Dr. John Frame, highly respected surgeon and founder of Breast Health Specialists of Oklahoma (BHS of OK), has operated on thousands of breast cancer patients over his nearly three decades of surgical experience. However, he also runs a vibrant, growing business.

The Challenge
In 2012, Dr. Frame, team leader of BHS of OK, had an insurance review. The company’s insurance representative pointed out that BHS of OK was vulnerable to security breaches and regulatory non-compliance fines.

“Regulatory rules are over-reaching and overly-detailed. It’s tough to comply with what is asked of us, but nonetheless these rules are a good thing.”

“It’s a defense move. Should there be a HIPAA compliance or security breach, you’d be really vulnerable to penalties if you haven’t done a compliance audit,” said John R. Frame M.D., Surgeon, Founder, BHS of OK.

The challenge was not that BHS of OK should comply with HIPAA regulations, but how. The insurance company had two pieces of good news. First, they recommended www.aegify.com as a comprehensive solutions provider. Second, they promised significant insurance savings upon proof of HIPAA compliance.

The Solution
After a 30-minute phone call with Aegify, Dr. Frame, learned that Aegify Compliance Manager provides a unified platform for all BHS of OK’s HIPAA compliance management activities and automatically integrates with risk, security management and audit operations. He appreciated his unprecedented visibility into BHS of OK’s compliance efforts and risk management across his organization.

The time investment to become HIPAA compliant the first time in BHS of OK’s history was 8-10 hours. BHS of OK answered Aegify’s compliance questions and gathered or created all required supporting documents. “Aegify gave us a lot of templates making the process easier,” said Dr. Frame.

The Results

1. Peace of mind. BHS of OK has been HIPAA compliant for three years. Should a compliance audit be mandated in the future, BHS of OK has a solid paper trail.
2. Significant insurance savings. For three years, BHS of OK has enjoyed lower insurance premiums because of their current Aegify certificates of compliance.
3. Best PHI practices. HIPAA compliance is now a part of BHS of OK’s daily operations. BHS of OK staff has been trained and compulsively adheres to best practices for securing protected health information in all forms: email, paper, databases, over the phone or in person discussions.

“I felt very good about the having a compliance document in my files,” said Dr. Frame. “To their credit, Aegify predicted that following years would be much easier. The renewal process requires less than 10 minutes every year.”

Download a PDF of this case study

The post Breast Health Specialists of Oklahoma appeared first on Aegify.

Read Whitepaper

The post Security Elements in Aegify appeared first on Aegify.

According to the annual study conducted by Ponemon Institute, the average cost of a compromised customer record can cost the enterprise anywhere from 4 to 156 USD. Further, leaked customer data leads to loss of reputation, customer abandonment and even fines, settlements and compensation fees. While the earlier data breaches at Sony PlayStation compromised 77 million user accounts, the recent one compromised 25 million.

Experts warn Big Businesses to Learn from Sony Pictures ‘Epic Nightmare’ Hack

Enterprises make use of different methods to detect and prevent leakage of each type of data. However, accidents such as that occurred at Sony have caused customers to turn to their competitors. Security experts therefore warn big businesses to learn from the Sony’s ‘Epic Nightmare’ Hack which broke last month when a group operating under the #GOP attempted to blackmail the firm. The cyber criminals hacked into Sony’s computer systems and paralyzed their operations and tapped into their trove of hypersensitive data. As an aftermath was the steady flow of revelations which included top employees’ salaries and nasty emails shared across various sites and lead to the former employees’ suing the company for data breach.

Security experts are of the opinion that enterprises need to invest more in their network security without being too concerned about the costs inferred. For Sony Corp. cleaning up the mess from the latest attack is going to cost millions. Enterprises need to be well prepared to respond to attacks with regular backups. Monitoring network traffic, ensuring use of updated versions of operating systems and applications and use of firewalls will help to protect valuable data. However, with Sony’s case being one wherein the intruders stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical information, name, location, employee ID, network user name, base salary and date of birth of more than 6,800 individuals. However, the endless leaks and crazy details emerging points to the fact that attacker had gained access to unknown number of internal systems at Sony.

The hack estimated to have cost Sony $100 million was a result of their security loopholes. Vulnerability monitoring and risk assessment have to be continuous. To avoid such situations, enterprises can deploy cloud based solutions for IT security and compliance management, vulnerability analysis and risk management. Aegify, a flagship product effectively addresses risk management, IT security and compliance. Offered as Software-as-a-service, this solution targets small, medium and large enterprises and is an easy-to-use cost-effective solution.

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

There was large number of information security breaches since 2009 ranging from thefts of hard drives (BlueCross Blueshield of Tennessee), laptop (AvMed), and backup tapes (New York City Health &Hospitals Corp.) resulting in compromising sensitive medical and health information of millions of people. Even as the full and final version of the HITECH breach notification rule is expected to be released later this year as part of an ‘omnibus’ package that would include several rules, the current version requires that organizations should conduct risk assessment to determine any incident that could be a potential threat and if it does cause harm, the eventual breach must be reported.

So is it really that difficult for healthcare organizations to take the right action as far mitigating such information risks are concerned? Actually no! It is not difficult if a prudent medical practitioner or healthcare enterprise owner ensures that healthcare compliance measures are in place by adopting the appropriate HITECH compliance solution. All that a healthcare organization needs to do is to enforce such a security policy that can restrict any unauthorized access. SecureGRC, an automated compliance solution from eGestalt, can help healthcare organizations deal with their compliance woes comprehensively. The solution is so designed that it can identify, remediate and maintain HIPAA and HITECH compliance for all healthcare organizations that handle Patient Health Information.

SecureGRC is equipped to help healthcare organizations achieve and maintain compliance to regulations set forth in both HIPAA and HITECH acts. Additionally, since the solution can be delivered via Cloud, not requiring any custom hardware investments, the compliance solution is actually future-proof! The solution not only automates the audit process but also provides concrete evidence of what risks need to be addressed and also how it should be addressed. eGestalt makes it easy to stay clear of Health information breaches with its fully optimized solution that addresses all healthcare compliance issues.

The post Staying Clear of Health Information Breaches appeared first on Aegify.

Over 50% of the major health breaches that have been reported, most of them are concerned with either the loss or the theft of computer devices. This has underlined the need to install encryption security methods to laptops etc. On the other hand the Health Net breach incidents are more focused on ways and means to protect storage media effectively. The OCR is doing its best to get all healthcare providers to abide as per HIPAA / HITECH compliance requirements; in fact it has even requested for increased funding to ensure enhanced enforcement efforts. But the fact still remains that the onus to meet all the compliance measures still rests on the healthcare providers themselves. There is likely to be an addition to the HITECH breach notification rule sometime later this year, which would ensure that all doubts about what kind of security breaches should be reported are all simplified and laid out clearly.

Recently Cignet Health and Massachusetts General Hospital were slapped with severe penalties. Such increasing incidences of security breaches are indeed alarming; small businesses need to equip themselves with a solution that can help them address such breaches efficiently. SecureGRC SB, a solution that is provided on the cloud, can fulfill all HIPAA / HITECH Compliance requirements pertaining to small businesses. With its central repository for all documentation purposes pertaining to HIPAA, it can send reminders to ensure compliance regulations are maintained and can ensure complete maintenance of track records of business associates.

More often than not, small medical healthcare providers cannot meet the expense of costly solutions nor can they obviously pay the hefty penalties for any non-compliance issues. The best option for such businesses is to opt for a unique IT healthcare compliance solution that is not only economical, and accurate, but also assists them in meeting all the healthcare compliance requirements efficiently. And with SecureGRC SB, small healthcare providers can easily say an emphatic no to health breaches!

The post Saying No to Health Breaches appeared first on Aegify.

The billions of dollars worth of incentives set aside for hospitals and physicians for implementing secure Electronic Medical Recordkeeping (EMR) have spurred security initiatives in the healthcare industry. Many healthcare entities are now ramping up their security measures in governance risk assessment, encryption and email security, data loss prevention, and providing formal security training to employees.

To qualify for these incentives however, healthcare organizations must use an EMR system that has been certified to include specific functions comprising a strong set of security features. Hence, issues including threat mitigation, risk analysis, and compliance with HIPAA and HITECH Acts have now come to the forefront. However, a significant challenge stems from the fact that most medical practitioners are unfamiliar with encryption and user authentication technology, and the idea of conducting a risk assessment is foreign to them.

Sole practitioners and small HIPAA healthcare entities especially face issues in achieving and maintaining compliance with HIPAA and HITECH Acts. With HITECH redefining the responsibilities of Business Associates, creating stricter notification standards, tightening enforcement, and raising penalties for non-compliance, small healthcare entities are in need of a solution that can manage these elements efficiently and in a cost-effective manner.

Moreover, with the HITECH Act promoting and offering incentives for the adoption of secure EMR, small medical practitioners face a growing dilemma since adopting an EMR system not only means government incentives, but also greater security risks and bigger penalties for non-compliance.  This is where eGestalt’s SecureGRC SB comes in handy.

SecureGRC SB: Simplified HIPAA/HITECH Compliance Solution for Small Medical Practices

A unified security monitoring and compliance management solution delivered on the cloud, SecureGRC SB is the first of its kind. It offers an inexpensive, easy-to-use, automated system of compliance, specially designed for small medical practices, and their Business Associates to identify, remediate and maintain their HIPAA and HITECH compliance.

With built-in HIPAA/HITECH support, SecureGRC SB efficiently addresses all HIPAA/HITECH requirements, and also helps manage Business Associates with a simple wizard-driven automation tool. SecureGRC SB can be easily extended and automatically kept up-to-date with latest versions and revisions of these Acts.

The post EHR Incentives: A Catalyst for IT Security appeared first on Aegify.

All this boils down to the fact that there is growing pressure on public CIOs (Chief Information Officers), who now have added responsibilities. Analysts and consultants are of the opinion that it is critical for state CIOs to be involved in health IT policy issues, and also be more knowledgeable and familiar with issues related to the governance of Health Information Exchange (HIE). They should also be aware of how telehealth and HIE investments can impact Medicaid costs, and should be able to coordinate between Medicaid, the Children’s Health Insurance Program, and planned HIEs.

Hence there is a need to recreate or revamp IT infrastructure to prepare for huge numbers of Medicaid enrollments in the coming years, and this has added to the growing anxiety of public CIOs. However, upgrading information systems to these changing needs is a challenge in itself, because of the high cost of most IT applications.

Also, there has been growing reliance on IT in the healthcare industry, and rapid adoption of Electronic Medical Records (EMR), which have made it essential to ensure safe handling of sensitive data. And in addition to this, the Health Information Technology for Economic and Clinical Health (HITECH) Act has also renewed focus on HIPAA Compliance. Hence, safeguarding medical records and preventing unauthorized access to patient records have been of high priority lately.

So public CIOs are now taking an objective look at how statewide health systems can be made more efficient. One way of dealing with this would be to adopt services hosted in the cloud, instead of using traditional methods, which involve procuring and managing IT systems. While on the one hand cloud-based services provide an opportunity for rapid deployment and greater interoperability, on the other, they are highly cost-effective. And with state budgets being cut, cloud-based solutions can prove much safer than traditional systems.

The post Federal Health Care Reform- What they Mean to Public CIOs appeared first on Aegify.

Effective vulnerability management is therefore a perquisite for every business. But unfriendly economic conditions have compelled organizations to maintain a safe business environment, while also keeping costs low. This poses a major challenge since organizations today are spread across multiple geographic locations and time zones. In such a scenario vulnerability management can be a formidable task.

But with cloud-based security solutions offered by advanced GRC software, IT security compliance has assumed a new dimension. These solutions help streamline and automate vulnerability management processes and help patch security flaws.

Here are some other significant benefits of using a comprehensive security and vulnerability management solution:

Offers Complete Visibility- Vulnerability management solutions help in understanding the security posture of an organization, through comprehensive vulnerability assessment. This in turn helps in formulating security policies for IT Compliance with regulatory standards.

Ensures Compliance- Compliance audits are carried out at regular intervals to assess the actual degree of compliance in the organization. This helps in effective compliance management software by enforcing compliance best practices and ensuring fully compliant processes and procedures.

Facilitates Risk Management- By proactively detecting vulnerable areas within the network, and identifying exposure to potential threats, these software solutions help in effective risk management.

Offers Holistic View & Prompt Reporting- Vulnerability management solutions help gain complete control over risks and vulnerabilities by offering total visibility through a centralized view. Their advanced reporting capabilities enable organizations to take prompt corrective and preventive action before security gaps are exploited.

Improves Productivity & Lowers Cost- Since these security solutions are completely automated, they allow IT departments to focus on more critical tasks, thereby enhancing productivity. And they also help reduce administrative costs and management overhead, as a single efficient software solution, can effectively replace multiple disparate applications.

Managing a diverse network environment can be quite overwhelming. But a proactive, integrated, vulnerability assessment and management solution can dramatically simplify this by offering a complete GRC framework that can patch vulnerabilities, mitigate risks, and improve productivity.

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.

Kern Medical Center in Bakersfield faced the largest civil penalty of $250,000 for losing 596 patient records, and an additional fine of $60,000 for allowing two employees to access and disclose a patient’s medical record on three occasions.

In a similar breach, Pacific Hospital in Long Beach was fined $225,000 after an employee admitted to memorizing personal information of nine patients, and setting up fake Verizon accounts using their information.

The state of California has the toughest privacy laws in the country with high penalties for data breaches. And Kaiser Permanente’s Bellflower Hospital was the first to be issued penalty under the state law enacted in 2008 for patient protection. The institution was fined $437,500 for failing to prevent unauthorized access to medical records of Nadya Suleman.

In all these incidents employees have been identified as the main cause for the breach. However, these institutions are also equally responsible for not being proactive in identifying and curbing insider threats. These incidents re-emphasize the need for an efficient security solution with effective threat management capabilities that can not only prevent such breaches in future, but also ensure a more secure data management process.

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

Timely Recognition of Long-Term Risks

Security cannot merely be defined in terms of Trojans, viruses or spam eagerly waiting to enter and incapacitate the central IT nervous system of an organization. Even the careless attitude of employees can cause security breaches within the network, and intentional attempts like hacking or willful destruction of critical data also cannot be ignored. In order to deal with this growing concern, you require automated IT Compliance software that can provide you with robust, end-to-end integration solutions.

Many organizations fail to enforce a compelling security environment that is in alignment with the business goals. The alarming rate at which these security threats are increasing is an indication that you need result-oriented techniques to help overcome this problem. The answer lies in an automated and integrated solution that can handle all IT risk management issues, and carry out overall effective corporate governance.

Intensifying the IT Environment with Cognitive Security Parameters

A cloud-based model capable of providing unified governance risk and compliance management solutions can help crack down potential threats, and can provide a remarkably safe IT environment. The solution contains a centralized repository for all compliance-based organizational data, and it considerably reduces the total cost of ownership due to its SaaS-based model.

It helps monitor and enforce the best regulatory standards and practices without delay. Due to its integrating feature, the time required for compliance is minimal, and the process is simple. Such an integrated compliance solution, addresses all vulnerability management solution needs by performing comprehensive scanning procedures, scheduling audits and providing exhaustive audit log trails for all compliance related tasks, so that compliance gaps can be bridged promptly with corrective measures. It also provides a complete report of compliance statistics which in turn helps identify your compliance status.

The aim of a capable IT security solution is to provide a set of comprehensive features, with solutions for effective threat management. Its main objective is to resolve issues concerning data leakage, insider threats, intrusion detection, and verification of controls. Therefore, with an integrated, comprehensive security solution, enterprises can ensure a healthier and safer IT environment.

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.