1. Learn How to handle the biggest danger faced by Healthcare organizations,
Tue Jul 12, 2016, 11am PT, Duration: 30 Mts

As a compliance professional dealing with business associates agreements, when you think of the OCR HIPAA audit, what’s your first reaction? Is it one of confidence? Or is it anxiety and stress? If it’s closer to the latter, you’re not alone. In fact, close to 50% of HIPAA breaches are due to issues related to business associates so it’s no wonder many healthcare organizations are stressed and anxious about the audit.
In 30 minutes, Learn how to:
Diagnose security vulnerabilities and compliance liabilities due to your BAs and vendors,
Prevent future breaches with BA-Vendor monitoring technology,
Track breaches and alerts associated with BAs and their vendors,
Provide a security blanket for your organization to demonstrate their oversight of all BA’s.

2. Learn How Healthcare Facilities can Avoid being the next victim of Ransomware Breaches,
Tue, July 19, 2016, 11am PT, Duration: 1 hour

3. Learn How Healthcare Facilities can Avoid being the next victim of Ransomware Breaches,
Tue, Aug 9, 2016, 11am PT, Duration: 1 hour

Join Aegify for a riveting discussion about the recent ransomware attacks that have created a lot turmoil in the healthcare industry and what steps you can take from becoming the next big victim. Ransomware attacks are on the rise. The attack that paralyzed MedStar Health’s computer systems last week mirrored that of ransomware known as MSIL/Samas, which the FBI issued an alert about March 25, three days before the MedStar attack began. Still, the health system has not specified the nature of its attack. Hackers and ransomware tools are becoming more sophisticated. The main objective in using ransomware is to destroy backups of files and databases that contain electronic patient health information and to encrypt and lock up files and databases that contain ePHI in order to charge covered entities and business associates hundreds to thousands of dollars to unlock the data.
This means that healthcare providers can no longer ignore the risk associated with implementing the HIPAA security program with adequate security risk analysis and management to detect and prevent such ransomware attacks.
In this webinar we will discuss:
What is Ransomware?Recent developments and why you could be the next victim?
Best Practices to avoid being the next Ransomware victim,
Automated Solutions for detecting and Preventing ransomware attacks

4. Learn How to prevent cyber Security breaches – Best practices,
Tue, Aug 16, 2016 11am PT, Duration: 1 hour

Join Aegify for a riveting discussion about the practical impact of a $28.0 mm settlement agreed to by St. Joseph Health System in costs after patient data was exposed on the web. This settlement of a suit stemming from a data breach illustrates that egregious breaches can have serious financial consequences. The reasons for the breach were due to failure to institute an organization-wide information security program with adequate security controls to mitigate risk to its patient information.
The size of the settlement means healthcare providers can no longer ignore the risk associated with implementing the HIPAA security program with adequate security risk analysis and management.
In this webinar we will discuss:
Some recent breaches including the St Joseph Health settlement,
Overview of changes in HIPAA requirements related to Covered Entities Best Practices to avoid Cyber-security breaches,
How to automate HIPAA cyber-risk monitoring and management?

Webinar Rewind – Archives

The post Webinars – Upcoming appeared first on Aegify.

“We had no idea where our compliance posture stood, or how much of our daily practices were already in compliance. However we did know that we were not in compliance as much as we should’ve been,” said Donnell, office manager for Internal Medicine Associates of Memphis, Tennessee. This is not an uncommon view among small medical practices nationwide. HIPAA data privacy laws coupled with HITECH security rules and enforcement is complex and foreign to most offices. These small businesses are not blessed by the deep pockets or internal IT resources enjoyed by larger clinics and hospitals to fund and obey HIPAA compliance standards. In most cases, outside consulting firms are hired, charging tens of thousands of dollars to ensure that hospitals receive the training and directives they need to stay in compliance. Not so for most small medical practices.

Key Requirements

Electronic health records (EHR) systems have certainly made management of confidential patient records easier in some respects but not necessarily more secure. The federal government is also encouraging the deployment of EHR via a program of monetary incentives that follow guidelines set out by “Meaningful use” practices. Offices that have not implemented EHR are not qualified to file for these incentives. The pressure is on for all medical practices regardless of size, to upgrade to EHR. “The sad reality is that, like many offices our size, we are still using paper forms,” said Donnell. “We have paper records that are 10-12 years old that can be difficult to find because nothing is online.” With three full-time primary care physicians and nine employees, Internal Medicine Associates of Memphis was facing a high degree of risk and potential fines for noncompliance.

Aegify RSC Suite: a HIPAA Solution to the rescue

Fortunately, they turned to David Altizer, vice president of SOS Systems of Memphis, to cure their ailments with a HIPAA compliance solution and set of best practices. Immediately, SOS Systems, a Managed Compliance Provider (MCP) partner of Santa Clara, Calif.-based Aegify, rolled up their sleeves and began putting into action a HIPAA strategy. Starting with an evaluation to assess needs, SOS used the native templates available in Aegify’s RSC Suite solution to set up policies and automate procedures, thus helping to manage a decade’s worth of patient records.“We started with nothing, and SOS thankfully provided all the documentation we needed,“ said Donnell. “We scanned into the system hundreds of patient files. Using Aegify RSC Suite, we performed an assessment that instructed us how to proceed with aligning ourselves with HIPAA compliance. We could browse and click and see where things had to be. SOS trained us on using Aegify RSC Suite and explained how and where we needed to be compliant.” Donnell also realized that following HIPAA best practices would also lead to running her medical office more efficiently as a business. With the help of SOS Systems, Donnell could rest assure they were on the right track. “We promised to do whatever it took to get compliant. The last thing we wanted was to deal with a fine,” she said.

Results of using Aegify RSC Suite

Donnell found Aegify RSC Suite easy to use and deploy. “The web-based system simply asks a lot of questions, like a multiple choice test. We selected the answers and then attached the appropriate document to update and prove compliance.” “The system gave me confidence that policies and procedures were being followed, and that patient records were being managed successfully.” “We enjoyed working with SOS Systems and did not consider using another service provider. They have been very helpful. This was our first working experience and we are satisfied with the results,” said Donnell.

Conclusions: quick deployment, easy to use, a business-saver

“The Aegify RSC Suite solution was self-explanatory from the get-go. I figured that if I could use it, then anybody else could, too. Soon enough, I found myself conducting the assessments alone without any help,” admitted Donnell. “The whole process took less than two hours, and that included attaching documents, proving compliance, and completing the entire process.” “Wherever we needed guidance, SOS stepped in to help. Regarding HIPAA, we now have peace of mind. SOS has been a true life, or rather, business, saver.”

The post Internal Medicine Associates of Memphis Achieves HIPAA compliance appeared first on Aegify.

Barbara is the office manager for a Grand Rapids, Michigan family practice with four staffers and 1800 patients. The practitioner has been providing healthcare services to patients for 24 years. While attending her monthly association meeting of regional physician office managers, Barbara met local services provider Joe Dylewski, president of ATMP Solutions, a provider of healthcare IT technology for more than 20 years. (http://www.atmpgroup.com) Her challenge posed to Joe? To help her find an online risk assessment solution she could use without any previous IT experience or formal computer education. Her goal was to meet and sustain compliance with HIPAA and HITECH regulations, to fulfill a few core requirements of “Meaningful use” statues, and to facilitate patient care reimbursements from insurers. Several years ago the office had transitioned its patient records to an EHR system to automate day-to-day processes, thus helping to reduce administration costs.

A Solution for Compliance with HIPAA/HITECH

After conducting an evaluation of her office environment, ATMP Solutions recommended that Barbara implement Aegify RSC Suite, a cloud-based, SaaS-delivered application developed by Aegify Inc., of Santa Clara, Calif. The application helps meet HIPAA and HITECH privacy and security rules at dramatically less cost and complexity than standard approaches. “Aegify RSC Suite is probably the only tool on the market built from the ground up to Page | 4 service small medical practices,” said ATMP’s Joe Dylewski. “It also had the incomparable value of not requiring its users to have deep domain knowledge with the intricacies of HIPAA laws.”

Results of using Aegify RSC Suite

Said Barbara, “A major attraction of Aegify RSC Suite is its ability to collect and store all HIPAA-related provisions and related documents online into a single repository, making it a hands-on tool and thereby easier to use and access. The system is understandable given our level of tech expertise.” Having Aegify RSC Suite automate the risk assessment process by providing a comprehensive list of questionnaires gave the office its clearest picture yet of its current state of compliance, highlighting specific non-compliant areas, such as backup and recovery, that needed immediate addressing before the office could take comfort in knowing they were 100% HIPAA compliant.

Conclusion: Quick Deployment of Aegify RSC Suite

The deployment went as planned. “There was no need to schedule 40 hours to walk through the system,” said Barbara. “It only took 3-4 weeks to complete the entire process and determine our level of compliance.” “Being an ACO (accountable care organization), it was important for our practice to fall in-line with prevailing compliance standards, to not cause a bottleneck with other doctors’ offices or business associates, and most of all, to not find ourselves in any hot water with regulators. I know this [Aegify RSC Suite] is going to be useful. We’re already seeing other groups within our association take interest. They too want to get involved with ATMP and Aegify’s compliance solution.” “Another added plus about this application is the positive impact it has had with expediting our reimbursements, which is always good for business.”

The post Finding ‘Meaningful Use’ in a simple HIPAA Solution appeared first on Aegify.

So is your enterprise truly GRC-ready? Here are some tips to help your enterprise effectively achieve GRC goals this year:

Develop a valuable risk management strategy: A perfect Governance, risk and compliance plan can be followed only when you develop an effectual risk management strategy. This strategy must incorporate essential processes and policies to enable optimum risk management and mitigation throughout the enterprise. A proactive approach is the best mechanism to tackle risks across your enterprise.

Entrench core enterprise processes with GRC initiatives: Automated GRC solutions offer immense benefits for your enterprise by ensuring cost savings, mitigating risks and also efficiently tackling compliance-related concerns. Therefore, pushing in GRC procedures into key processes can help you enhance business performance.

Opt for a 24X7 GRC solution: A solution that can offer best monitoring capabilities, and can scrutinize threats on a 24X7 basis is the most desirable.

Plug threats in advance: Swift and significant analysis can ensure that looming threats are dealt with effectively. Hence by capturing all data and analyzing them for threat patterns, incidents, or security events you can take proactive measures to tackle threats before they harm your enterprise.

Integration is the key: When you opt for Governance risk and compliance software, an integrated solution is perhaps the best bet for optimized GRC. Therefore a solution which can offer an integrated governance risk and compliance support system works best. The idea is to simplify and reduce the time spent on regulatory compliance and its corollary certification requirements. Therefore the same solution needs to cater to and offer total end-to-end automated processes for security, risk management and compliance requirements.

Being GRC-ready is easier once your enterprise understands the importance of risk management and the need to abide by regulatory standards. And the above-mentioned tips can be quite valuable for your enterprise in its GRC endeavors.

The post Top Tips to be GRC-Ready in 2011 appeared first on Aegify.

This case sends out a strong message to all those in control of sensitive data, about their responsibilities to protect confidential information. It once again reinforces the importance of compliance with security standards and the need for secure GRC solutions. The disk that was lost is said to have contained some of the most personal, intimate patient information, which is capable of causing grave embarrassment to individuals, financial harm and identity theft.

Health and financial institutions, which are in control of the most sensitive data, should therefore take necessary steps to put in place, a comprehensive compliance management system as a preventive measure to avoid any kind security breach.

The post AG’s Office Scores Settlement for Unparalleled Security Breach: First of its Kind appeared first on Aegify.

Coming to effect from July 1st 2010, this new standard would mean that SMBs now have a mandate to build secure networks aimed at protecting cardholder information. It prohibits third-party payment software from storing authentication details like the cardholder PIN and Magnetic Stripe. Read more on this in Visa Puts Credit Security on You.

While that is for SMBs, larger enterprises are required to comply with the full version of PCI DSS standard by 30th September. The new standard would now control how cardholder data is stored, processed or transmitted.

With these new requirements, GRC solutions have gained more significance. By using SecureGRC^TM, a GRC platform that integrates with the business process, companies can now successfully deal with compliance and risk management.

The post New Security Standard for SMBs to Protect Cardholder Information appeared first on Aegify.

• Approximately 500 million records containing personal identifying information of United States residents stored in government and corporate databases was either lost or stolen in the last 5 years?
• Various other corporations lost US$1 Trillion worldwide as a result of data loss, accidental or malicious?
• Costs from the largest computer data breach in corporate history at TJX, in which more than 94 million customer Credit and Debit card numbers were stolen was estimated at US$ 256 million?
• In 2009, Gartner analysts estimated that the cost of sensitive data break will increase 20 percent per year?

These are not merely statistics but a warning that companies need to take a serious note of the kind of cyber security threats and business compliance risks that are out there for them.

So you may feel that your company is safe…so here’s some number crunching for you to think again!

Security breaches affected the following industries

• The retail industry (35%)
• Technology firms (20%)
• Banking and financial industry (20%)
• Medical industry (15%)
• Defense industry (10%)

Overall, only 5% of the companies resorted to security monitoring! The majority (55%) had absolutely no mechanisms for monitoring and the rest 40% conveniently outsourced the IT security monitoring functions to managed services providers. So your company may have put in place certain strategies in the form of policies, guidelines, firewalls and virus scanners, which you deem adequate enough to deal with hackers. But are they truly the protective shield your company needs?

Keep your company cyber-threat free

Verizon Business for instance reported 90 confirmed breaches within their 2008 caseload encompassing an astounding 285 million compromised records. And a thorough investigation proved that ‘significant errors’ standing at 67% was the main cause of the security breach! So the question that’s begging to be answered right now…is whether your company implemented a proper Governance, Risk and Compliance system? If not, then your company is at its maximum risk level. The most workable solution for any company in such a volatile and unsafe environment is to integrate and automate GRC combining compliance workflow with control assessment automation and security monitoring.

But keep in mind, IT-GRC does not stop threats; it only helps companies manage “the whole process” of IT security, compliance, and risk management through policy guidelines and implementation. So, compliance with a regulatory framework is a big  step which could bring down the risk significantly, since these regulations are the collective wisdom of specialists in the society. Thus there is a considerable reduction in risk exposure by simply the best practices prevalent in the industry.

Next generation GRC solutions

A holistic approach is to look at business risks from 2 different perspectives, from the compliance management policy implementation point of view as well as measuring the reality on the ground through information security monitoring. what the next generation enterprise solution needs to offer -one which will cover all aspects of security and compliance management, An ideal next generation solution would provide

• integrated compliance management and security monitoring
• multiple out of the box global regulations support
• automated control assessment
• secure end-point devices to enable massive storage of sensitive and regulated data
• security solutions for monitoring the network traffic
• ability to address business problems through detection of advanced threats
• scale up to global enterprises and down to small and medium businesses
• capable to integrate multiple solutions
• deliver compelling and value to the organization and also be affordable

Gain with SecureGRC: Integrated GRC and Security Monitoring

With your company’s integrated GRC  and security efforts you will notice that it actually drives real value for your company, especially in optimizing risk and compliance coverage and the underlying cost structure. All you need to do is ensure that your company’s integrated GRC should understand and manage the nature of risks for your specific industry with security monitoring.

SecureGRC from eGestalt Technologies Inc. unifies Information security monitoring and IT Compliance management. For more details please visit: http://www.egestalt.com/securegrctm.html

The post Your Company needs Information Security Monitoring and Integrated GRC appeared first on Aegify.