first on Aegify.

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH Compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information.

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

It does not matter whether the cause of the damage is intentional or accidental. But the repercussions can definitely matter a lot to any healthcare organization. It is difficult to recover from the penalties and is an uphill task to rebuild the years of reputation that can get washed away instantly with just one unfortunate accident. The SecureGRC SB is an ideal solution that helps all medical organizations to stay compliant not only with HIPAA/ HITECH requirements but also with other compliance regulations such as PCI Compliance, SOX and ISO 27002. The unique approach to settle all security issues and tackle all data breach possibilities is laudable. This is a web-based solution that delivers services on the cloud. It deploys a monitoring system that constantly monitors and captures real-time information and keeps providing regular status through the front dashboard.

This solution does not entail the purchase of any new infrastructure and thus saves organizations from the worry of investing in new hardware. SecureGRC SB provides optimum healthcare compliance assistance as it is affordable, and due to its automatic updating capabilities organizations can modify their existing practices according to the revised regulations. It also facilitates tracking and monitoring the activities of business associates by providing the best HITECH Compliance management solutions. Though negligence and callousness are unforgivable as far as a patient’s confidentiality is concerned the automated SecureGRC SB can help eliminate the possibility of such occurrences and provide safer and secure medical grounds for patients and providers.

The post Cignet Pays A Heavy Price for HIPAA Violation! appeared first on Aegify.

As per a recent study conducted by Redspin – the leading service provider of HIPAA risk analysis and IT security Compliance, between August 2009 and December 2010 6 million people have been affected due to security breaches. The number accounts for only those security breaches reported to the Department of Health and Human Services, which means that the actual number may have exceeded 6 million.

It is an alarming fact that despite efforts to tighten security measures, medical organizations especially the small practices are constantly a soft target for various kinds of illegitimate activities. And this is not just because of hackers who use sophisticated technology to disarm the security system, but also due to loss and theft of mobile devices which have become predominantly a regular practice.

The freedom to use USBs, cell phones, laptops etc to keep pace with the competitive world has made the employees and organizations overlook the discreet use of such confidential data and its dire consequences. Business Associates have been identified as another vulnerable link resulting in security breaches.

The small medical practices are consistently faltering in being compliant with the HIPAA/HITECH regulations as they are incapable of stretching their budgets to employ new infrastructure and deploy solutions to curb all malpractices.

SecureGRC SB is a one-stop solution for all security and risk assessment needs without any additional costs for a new infrastructure. This service is provided on the cloud which therefore fulfills all HIPAA / HITECH compliance requirements pertaining to small business. Small businesses are provided with complete control to gauge the requirements for HIPAA and HITECH through a simple self assessment menu.

The SecureGRC SB contains a central repository for all documentation purposes pertaining to HIPAA. It sends reminders to ensure compliance regulations are maintained. It follows an automatic updating schedule as per the latest and revised regulations. It provides reports regarding the compliance status for auditing. The solution ensures maintenance of a track record of the business associates and provides plug-ins in case of any PCI-DSS compliance requirement.

Small businesses can neither afford expensive solutions nor penalties for non-compliance. They need to adopt an astute approach towards IT healthcare compliance to achieve high scores. SecureGRC SB is the perfect solution – an affordable, precise and simplified option with guaranteed results.

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

So is your enterprise truly GRC-ready? Here are some tips to help your enterprise effectively achieve GRC goals this year:

Develop a valuable risk management strategy: A perfect Governance, risk and compliance plan can be followed only when you develop an effectual risk management strategy. This strategy must incorporate essential processes and policies to enable optimum risk management and mitigation throughout the enterprise. A proactive approach is the best mechanism to tackle risks across your enterprise.

Entrench core enterprise processes with GRC initiatives: Automated GRC solutions offer immense benefits for your enterprise by ensuring cost savings, mitigating risks and also efficiently tackling compliance-related concerns. Therefore, pushing in GRC procedures into key processes can help you enhance business performance.

Opt for a 24X7 GRC solution: A solution that can offer best monitoring capabilities, and can scrutinize threats on a 24X7 basis is the most desirable.

Plug threats in advance: Swift and significant analysis can ensure that looming threats are dealt with effectively. Hence by capturing all data and analyzing them for threat patterns, incidents, or security events you can take proactive measures to tackle threats before they harm your enterprise.

Integration is the key: When you opt for Governance risk and compliance software, an integrated solution is perhaps the best bet for optimized GRC. Therefore a solution which can offer an integrated governance risk and compliance support system works best. The idea is to simplify and reduce the time spent on regulatory compliance and its corollary certification requirements. Therefore the same solution needs to cater to and offer total end-to-end automated processes for security, risk management and compliance requirements.

Being GRC-ready is easier once your enterprise understands the importance of risk management and the need to abide by regulatory standards. And the above-mentioned tips can be quite valuable for your enterprise in its GRC endeavors.

The post Top Tips to be GRC-Ready in 2011 appeared first on Aegify.

All this boils down to the fact that there is growing pressure on public CIOs (Chief Information Officers), who now have added responsibilities. Analysts and consultants are of the opinion that it is critical for state CIOs to be involved in health IT policy issues, and also be more knowledgeable and familiar with issues related to the governance of Health Information Exchange (HIE). They should also be aware of how telehealth and HIE investments can impact Medicaid costs, and should be able to coordinate between Medicaid, the Children’s Health Insurance Program, and planned HIEs.

Hence there is a need to recreate or revamp IT infrastructure to prepare for huge numbers of Medicaid enrollments in the coming years, and this has added to the growing anxiety of public CIOs. However, upgrading information systems to these changing needs is a challenge in itself, because of the high cost of most IT applications.

Also, there has been growing reliance on IT in the healthcare industry, and rapid adoption of Electronic Medical Records (EMR), which have made it essential to ensure safe handling of sensitive data. And in addition to this, the Health Information Technology for Economic and Clinical Health (HITECH) Act has also renewed focus on HIPAA Compliance. Hence, safeguarding medical records and preventing unauthorized access to patient records have been of high priority lately.

So public CIOs are now taking an objective look at how statewide health systems can be made more efficient. One way of dealing with this would be to adopt services hosted in the cloud, instead of using traditional methods, which involve procuring and managing IT systems. While on the one hand cloud-based services provide an opportunity for rapid deployment and greater interoperability, on the other, they are highly cost-effective. And with state budgets being cut, cloud-based solutions can prove much safer than traditional systems.

The post Federal Health Care Reform- What they Mean to Public CIOs appeared first on Aegify.

Effective vulnerability management is therefore a perquisite for every business. But unfriendly economic conditions have compelled organizations to maintain a safe business environment, while also keeping costs low. This poses a major challenge since organizations today are spread across multiple geographic locations and time zones. In such a scenario vulnerability management can be a formidable task.

But with cloud-based security solutions offered by advanced GRC software, IT security compliance has assumed a new dimension. These solutions help streamline and automate vulnerability management processes and help patch security flaws.

Here are some other significant benefits of using a comprehensive security and vulnerability management solution:

Offers Complete Visibility- Vulnerability management solutions help in understanding the security posture of an organization, through comprehensive vulnerability assessment. This in turn helps in formulating security policies for IT Compliance with regulatory standards.

Ensures Compliance- Compliance audits are carried out at regular intervals to assess the actual degree of compliance in the organization. This helps in effective compliance management software by enforcing compliance best practices and ensuring fully compliant processes and procedures.

Facilitates Risk Management- By proactively detecting vulnerable areas within the network, and identifying exposure to potential threats, these software solutions help in effective risk management.

Offers Holistic View & Prompt Reporting- Vulnerability management solutions help gain complete control over risks and vulnerabilities by offering total visibility through a centralized view. Their advanced reporting capabilities enable organizations to take prompt corrective and preventive action before security gaps are exploited.

Improves Productivity & Lowers Cost- Since these security solutions are completely automated, they allow IT departments to focus on more critical tasks, thereby enhancing productivity. And they also help reduce administrative costs and management overhead, as a single efficient software solution, can effectively replace multiple disparate applications.

Managing a diverse network environment can be quite overwhelming. But a proactive, integrated, vulnerability assessment and management solution can dramatically simplify this by offering a complete GRC framework that can patch vulnerabilities, mitigate risks, and improve productivity.

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.