Icetruck.tv News Blog
Icetruck

Icetruck

Technology

Take Security into Your Own Hands and get a HIPAA Risk Assessment

Take Security into Your Own Hands and get a HIPAA


Take Security into Your Own Hands and get a HIPAA Risk Assessment

If your organization handles protected health information, or PHI, The Department of Health and Human Services requires you to conduct a risk analysis as the first step toward implementing safeguards specified in the HIPAA Security Rule, and ultimately achieving HIPAA compliance.

This includes all HIPAA hosting providers.

But what does a risk analysis entail exactly? And what must absolutely be included in your report?

The Health and Human Services Security Standards Guide outlines nine mandatory components of a risk analysis.

Conducting a thorough HIPAA risk assessment is extremely difficult to do yourself, though. You may well want to contract with a HIPAA auditor to help you.

Most people simply don’t know where to look, or they end up bypassing things because they don’t understand data security.

If the risk analysis is foundational to your security, then you don’t want to overlook key elements in the analysis.

There are nine components that healthcare organizations and healthcare-related organizations that store or transmit electronic protected health information must include in their document:

1. Scope of the Analysis

To identify your scope – in other words, the areas of your organization you need to secure – you have to understand how patient data flows within your organization.

This includes all electronic media your organization uses to create, receive, maintain or transmit ePHI – portable media, desktops and networks.

There are four main parts to consider when defining your scope.

  • Where PHI starts or enters your environment.
  • What happens to it once it’s in your system.
  • Where PHI leaves your entity.
  • Where the potential or existing leaks are.

2. Data Collection

Below is a list of places to get you started in the documentation of where PHI enters your environment.

  • Email: How many computers do you use, and who can log on to each of them?
  • Texts: How many mobile devices are there, and who owns them?
  • EHR entries: How many staff members are entering in data?
  • Faxes: How many fax machines do you have?
  • USPS: How is incoming mail handled?
  • New patient papers: How many papers are patients required to fill out? Do they do this at the front desk? Examination room? Somewhere else?
  • Business associate communications: How do business associates communicate with you?
  • Databases: Do you receive marketing databases of potential patients to contact?

It’s not enough to know only where PHI begins. You also need to know where it goes once it enters your environment.

To fully understand what happens to PHI in your environment, you have to record all hardware, software, devices, systems, and data storage locations that touch PHI in any way.

And then what happens when PHI leaves your hands? It is your job to ensure that it is transmitted or destroyed in the most secure way possible.

Once you know all the places where PHI is housed, transmitted, and stored, you’ll be better able to safeguard those vulnerable places.

Identify and Document Potential Vulnerabilities and Threats

Once you know what happens during the PHI lifecycle, it’s time to look for the gaps. These gaps create an environment for unsecured PHI to leak in or outside your environment.

The best way to find all possible leaks is to create a PHI flow diagram that documents all the information you found above and lays it out in a graphical format.

Looking at a diagram makes it easier to understand PHI trails and to identify and document anticipated vulnerabilities and threats.

A vulnerability is a flaw in components, procedures, design, implementation, or internal controls. Vulnerabilities can be fixed.

Some examples of vulnerabilities:

  • Website coded incorrectly
  • No office security policies
  • Computer screens in view of public patient waiting areas

A threat is the potential for a person or thing to trigger a vulnerability. Most threats remain out of your control to change, but they must be identified in order to assess the risk.

Some examples of threats:

  • Geological threats, such as landslides, earthquakes, and floods
  • Hackers downloading malware onto a system
  • Actions of workforce members or business associates

Again, even if you’re above-average in terms of compliance, you may only have a minimal understanding of vulnerabilities and threats. It’s crucial to ask a professional for help with your HIPAA risk assessment.

Assess Current Security Measures

Ask yourself what kind of security measures you’re taking to protect your data.

From a technical perspective, this might include any encryption, two-factor authentication, and other security methods put in place by your HIPAA hosting provider.

Since you now understand how PHI flows in your organization, and can better understand your scope. With that understanding, you can identify the vulnerabilities, the likelihood of threat occurrence and the risk.

Determine the Likelihood of Threat Occurrence

Just because there is a threat doesn’t mean it will have an impact on you.

For example, an organization in Florida and an organization in New York technically could both be hit by a hurricane. However, the likelihood of a hurricane hitting Florida is a lot higher than New York. So, the Florida-based organization’s tornado risk level will be a lot higher than the New York-based organization.

Determine the Potential Impact of Threat Occurrence

What effect would a particular risk you are analyzing have on your organization?

For example, while a patient in the waiting room might accidentally see PHI on a computer screen, it more than likely won’t have nearly the impact that a hacker attacking your unsecured Wi-Fi and stealing all your patient data would.

By using either qualitative or quantitative methods, you will need to assess the maximum impact of a data threat to your organization.

Determine the Level of Risk

Risks are the probability that a particular threat will exercise a particular vulnerabilit and the resulting impact on your organization.

According to the HHS, “risk is not a single factor or event, but rather it is a combination of factors or events (threats and vulnerabilities) that, if they occur, may have an adverse impact on the organization.”

So let’s break down the whole vulnerability, threat and risk connection. Here’s an example:

Let’s say that your system allows weak passwords. The vulnerability is the fact that a weak password is vulnerable to attack. The threat then is that a hacker could easily crack that weak password and break into the system. The risk would be the unprotected PHI in your system.

All risks should be assigned a level and accompanied by a list of corrective actions that would be performed to mitigate risk.

Finalize Documentation

Armed with the prioritized list of all your security problems, it’s time to start mitigating them. Starting with the top-ranked risks first, identify the security measure that fixes those issues.

Write everything up in an organized document. There is no specific format required, but the HHS does require the analysis in writing.

Technically, once you’ve documented all the steps you’ll take, you’re done with the risk analysis.

Periodic Review and Updates to the Risk Assessment

It’s important to remember that the risk analysis process is never truly done since it’s ongoing.

One requirement includes conducting a risk analysis on a regular basis. And while the Security Rule doesn’t set a required timeline, you’ll want to conduct another risk analysis whenever your company implements or plans to adopt new technology or business operations.

The bottom line is – a risk analysis is foundational to your security. You simply can’t be HIPAA compliant without one. If you have any tips you’d like to share, we’re all ears.

Lifestyle

3 Delicious Weight Loss Shakes You Have to Try

3 Delicious Weight Loss Shakes You Have to Try


3 Delicious Weight Loss Shakes You Have to Try

Are you keeping up with your new year’s resolutions? How about your weight loss goals?

Foods that help with weight loss used to be so boring. Salads, salads, and more salads… enough with the lettuce, I say! It’s tough to meet your goals when you get bored.

To lose weight successfully you need to mix up your routine now and then.

Smoothies and shakes are a delicious and nutritious alternative to the boring healthy staples. And they’re taking the weight loss industry by storm.

Weight loss shakes are the perfect way to a change up your oatmeal breakfast, lunch salad, or a healthy snack.

They’re packed with fruit, veggies, and vitamins and they’re quick and easy to make.

They even taste good enough to give to your kids. Seriously, kids love these shakes!

Getting your family in on your weight loss goals is a great way to keep up good momentum.

Ready to tackle your weight loss goals the yummy way? Read on for 3 awesome and delicious recipes.

3 Must Try Weight Loss Shakes

Mango Surprise!

Are you a mango lover? This is the perfect summer refresher or even the slice of sunshine you need on a gloomy day.

Blend these ingredients until smooth, pour yourself a glass, garnish if desired, and enjoy!

  • 1/4 c. mango cubes
  • 1/4 c. mashed ripe avocado
  • 1/2 c. mango juice
  • 1/4 c. fat-free vanilla yogurt
  • 1 Tbsp. fresh squeezed lime juice
  • 1 Tbsp. sugar
  • 6 ice cubes

Surprise! It’s delicious.

Spinach Flax Protein Shake

This recipe from The Blonde Buckeye is the best way to get a healthy dose of veggies in your day.

Tired of spinach salads? This is the best alternative.

And with a little added fruit and protein powder, this recipe is perfect if you’re just not the spinach type.

Don’t forget, spinach is high in fiber, protein, vitamins A, C, E, K, and B6, and much more. It’s a weight loss essential.

  • 1 c. unsweetened almond milk (or any kind)
  • 1 large handful organic baby spinach, washed
  • 1/4 c. frozen mango chunks
  • 1/4 c. frozen pineapple
  • 1/2 of a banana, fresh or frozen
  • 1 Tbsp. flax meal (optional)
  • 1 Tbsp. chia seeds (optional)
  • 1 scoop of vanilla protein powder (optional)

Combine these ingredients until smooth and enjoy!

Chocolate Raspberry Smoothie

Looking for the perfect healthy dessert option? Order up! This will knock your socks off.

I always say: if you’re gonna have dessert you might as well fill it with fiber.

Raspberry is an excellent weight loss tool. They’re low in calories and packed with healthy fiber, making you feel fuller longer.

And the chocolate is just amazing.

You can’t go wrong with this smoothie.

  • 1/2 c. skim or soy milk
  • 6 oz. vanilla yogurt
  • 1/4 c. chocolate chips
  • 1 c. fresh raspberries
  • A handful of ice or an extra 1 c. frozen raspberries

Blend until smooth and enjoy your high-fiber chocolaty dessert!

Wight loss can be hard but it can still be delicious! Use these weight loss shakes to treat yourself once in a while and help keep yourself on track for your goals.

Enjoy!

Uncategorized

ΠΩΣ ΝΑ ΕΠΙΛΕΞΤΕ ΤΑ ΚΑΤΑΛΛΗΛΑ ΒΡΕΦΙΚΑ ΕΙΔΗ ?

Ένα μωρό έχει ιδιαίτερες ανάγκες και χρειάζεται επιπλέον φροντίδα και περιποίηση για να μεγαλώσει σωστά και με ασφάλεια. Έτσι, κάθε νέα μητέρα που θέλει το καλύτερο για το παιδί της θα πρέπει να επενδύσει στον κατάλληλο εξοπλισμό όπως είναι τα βρεφικα ειδη, ένα ασφαλές καθισμα αυτοκινητουπαιδικα σεντονιαπροικα μωρουθηλασμοςπαιδικα σεντονια όπως επίσης να επιλέξει μέσα από μία μεγάλη γκάμα σε παιδικα καροτσια αυτό που καλύπτει τις ανάγκες της. Όλα τα παραπάνω θα βοηθήσουν στο να αντεπεξέλθει σε όλες τις απαιτήσεις της μητρότητας, της ασφάλειας του μωρού και της σωστής ανάπτυξης.

Καθώς όμως η ποικιλία στα καταστήματα βρεφικών ειδών είναι πραγματικά τεράστια, είναι αρκετά δύσκολο, ειδικά για τις νέες και άπειρες μητέρες, να αποφασίσουν τι πραγματικά θα χρειαστούν για το μωρό τους και τι ανάγκες μπορεί να προκύψουν στην πορεία.

Πώς λοιπόν μπορεί η μητέρα να είναι σίγουρη ότι κάνει τη σωστή επιλογή για το μωρό της; Ακολουθούν μερικά tips που θα βοηθήσουν αποτελεσματικά.

Καταγράψτε τις βασικές ανάγκες του μωρού

Πριν ξεκινήσετε να αγοράζετε ότι χαριτωμένο βρίσκετε στα μαγαζιά (θα το κάνετε κι αυτό κάποια στιγμή) βεβαιωθείτε ότι το μωρό σας έχει όλα τα απαραίτητα που χρειάζεται στην καθημερινότητα του, από τη διατροφή και τον ρουχισμό μέχρι την διασκέδαση και τη μεταφορά του. Όταν βεβαιωθείτε ότι καλύψατε εντελώς αυτές του τις ανάγκες, μπορείτε να ψωνίσετε ότι άλλο σας αρέσει.

Συζητήστε με άλλους γονείς

Μπορεί μερικά πράγματα να σας κάνουν εντύπωση ή να σας φαίνονται χρήσιμα και σημαντικά, όμως στην πορεία να αποδειχθεί ότι η αρχική σας κρίση ήταν εντελώς λανθασμένη. Το καλύτερο που έχετε να κάνετε πριν ξεκινήσετε να αγοράζετε, είναι να ρωτήσετε γονείς με μωρά τι πραγματικά χρειάστηκαν και τι όχι, απ’ όσα αγόρασαν όταν γεννήθηκε το μωρό τους.

Επενδύστε σε επώνυμη ποιότητα

Οι μεγάλες εταιρείες, ακριβώς επειδή έχουν όνομα στο χώρο και θέλουν να διατηρήσουν την καλή τους φήμη δίνουν πολύ μεγάλη σημασία στην ποιότητα, οπότε ένας γενικός κανόνας είναι ότι τα βρεφικά είδη επώνυμων εταιρειών, συνήθως είναι προσεγμένα, ποιοτικά και πολύ πιο υγιεινά.

Βρείτε όλα τα βρεφικά είδη που χρειάζεστε για να καλύψετε όλες τις ανάγκες του μωρού σας στο ηλεκτρονικό κατάστημα TheBabyCity.gr