Forbes Magazine Highlights Need for Healthcare Entities to Analyze Their Security Risks as Defense Against Breach

HIPAA Safeguard recommend that its followers read the September 1, 2014, article by Contributor Dan Munro entitled:  “Over 90% of Cloud Services Used in Healthcare Pose Medium to High Security Risk,” which can be assessed online at:   The article highlights three important issues about cybersecurity:

Fortune Magazine Highlights Growing Threat of Identity Theft Through Rise in Healthcare Data Breaches

HIPAA Safeguard recommends that its followers read the August 31, 2014, article by Laura Shin entitled:  “Medical identity theft:  How the health care industry is failing us,” which can be accessed online at:   The article highlights two important issues:

Stronger Passwords Are Not a Substitute for Encryption for Securing Electronic Protected Health Information

August 7, 2014.  Today’s Charleston, SC Post and Courier has an important article by AP Technology writer Anick Jesdanun entitled:  “7 ways to create stronger passwords:  News of Russian hacking ring highlights importance of protecting yourself online,” which is available online at:  We commend this article to your attention, and the explanations for the following seven password strengthening recommendations to deter unauthorized access to networks, systems, applications, devices, and media:

ONC Releases 10-Year Strategic Vision for Achieving Interoperability of Electronic Healthcare Information

This year, 2014, marks the end of the Decade of Health Information Technology, initiated by then Secretary of the Department of Health and Human Services (HHS), Tommy Thompson, in July 2004 “to build a national electronic health information infrastructure in the United States.” This initiative outlined “four major collaborative goals” and “12 strategies for advancing and focusing future efforts.”  My co-author, Carolyn Hartley, and I discuss these goals and strategies in detail in our book, EHR Implementation:  A Step-by-Step Guide for the Medical Practice (2nd ed.) (Chicago, IL:  American Medical Association, 2012). 


How to Manage Passwords: A Cautionary Tale

HIPAA Safeguard commends to the attention of Security Officials of covered entities and business associates and to individual workforce members of those organizations the May 6, 2014, Wall Street Journal article entitled:  “The Best Way to Manage All Your Passwords:  Rating Secure Password Managers Dashlane, LastPass, 1Password, PasswordBox,” which is online at:   Under the HIPAA Security Rule, the Security Official is responsible for implementing policies and procedures—based on findings from a risk analysis—for managing passwords under the Administrative Safeguard Security Awareness and Training standard:

McKinsey Quarterly Article Discusses The Rising Strategic Risks of Cyberattacks

HIPAA Select calls your attention to this important May 2014 article by Tucker Bailey, Andrea Del Miglio, and Wolf Richter entitled:  “The rising strategic risks of cyberattacks:  Research by McKinsey and the World Economic Forum points to a widening range of technology vulnerabilities and potentially huge losses in value tied to innovation.”  The article is available online at: 

FBI Issues Notification Concerning Risk of Increased Cyber Intrusions for Healthcare Systems and Medical Devices

On April 8, 2014, the Federal Bureau of Investigation (FBI) issued a private industry notification entitled:  Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain, which is available online at:

FCC Cybersecurity Tips Consistent with HIPAA Compliance: 10. Regularly Change Passwords

The Federal Communications Commission (FCC) has prepared several documents that provide tips on managing and safeguarding electronic information technology.  One of these documents outlines ten cybersecurity tips for small businesses, which can be accessed at:  As we documented in the first posting in this series on FCC cybersecurity tips:  1.  Training, these tips apply to the vast majority of covered entities and business associates that must achieve HIPAA compliance by implementing the January 25, 2013, HITECH Act Final Rule modifications of HIPAA Privacy and Security and HITECH Act Breach Notification Rules. 



  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)