« April 2017 | Main | June 2017 »

May 31, 2017

FREE Webinar: Phishing, BitCoin & Ransomware: Don't it make you WannaCry?

Description:
This webinar will summarize the lessons learned by the healthcare industry from WannaCry & perform a postmortem on WannaCry's impact.
  
Date and Time, including Time Zone 
June 15, 2017 2:00 EST

 
Looking for a simplified way to keep up with HIPAA?  For a limited time, we are making available our "Showing HHS Visible, Demonstrable, Evidence" webinar when you sign up for our FREE monthly newsletter

Posted at 01:29 PM | | Comments (0)

May 24, 2017

WannaCry: Re-Broadcast of May Webinar

Chris Saah CEO of TecFac (Technology Facilitators) joined Carlos Leyva and the team for a discussion of the recent the ransomware attack and how to prevent ransomware from penetrating your organization in addition to discussing HHS' methodology implications. 
 
Download the webinar, slides and fact sheet:
 
 

Ransomware Fact Sheet

 

Looking for a simplified way to keep up with HIPAA?  For a limited time, we are making available our "Showing HHS Visible, Demonstrable, Evidence" webinar when you sign up for our FREE monthly newsletter

 

Posted at 10:55 AM | | Comments (0)

May 12, 2017

HHS Notification: International Cyber Threat to Healthcare Organizations

Don't believe that the bad guys are targeting healthcare? Read the follow recent HHS announcement:

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

May 12, 2017

Dear HPH Sector Colleagues,

HHS is aware of a significant cyber security issue in the UK and other international locations affecting hospitals and healthcare information systems. We are also aware that there is evidence of this attack occurring inside the United States. We are working with our partners across government and in the private sector to develop a better understanding of the threat and to provide additional information on measures to protect your systems. We advise that you continue to exercise cyber security best practices – particularly with respect to email.

Office of the National Coordinator for HealthIT on behalf of Laura Wolf,

Critical Infrastructure Protection Lead

HHS-ASPR-OEM

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Description:
This webinar revisits the importance that HHS places on having a methodology that supports a Culture of Compliance.
  
Date and Time, including Time Zone 
May 18, 2017 2:00 EST

Looking for a simplified way to keep up with HIPAA?  For a limited time, we are making available our "Showing HHS Visible, Demonstrable, Evidence" webinar when you sign up for our FREE monthly newsletter

 

Posted at 05:15 PM | | Comments (0)

May 03, 2017

The HIPAA Compliance Challenge

Posted at 12:22 PM | | Comments (0)

HHS' Methodology Guidance

HHS has once again provided guidance on the importance of having a methodology to develop, implement, and maintain a comprehensive compliance program ("Program"). The objective of your HIPAA compliance initiative ("HCI") should be to build your Program over time, especially if you are interested in an establishing a "Culture of Compliance!" 
 
 HHS' guidance did not directly use the word "methodology," there was no need to. The guidance does not reference any specific sections of the HIPAA Privacy, Security, or Breach Notification Rules ("the Rules" or "Rules"). However, if you peruse the guidance with any sort of rigor, you quickly understand that it is all about methodology; the latter being exactly what HHS intended to convey in partnership with the Health Care Compliance Association ("HCCA"). 
 
The message embedded in the guidance is the same one that Leon Rodriguez ("Rodriguez"), former Director of OCR under the Obama Administration, echoed in a recent interview
 
The commentary (see here and here) provided by the HIPAA Survival Guide ("HSG") pursuant to HHS' guidance helps describe the methodology that is built into our Subscription Plan. The HSG Subscription Plan is not a set of loosely joined software, products, templates and tools, but rather all of it is underpinned by a methodology that helps you establish the kind of Program HHS is interested in seeing stakeholders adopt. Beyond the shameless plug, the idea is that you should be asking your compliance consultants whether or not they have a methodology, and if so, how does it help you build and sustain the requisite Program over time?
 
Change is Hard
 
Most HIPAA compliance initiatives fail because of people and process challenges, which have very little to do with the underlying technologies required to remediate cybersecurity vulnerabilities, and almost everything to do with the kind of social complexity that we often write about (i.e. which lies at the heart of wicked problems). An HCI implementation includes so much more than technology that to call it a technology project is itself a misnomer. HCI implementations are more aptly described as change projects and change is hard. Just ask any one of your colleagues who have successfully (or not) navigated the white water rapids that now surround you.  Because change is hard we need a methodology to guide us along the way.
 
Why a Methodology? 

Change of this magnitude (i.e. an HCI) is inherently chaotic. There are simply no cookbooks, no maps, no videos, no books, no webinars, no conferences and certainly no newsletters capable of providing a step by step approach applicable to all providers or even most. Each solution will be different than the next because each organization is different. We understand that an industry whose very foundation rests on the scientific method will have a difficult time accepting the fact that heuristics is the best we can do. In fact, for many within healthcare it is clearly anathema to suggest that sufficient study of the problem will not only lead to poor results, it will lead right off the cliff to certain failure. The "form a committee to form a committee to study the problem" will lead to death by a thousand cuts. We have seen this movie before and it doesn't have a happy ending.
 
In short, to solve a wicked problem you must fail fast in order to succeed. Why? Because problems this complex can't even be defined, let alone solved, without a better understanding of where you are today as compared to where you need to be. To solve this wicked problem you must act more and study less. That is the point that Lee Iacocca made when he took a chainsaw to the Mustang (probably urban legend). Get busy doing! Break some ground!
 
Even though you will be applying heuristics, you still require a methodology for guidance.  Otherwise it will be like jumping out of an airplane without a parachute...the ride might be fun but you are not going to like the result!
 
An Agile Compliance Methodology 
Agile compliance is a group of methods based on an iterative and incremental approach where compliance solutions evolve through collaboration between cross-functional teams. Agile promotes adaptive planning, evolutionary development and implementation, and a time-boxed iterative approach which encourages rapid and flexible response to changing regulations and operational environments that are quickly morphing. 
 
Agile is a conceptual framework that promotes foreseen interactions throughout the implementation cycle and acknowledges that due to a changing operational, technical, and regulatory environment, the implementation cycle never ends. Agile compliance is how an Organization goes about changing its compliance DNA. Ultimately, Agile will be defined as how your Organization continuously iterates through your compliance initiative. Each organization's definition of Agile will share common principles but will otherwise be unique to the organization.
 
Why Agile Methodologies Prevail? 
 
The answer to this question was hinted at in the introduction to this article. Agile is a lightweight methodology that enables organizations to effectively deal with the complexity contained in wicked problems. Given the amount of transformational change that the healthcare industry is currently undergoing, a linear "engineering" centric methodology is almost guaranteed to fail. Your organization will be in a state of perpetual analysis/paralysis, talking about compliance but not producing visible, demonstrable evidence of same.
 
 
Just click on the Act Now Button below and fill out the information and our Customer Service Staff will set up your Free 15 Day Expresso™ Test Drive and arrange a "Go To Meeting" session to review how you can do your HIPAA Risk Assessment in 3 hours or less.
 

Posted at 12:17 PM | | Comments (0)

My Photo

About

NEWSLETTER


  • ACO COMPLIANCE NEWSLETTER

    Join My ACO Mailing List

  • Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
    Sign up for a FREE
    HITECH / HIPAA
    Compliance Newsletter

    Enter your email address

Categories

CC

Tools

  • Google Analytics

Essays and Such

  • HIPAA Survival Guide (PDF)
    Read the HSG in PDF format.
  • HIPAA Survival Guide (online)
    Practical advice for health care practitioners.

  • Search, KM & the Practice of Law

  • Silicon Stories eBook

  • Dirty Little Secret

  • Competitive Advantage

  • Process Patterns

  • Movie Making and Software Development

  • The Missing Factory

  • Architecture: Shack, House or Skyscraper?

  • The Talent Wars

  • Knowledge Management and Infotainment

  • What comes after what comes next?

February 2019

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28    

Archives

More...