The Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. After years of testing and delays, the second round of HIPAA audits are finally materializing, and are expected to be more comprehensive while focusing on the real-world application of policies and procedures across the entire organization and their business associates (BAs).
This program puts to the test the processes, control, and policies of covered entities (CEs) and BAs in accordance with the HITECH Act audit mandate. The OCR has published its entire audit protocol on their website, which completely outlines the procedures auditors must follow when conducting a program audit, making it easier to prepare.
Is your health organization ready for the OCR auditor?
In December of 2014, a new study, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” from the Ponemon Institute found that employees have excessive access to company data, presenting a growing risk to these organizations.
Their findings led to the revelation that there is a significant lack of oversight and control over which employees have access to confidential, sensitive data and how that data is shared. They also found confusion among staff as to what their responsibilities are in protecting company data. Companies that do not make data protection a priority typically have a difficult time staying within compliance standards.
Imagine you walk into work on any normal Monday, sit down at your computer to get the week started and realize that some of your files have been tampered with, moved, or are missing. What just happened? If your company relies on reactive monitoring (break/fix), which is the method of reacting to a problem after an incident has already occurred, then you have to spend a hefty amount of money to have the situation diagnosed, and this doesn’t guarantee that your missing data will ever be recovered. Now, what happens if your company handles sensitive information that has been compromised? The answer: huge fines and possible lawsuits. With proactive monitoring, the continual screening of your data and hardware in order to detect problems early and prevent crises, you could have avoided or at the very least lessen this disaster.
Monitoring of any kind is certainly better than nothing, and reactive monitoring can be useful in some situations. Maybe the company may not require frequent IT support or maybe they are a new client and want to test-drive the support before making any long-term commitments. Evaluating your company’s needs is a must before deciding which method to pursue.
However, if your company is in need of a lot of IT support, proactive monitoring can help you improve efficiency, increase the consistency of your systems, and ultimately save you money.
In the business world, email continues to be the most widespread form of communication. While consumer email traffic has slowed due in part to preference of other forms of communication (i.e. social media sites, instant messaging, text messaging, etc.), business email traffic is soaring. According to the Email Statistics Report for 2014-2018 by The Radicati Group, 108.7 billion business emails were sent and received per day in 2014. That boils down to an average of 121 emails per user.
With this in mind, the question becomes how do we protect ourselves from the risk associated with this fundamental source of communication? After all, signing up for any online activity, whether it is social media sites, shopping, or banking, an email address is required.
From small cafes to large hotel chains, cloud services can benefit the entire hospitality industry. Service industries can gain the ability to monitor, test, and implement better quality solutions that improve the guest experience, streamline operations, and provide greater data security—a vital feature for payment processing, as more leaks are reported from POS systems every week.
Both the hotel and restaurant industries handle income and expense sheets, employee records, time records, merchant invoices, receipts, and sales reports. All of this data must be stored in a highly secure and redundant location, where it will be protected from theft, loss, or damage. Any company dealing with credit card information must also be PCI-DSS compliant, a standard that many cloud providers can help you achieve.