Welcome to our new blog series, Get to Know Green House Data! Every couple of weeks, we'll bring you a quick interview with one of the technician, support crew, engineer, data center operations, or even sales and marketing crew members that power your IT infrastructure at Green House Data.
This week, meet Leif Dvorak, our Security & Compliance Administrator.
The Patient Protection and Affordable Care Act of 2010 (ACA) requires each state to have a health insurance Exchange, a marketplace where consumers can easily shop around for health insurance and find the best option for them by comparing price, benefits, services, and quality. In order to obtain Health Insurance Exchange (HIX) compliance, Section 1561 requires that certain security standards and protocols be met by these Exchanges in order to make every effort to protect and ensure the confidentiality, integrity, and availability of the system and its users.
These Minimum Acceptable Risk Standards for Exchanges (MARS-E) are separated into three different classes: technical, operational, and management. These classes consist of nineteen various control families, handling everything from Personally Identifiable Information (PII) to Protected Health Information (PHI), and Federal Tax Information (FTI).
If you find yourself dreading the thought of another audit, viewing it as more of a hassle than anything else, you may be suffering from the widespread but little known "Compliance Fatigue".
The Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. After years of testing and delays, the second round of HIPAA audits are finally materializing, and are expected to be more comprehensive while focusing on the real-world application of policies and procedures across the entire organization and their business associates (BAs).
This program puts to the test the processes, control, and policies of covered entities (CEs) and BAs in accordance with the HITECH Act audit mandate. The OCR has published its entire audit protocol on their website, which completely outlines the procedures auditors must follow when conducting a program audit, making it easier to prepare.
Is your health organization ready for the OCR auditor?
In December of 2014, a new study, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” from the Ponemon Institute found that employees have excessive access to company data, presenting a growing risk to these organizations.
Their findings led to the revelation that there is a significant lack of oversight and control over which employees have access to confidential, sensitive data and how that data is shared. They also found confusion among staff as to what their responsibilities are in protecting company data. Companies that do not make data protection a priority typically have a difficult time staying within compliance standards.