FCC Cybersecurity Tips Consistent with HIPAA Compliance: 3. Provide Firewall Security for Your Internet Connection

The Federal Communications Commission (FCC) has prepared several documents that provide tips on managing and safeguarding electronic information technology.  One of these documents outlines ten cybersecurity tips for small businesses, which can be accessed at:  http://www.fcc.gov/cyberforsmallbiz.  As we documented in the first posting in this series on FCC cybersecurity tips:  1.  Training, these tips apply to the vast majority of covered entities and business associates that must achieve HIPAA compliance by implementing the January 25, 2013, HITECH Act Final Rule modifications of HIPAA Privacy and Security and HITECH Act Breach Notification Rules. 

 

FCC Cybersecurity Tips Consistent with HIPAA Security Rules: 2. Protection from Cyber Attacks

The Federal Communications Commission (FCC) has prepared several documents that provide tips on managing and safeguarding electronic information technology.  One of these documents outlines ten cybersecurity tips for small businesses, which can be accessed at:   http://www.fcc.gov/cyberforsmallbiz.  As we documented in the preceding posting:  1.  Training, these FCC cybersecurity tips apply to the vast majority of covered entities and business associates that must comply with the January 25, 2013, HITECH Act Final Rule modifications of HIPAA Privacy and Security Rules. 



 

FCC Cybersecurity Tips Consistent with HIPAA Security Rules: 1. Training

The Federal Communications Commission (FCC) has prepared several documents that provide tips on managing and safeguarding electronic information technology.  One of these documents outlines ten cybersecurity tips for small businesses, which can be accessed at:   http://www.fcc.gov/cyberforsmallbiz.  According to the January 25, 2013, HITECH Act Final Rule modifications of HIPAA Privacy and Security Rules, all but an estimated 454 covered entities of a total of 698,238 covered entities are considered “small entities” (based on NAICS Codes).  [78 Federal Register 5670].  While less is known about business associates, most of which are likely to be small entities, the  Final Rule states:  “[w]e assume that up to 80 percent of the 1-2 million business associates, or between 800,000 and 1.6 million business associates, may handle electronic protected health information and thus may have to document their existing security protocols.” [78 Federal Register 5678]

Hospital Not Off the Hook for Breach

This letter is in response to the page A6 article in the March 13, 2014, Charleston, SC Post and Courier concerning the Roper St. Francis impermissible disclosure or breach of 4 patients’ protected health information by fax to an incorrect number.  The article indicates that the information “did not include Social Security numbers or medical history for these patients.”  That is irrelevant, as the Code of Federal Regulations (CFR) at 45 CFR 164.514(b)(2)(i)(A)-(R) lists 18 identifiers, any of which comprise protected health information.  The newspaper identifies four of these identifiers were erroneously disclosed:  “names of four patients, their dates of birth, dates of admission and insurance numbers.”   What is relevant is that any of the identifiers could lead to an impermissible use by an unauthorized person, such as identity theft—a costly and time-consuming inconvenience to the affected party.  

 

Ponemon Institute Releases its Fourth Annual Benchmark Study on Patient Privacy and Data Security

March 13, 2014.  The Ponemon Institute published the referenced 38-page report, which is sponsored by ID Experts, with a March 2014 publication date.  The report is available at:  http://www2.idexpertscorp.com/ponemon-report-on-patient-privacy-data-security-incidents/

 

Risk Management a Key Concern of CFO

The Wall Street Journal on Monday, March 10, 2014, had a special section entitled:  “C-Suite:  View from the Top—What are today’s pressing issues for CEOs, chief information officers and others in the C-suite?”  We recommend that you examine this section, which can be accessed online at:  http://online.wsj.com/home-page

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)