Easy is Usually Not Secure

in HIPAA Headlines by John Brewer Leave a comment

I’m really going to talk about Dropbox and the recent security issue they had, but before that I want to illustrate something. When I speak with medical offices about reducing the risk of a PHI breach I generally hear lots of frustration on the other side. I get it. Let’s look at this from a Read More

Social Engineering

in HIPAA Headlines by John Brewer Leave a comment

Most computer infections, network break-ins and “hack” jobs are accomplished using a thing called Social Engineering. The Collins English Dictionary defines Social Engineering as: the manipulation of the social position and function of individuals in order to manage change in a society. I define social engineering as: tricking people to get them to do what Read More

But Our Laptops Never Leave the Office

in HIPAA Headlines by John Brewer Leave a comment

This is a common response when I ask if a practice has encrypted their laptops. Horizon BCBS is a glaring example of why this does not matter. Horizon had some laptops that were just password protected, not encrypted. NOTE: password protection is simple to break – generally can be done in under 5 minutes, whereas Read More

The End of Innocence?

in HIPAA Headlines by John Brewer Leave a comment

The MED in Memphis, which is a the regional medical center in Memphis, TN is notifying 1,200 patients of a PHI breach. This breach is has been classified as an “innocent employee mistake“, in which 3 un-secure emails were sent with attachments that contain PHI. This goes right to my email soap box speech. I Read More

Shredding Shenanagins

in HIPAA Headlines by John Brewer Leave a comment

Shredding is an “old school” issue. It doesn’t matter if you have an EHR or not. And as we all know, even with an EHR, that “paper-less office” is far from paper-less. Shredding is becoming an issue. A few months back a member of the cleaning crew stole records that were sitting in the shred Read More