The Nosy Nurse

in HIPAA Headlines by John Brewer Leave a comment

Somehow that doesn’t appear to be spelled correctly, but my spell checker tells me otherwise…nosy that it. First the official details: Meaningful Use Stage 1 and 2 require that you “ensure adequate privacy and security protections for personal health information”. This is to be accomplished by conducting a security risk analysis per 45 CFR 164.308(a)(1). Read More

Social Engineering

in HIPAA Headlines by John Brewer Leave a comment

Most computer infections, network break-ins and “hack” jobs are accomplished using a thing called Social Engineering. The Collins English Dictionary defines Social Engineering as: the manipulation of the social position and function of individuals in order to manage change in a society. I define social engineering as: tricking people to get them to do what Read More

But Our Laptops Never Leave the Office

in HIPAA Headlines by John Brewer Leave a comment

This is a common response when I ask if a practice has encrypted their laptops. Horizon BCBS is a glaring example of why this does not matter. Horizon had some laptops that were just password protected, not encrypted. NOTE: password protection is simple to break – generally can be done in under 5 minutes, whereas Read More

Data Breach Reaction Done Right

in HIPAA Headlines by John Brewer Leave a comment

All too often the focus is on how somebody did something wrong with PHI. Really, though, there are so few examples of things done right…to point them out is a challenge. Well, never fear, we seem to have a good example here… That’s right, the Houston Methodist Hospital learned they had a breach, and they Read More

Is Your Head in the Cloud?

in HIPAA Headlines by John Brewer Leave a comment

The old saying when you don’t want to know (or understand)  there are problems around is you “have your head buried in the sand”. Well, I’m updating that saying to “Is your head stuck in the cloud?” For many of you on “the cloud” or more specifically on a Software As A Service (SaaS) EHR Read More