January 2022

NIST Updated HIPAA Guidance
Cybersecurity, HIPAA

The National Institute of Standards and Technology (NIST) Updates Guidance on HIPAA Compliance Rules

January 29, 2022 Comments Off on The National Institute of Standards and Technology (NIST) Updates Guidance on HIPAA Compliance Rules

July 29, 2022 You know that exciting feeling when apps have an update that adds awesome new features?! It’s like Christmas morning over here for us at Abyde. The National Institute of Standards and Technology (NIST) just updated its guidelines and added an awesome new feature! After six years, NIST made a significant update by providing guidance to HIPAA-covered entities to follow the HIPAA Security Rule in order to better safeguard patients’ personal and protected health information. Read below to find out what changes were made to the guidelines.  The revised guidance connected HIPAA Security Rule items to NIST Cybersecurity Framework subcategories. The advice remains mostly unchanged, with a few minor structural changes and a renewed emphasis on risk assessments and risk management. NIST Cybersecurity Specialist, Jeff Marron states, “We provide a resource that can assist you with implementing the Security Rule in your own organization, which may have particular needs. Our goal is to offer guidance and resources you can use in one readable publication.” NIST recommended the following guidelines for practices: NIST Cybersecurity Specialist, Jeff Marron also stated, “The identification of vulnerabilities or conditions that a threat could use to cause impact is an important component of risk assessment. While it is necessary to review threats and vulnerabilities as unique elements, they are often considered at the same time,”. It is important to note that HIPAA and cybersecurity operate best as a team, and a practice with both will operate smoothly. We all understand the need of HIPAA compliance, but practices must also understand the importance of cybersecurity. The more funding and resources allocated to IT security employees, the better off the firm will be when cyber dangers eventually arise. Satisfying HIPAA and cybersecurity regulations is critical to safeguarding your practice and patients from a data breach or HIPAA violation. While these are undoubtedly items that should be emphasized regardless of the government’s spending intentions, the suggestions by the government and NIST add a sense of urgency to ensuring that these vital protections are in place. With the increasing frequency of cyberattacks going on nowadays, ensuring HIPAA compliance is more important than ever.  We were chatting with our Partner, Darkhorse Tech, and they talked about how HIPAA compliance services provide a framework for security (essential for any dental business), but they do not provide a proactive response to cyber threats. Instead, they provide preventative methods to safeguard your data and keep you in compliance. So in order to have everything covered your practice needs to adopt an additional layer of security, you should no longer rely exclusively on low-quality anti-virus software to defend you. By enlisting the help of specialists who are actively working to prevent an attack before it occurs, reacting to any threats in real-time, and staying up to speed on the current and impending dangers, you can shift your security measures from preventative and reactive to proactive. Darkhorse Tech CMO, Brian Ash, states, “The latest updates to HIPAA make compliance, reporting, and cyber security even more vital for our clients.  While we have been recommending the addition of Abyde for HIPAA compliance for some time, the new guidelines make now the time to commit.  Along with Abyde’s software we are making the addition of a Security Operations Center (SOC) our top priority.  We vetted many options but are recommending Blackpoint Cyber as our SOC of choice.” As we can see, the NIST provided a great update to their Quizlet so that your practice can maintain a good grade in compliance school. So, I think it is time to take a step back and review that NIST guidance so that your practice can always pass the exam! So ensuring that you’re adequately securing this data begins with a thorough knowledge of what needs to be secured and that’s why we have the ideal study partner for you (Abyde) to assist you with all of your compliance needs!

$600K Settlement for HIPAA Breach
Fines, HIPAA

NY Attorney General Announces $600K Settlement for HIPAA Breach Impacting 2.1M People

January 28, 2022 Comments Off on NY Attorney General Announces $600K Settlement for HIPAA Breach Impacting 2.1M People

January 28, 2022 We aren’t even a full month into 2022 and it’s already looking like increasing HIPAA enforcement might be a New Year’s Resolution for the state of New York. Starting the year off strong, New York Attorney General Letitia James just announced a $600k settlement with vision benefits provider EyeMed as a result of a healthcare data breach that compromised the Protected Health Information (PHI) of over 2 million individuals. It all started back in June of 2020 when cybercriminals got ahold of an EyeMed email account after the provider failed to implement any multi-factor authentication and sufficient password management processes. In just a week of the hackers having access to the EyeMed email account, they were able to obtain emails and attachments from up to six years prior. The following month, the same attacker used the email account to send out 2,000 phishing emails, looking to acquire the login credentials of other EyeMed users. This lack of proper safeguards and security protocols enabled millions of individuals’ names, social security numbers,  addresses, medical diagnoses’ and other sensitive data to be compromised. This latest settlement adds on to the continued rise in cyber attacks and government enforcement seen over past years, further proving just how important having a strong cybersecurity and HIPAA program are for healthcare providers. So if your New Year’s Resolution is to avoid a cyberattack yourself, we recommend ensuring that you have the following in place: While data breaches and cyberattacks aren’t always totally avoidable, checking off the list items above is a great way to reduce your chances. But in the case that you’ve already experienced a data breach in 2021, it’s important to note that the annual minor breach reporting deadline (classified by HIPAA as incidents impacting fewer than 500 individuals) is rapidly approaching on March 1, 2022. And as for any major incidents affecting 500+ individuals – the reporting requirement is within 60 days of discovery (or less depending on your state). So some final words of advice? Have the necessary compliance and security programs in place to protect your practice from falling victim to an attack like EyeMed. And in the chance that you do experience a breach, follow the breach reporting requirements to reduce the fines and penalties that could come as a result.  

VisionWeb Partnership
Partner News

Abyde Partners With VisionWeb to Provide Complete HIPAA Compliance Solutions for Eye Care Professionals

January 7, 2022 Comments Off on Abyde Partners With VisionWeb to Provide Complete HIPAA Compliance Solutions for Eye Care Professionals

January 7, 2022 January 7, 2022 – Tampa, FL – Abyde is honored to announce their latest partnership with VisionWeb, working together towards a mutual goal in making HIPAA compliance simple and stress-free for even more independent eye care providers across the nation. Abyde’s collaboration with VisionWeb showcases their mission to revolutionize HIPAA compliance by providing a simple, user-friendly solution that fits perfectly with eye-care providers’ day-to-day operations. This partnership will provide VisionWeb users across all products and services with the tools necessary to implement a complete HIPAA compliance program, fulfilling essential, government-mandated HIPAA compliance requirements while streamlining providers’ time and resources spent on HIPAA. Abyde’s software solution is the easiest way for any sized eye care practice to implement and sustain comprehensive HIPAA compliance programs. Abyde’s revolutionary approach guides providers through mandatory HIPAA requirements such as the Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies and more. “Getting the opportunity to collaborate with VisionWeb has energized our whole organization. We are eager to show their users how easy HIPAA compliance can be,” said Matt DiBlasi, President of Abyde. “Together, we are committed to eradicating HIPAA complexities for eye care professionals across the country.” “Abyde will give our users the opportunity to use an advanced software solution full of education, tools and resources to certify that providers have what they need to be HIPAA compliant,” said Craig Drury, VP of Customer Development at VisionWeb. “VisionWeb is so excited to partner with Abyde to give our members the best HIPAA solution on the market.” About Abyde Abyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About VisionWeb VisionWeb pioneered the first open and neutral online order processing platform for the optical industry in 2000. Today, as the largest platform in the country, VisionWeb connects over 20,000 eye care professionals with over 500 suppliers. VisionWeb also provides revenue cycle management services to help eye care practices maximize revenue from their insurance claims. Uprise is VIsionWeb’s cloud-based EHR and Practice Management software designed to streamline office workflow, provide regulatory-compliant exam documentation, and offer insight into practice operations and performance. Learn more at visionweb.com. Read the full press release here.

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X