Access your identity protection membership.
Or call 800-298-7558 (option 2).
Get help now.
Call our 24-hour Breach Lifeline
All calls are confidential.
Get help within 1 business day.
Talk to an ID Experts breach professional now »
Our web-based software tools are designed specifically to assist our clients in managing data breach risks. Learn More »
RADAR helps you in risk assessment, documentation and reporting for HITECH data breach incidents.
Learn More »
I had been waiting for this question to be asked. Now it seems like almost overnight that everyone, including members of Congress and the Obama Administration, is asking about the level of security of the U.S. government’s new health insurance exchange, HealthCare.gov. The impetus for the elevated level of interest and scrutiny seems to be a September 27th memo internal to the Center for Medicare and Medicaid Services (CMS) that discussed security concerns and is extensively quoted in an ABC News article.Read More »
Experian is in the news again. While most recently due to their supporting role as a subcontractor in the new federal government health insurance exchange that has been having technical and availability problems (Software, Design Defects Cripple Health-Care Website, Wall Street Journal, October 6, 2013), the subject of this write-up concerns their role in the recent controversy in South Carolina, in which the nature of Experian’s business practices have come into question.Read More »
Leon Rodriguez, director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), gave the keynote presentation today at the HIMSS Privacy & Security Forum in Boston. He began by noting that it is auspicious that he was presenting today, since September 23rd is the day that HIPAA business associates are now required to comply with the HIPAA Omnibus Rule including the substantial new security regulations under the Security Rule.Read More »
An recently published article by Modern Healthcare noted the extraordinary level of time and effort that it is estimated that our healthcare system will need to expend in order to comply with the new HIPAA privacy and security rules. The U.S. Department of Health and Human Services (HHS) has estimated that each year, it takes in aggregate around 32 million person hours.Read More »
With the publication of the HIPAA Final Omnibus Rule, healthcare providers and other covered entities are once again reassessing their privacy and security programs with an eye toward compliance. In light of new questions and requirements, we talked to Terrill Clements, Senior Equal Opportunity Specialist at the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), to find out about new developments. His answer was reassuring—the key to compliance still lies in the fundamentals of good privacy practices: ongoing risk analysis, risk management, and monitoring.Read More »
There are new and additional challenges that come into play when you have a data breach of sensitive personal information of your customers, or others, when that data resides in the cloud. The Cloud Security Alliance February 2013 report titled The Notorious Nine: Cloud Computing Top Threats in 2013 recognizes data breaches at the #1 cloud security threat. So given this level of risk, how do you prepare for, and what new twists must you anticipate, when it comes to a data breach by a cloud vendor?Read More »
We have spent this summer highlighting some of the key drivers, trends, and characteristics surrounding the data breach phenomena of the last decade. As I’ve reflected on some of the really interesting key data points in the Decade of Data Breach Infographic, I find that while a lot has changed over the last 10 years as to the nature, root cause, and types of data involved in data breaches. But while technology and social use of personal data has changed in dramatic fashion, as well as the nature of threats, the regulatory framework and enforcement of data breaches have changed not so much.Read More »
As we enter summer this year, it is just a short few months to September 23, 2013. And so what is special about that date? That is when HIPAA business associates, those organizations that work with healthcare providers, health plans, and others who are exposed to sensitive patient data (protected health information, or PHI), are required to comply with new privacy, security and breach notification rules from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Known as the HIPAA Omnibus Final Rule.Read More »
CMS (the Centers for Medicare & Medicaid Services) has begun auditing participants in the federally funded electronic health record (EHR) incentive payment program that makes funding available to hospitals and other healthcare organizations who can demonstrate meaningful use of certified EHR systems. And while one of the meaningful use criteria is that the organization carry out a HIPAA security risk analysis, the initial audits have found that one of the two most common adverse findings is non-compliance with the requirement to conduct a security risk analysis.Read More »
Right on the heels of a terrific inaugural workshop meeting for the PHI Protection Network (PPN) last week in Boston, I wanted to take a moment to revisit some of the key findings presented by representatives of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) at the IAPP Global Summit the prior week. The results that they presented were incredibly detailed, and highlighted just how far healthcare organizations still have to go, in order to comply with HIPAA/HITECH privacy, security and breach notification provisions. Especially important, now that the Final Omnibus Rule has been published and the clock is ticking down on the timeframe for compliance.Read More »
© Copyright 2013 ID Experts
A message from our lawyers. ID Experts, the ID Experts logo, and Breach HealthCheck are registered trademarks of ID Experts. RADAR, FraudStop, YourResponse, Breach Prevent, and Breach Respond are trademarks of ID Experts. All other trademarks used within the ID Experts website are the property of their respective owners.