Skip to content

CynergisTek to Support CHIMEs Newest Association for CSOs

CynergisTek Invited to be a Foundation Member  of AEHIS

The College of Healthcare Information Management Executives (CHIME) recently launched a new division, the Association of Executives in Healthcare Information Security (AEHIS). AEHIS is designed to support and educate top healthcare IT security leaders, especially the CSO and CISO. The association is the first professional group designed specifically towards the security professional. It officially launched on July 31st with 50 members, and aims to reach 100 members within the first year. CHIME is hosting three educational events this fall to help launch and build support for the association, titled “The Health Information Executive’s Guide to Cyber Security LEAD Forums” which are being held across the country.

Read more

Florida Passes New Data Security Law That Is More Stringent Than HIPAA

Florida Information Protection Act of 2014

shutterstock_149601545As of July 1st, healthcare providers, vendors and health plans doing business in Florida will have to follow the Florida Information Protection Act of 2014 (FIPA). The new law changes what information must be protected, increases who it applies to and requires different breach notification than HIPAA. The new regulation is more stringent than HIPAA and must be complied with in addition to HIPAA. CynergisTek CEO Mac McMillan recently told InformationWeek, “The law includes the most comprehensive set of breach notification requirements for both covered entities (CEs) and BAs”. Learn what FIPA means for your organization and what the new requirements are. 

Read more

Jocelyn Samuels is Named Director of OCR

Samuels to Replace Leon Rodriguez

HHS logoJocelyn Samuels has been named by Secretary Sylvia Burwell to be the next director of the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). OCR is the federal agency responsible for development and enforcement of the HIPAA Privacy and Security Rules as well as the HITECH Breach Notification Rule. Samuels will replace Leon Rodriguez, whose nomination to serve as director of the United States Citizenship and Immigration Services (USCIS) of the Department of Homeland Security (DHS) was confirmed by the U.S. Senate on June 25th. President Obama nominated Rodriguez to his new post in December.

Read more

CynergisTek Listed in Top Three of New KLAS Report on Healthcare Security/Privacy

CynergisTek has been recognized by KLAS® as one of three firms provider organizations are turning to most for privacy and security assistance, in its groundbreaking report released in May 2014, entitled “Security and Privacy Perception 2014: High Stakes, Big Challenges.” CynergisTek leadership supported KLAS’ effort to develop its first ever report on firms providing privacy and security services, and commends the organization for its focus in the space.

Read more

How Would You Perform In an OCR Audit?

The Office for Civil Rights (OCR) piloted a random audit program to measure compliance with HIPAA Rules and will rollout the program later this year. During the pilot program, many organizations struggled to demonstrate compliance and the biggest reasons heard were, “unaware of the requirement” and “incomplete implementation”.* OCR found that only 11% of the selected entities did not have any findings or observations of non-compliance.All of OCRs findings and observations prove how important it is to periodically and thoroughly review your security program to ensure compliance with HIPAA rules, especially now that the Omnibus Rule was passed. It is important, necessary and the right thing to do. CynergisTek offers several solutions and workshops to help organizations improve their security programs. All of our services can prepare and help your organization demonstrate compliance if ever selected for a random audit.

Findings by HIPAA Rules

Privacy Rule Findings

Image1 Image2
60% of the violations fell under the HIPAA Security Rule. OCR reported that most didn’t have a thorough risk assessment (as required by the Security Rule). CynergisTek offers many services, including a third-party risk assessment, to help improve the integrity of your security program.

Click here to learn more about our OCR Audit Services.

Nearly half of the findings under the Privacy Rule fell under policy and procedures. Organizations need to regularly evaluate their privacy program to ensure compliance. CynergisTek can assess the current state of your privacy program and address any gaps that are identified.

Click here to learn more about our Privacy Assessment.

* U.S. Department of Health and Human Services, Office for Civil Rights. HIPAA Privacy, Security and Breach Notification Audits – Program Overview & Initial Analysis. April 2013.
%d bloggers like this: