HIPAA

Phoenix Healthcare HIPAA Fine
Fines, HIPAA

Phoenix Healthcare Fine: Don’t be a Fool in Compliance

April 1, 2024 Comments Off on Phoenix Healthcare Fine: Don’t be a Fool in Compliance

April 1, 2024 Happy April Fools Day! We hope you’re enjoying the holiday with some lighthearted fun and pranks!  Now, HIPAA regulations are no laughing matter. HIPAA regulations are in place to protect patients’ information, making sure we all have the rights we deserve to keep our information safe.  Today, we’re talking about the latest HIPAA fine, given to a multi-location nursing care organization in Oklahoma, Phoenix Healthcare.  Phoenix Healthcare was fined 35 grand for violating the HIPAA Right of Access Rule, being the butt of the joke of this major fine.  Get buckled up, pranksters! We’re all in for some April Fools’ fun but don’t even think about messing with HIPAA. Patient privacy is no joke!  So, What Happened?  Well, what happened was unfortunately not a prank.  Phoenix Healthcare withheld someone’s health information for almost a year after an initial request was made.  The OCR was made aware of this not-so-funny situation by a caretaker trying to get the health information of her mother, a patient at the nursing home.  Like a joke that went on too long, Phoenix Healthcare eventually did send the information to the daughter. However, the HIPAA Right of Access Rule requires information to be shared within thirty days of a request. Some states, it’s even sooner, like California!  The daughter reported the HIPAA violation to the OCR, and at first, Phoenix Healthcare was ordered to pay a fine of 75,000! With an appeal, and an agreement that Phoenix Healthcare updates its HIPAA policies and procedures, and provides training, the fine was lowered to 35,000.  Whew! While Phoenix Healthcare is still on thin ice, they saved themselves a lot of money.  What can I learn from this?  Well, great question! First, HIPAA compliance is no joke. But don’t worry, no April Fool’s pranks here!  To stay ahead of the curve,  we can make sure your practice is up-to-date on all the HIPAA rules. That way, you can focus on the fun and leave the compliance worries to us. With Abyde, we make sure you Never Stress Over Compliance Again! The Abyde software offers a variety of features to simplify the compliance process. Yes, the words ‘simple’ and ‘compliance’ can be in the same sentence.  While this is a chore for Phoenix Healthcare, the Abyde software even includes dynamically generated policies and procedures, having HIPAA-compliant policies in seconds. The training is also covered, with our enjoyable training that somehow turns learning about HIPAA fun!  We promise you, this isn’t an April Fools trick, we actually make compliance easy. To learn more about how Abyde can help your practice, schedule a consultation, here. 

HIPAA Training Portal
Abyde News

Abyde Feature Week: Training Portal

March 22, 2024 Comments Off on Abyde Feature Week: Training Portal

March 22, 2024 Is it over already? But, we’ve been having so much!  If you’re not aware, this past week, we’ve been going over all the amazing features the Abyde software has to offer, simplifying compliance for your business. Every second counts when it comes to running your business, and complex HIPAA regulations are the last thing you need to stress about.  That’s where Abyde comes in.  Over the past week, we’ve gone through a variety of our cutting-edge features. For example, the once daunting Security Risk Analysis (SRA)? Yeah, we turned it into a questionnaire that can be completed in minutes. We have a Scorecard that keeps track of your HIPAA triumphs and shortcomings, letting you know the best compliance practices. In the spirit of efficiency, we also dynamically generate your custom policies and procedures. Oh yeah, we also streamline Business Associate Agreements with our BA | CE Portal, making the only thing you have to do is digitally sign.  Now, the last feature of this wonderful week will be our entertaining training.  Yes, pick your jaw off the floor, Abyde actually makes HIPAA compliance training fun.  Level Up!  Routine training is required to keep you and your staff on point when it comes to compliance protocols.  Compliance training might not be synonymous with fun to most, so that’s where Abyde once again has changed the compliance game.  Gone are the days when you’d need to shut down your business, hire a third-party consultant, and spend the whole day talking about HIPAA. With Abyde, we create short, simple, and entertaining training, giving over everything you need to know to be compliant. We’re always getting better here at Abyde, and some of my favorite new trainings are interactive, making sure your staff is engaged and learning.  Best part? This training can be completed at your own pace, so no need to shut down the business for the day!  Need to follow up with employees who haven’t completed training? You can do that with a click of a button, reminding staff with a friendly email from us.  In the words of the Staples button – That was easy!  Feature Finale We had a fantastic week going through all the amazing features that make Abyde, well, Abyde! Now, let’s remember that continuous compliance lasts a lot longer than this week, and is a staple to the success of your business.  Think about the countless hours you save with Abyde’s innovative solutions.  Abyde can and will make compliance for your business simple and easy. It’s what we do best.  We’re here to equip businesses with the tools they need to keep Protected Health Information (PHI) safe and secure.  BAs are in a unique situation – running both a business and then being entrusted with the responsibility of protecting sensitive patient information.  We’re here to make compliance easy so you can focus on running your business.  To learn more about Abyde’s revolutionary software solution, email us at info@abyde.com and schedule a demo here to see it in action. 

Business Associate Agreements Portal
Best Practices, Business Associates, HIPAA

Abyde Feature Week: BA | CE Portal

March 21, 2024 Comments Off on Abyde Feature Week: BA | CE Portal

March 21, 2024 Let’s go! Day number four of Feature Week. We hope you’ve stayed tuned as we go over all the wonderful features that make Abyde the leading compliance software for Business Associates (BAs). We know that running your business can be tough, so we simplify compliance, so you can focus on being successful in your business.  So far, this week we’ve gone over our intuitive Security Risk Analysis (SRA), our unique Scorecard, telling you what you need to do to be compliant based on your answers, and yesterday, our dynamically generated custom Policies and Procedures, saving your business countless hours in drafting documentation.  How does this software get even better? Well, it does!  Today, we’ll go over our state-of-the-art BA and CE (Covered Entity) Portal, where you can manage your Business Associate Agreements (BAAs).  As we say here at Abyde, who does it better than us? NOBODY!  BAA-lieve It or Not: The Importance of Business Associate Agreements A Business Associate Agreement, or a BAA, is an agreement between a BA and CE, or a Sub-BA, that outlines the roles and responsibilities of both parties when it comes to securing Protected Health Information (PHI).  In simpler terms: a contract that spells out what each party needs to do when it comes to HIPAA compliance.  One of the top HIPAA violations BAs make is not having a Business Associate Agreement in place.  This agreement is required by the government, making sure both parties are aware of the responsibilities that come along with handling sensitive patient information.  BAs must have agreements in place with all CEs and Sub-BAs they work with.  Managing these agreements could be complicated without Abyde, being unaware of what needs to go into an agreement, getting it over to be signed and knowing when these agreements expire.  But with Abyde, you don’t need to worry about this, simplifying the compliance process even more. Like how we dynamically generate custom Policies and Procedures, we create BAAs for you.  All we need you to do is digitally sign. The BAA will be sent over by email through the software and will be stored in our nifty BA | CE Portal.  Have an agreement expiring soon? We’ll notify you, giving you plenty of time to update your documentation so you can stay compliant.  All BAAs are easily downloadable from the software and can be reviewed at all times. Have a partner who hasn’t signed yet? We’ll send reminders for them, too.  With our revolutionary features, we think it’s clear: we want to make compliance the easiest part of running your business.  To learn more about how you can manage your Business Associate Agreements with the Abyde software, email info@abyde.com and see it in action here.

Custom HIPAA Policies and Procedures
Abyde News

Feature Week: Custom Policies and Procedures

March 20, 2024 Comments Off on Feature Week: Custom Policies and Procedures

March 20, 2024 Wait. Hold up. Are we already halfway through our Feature Week? For those unfamiliar, we’re taking this week to celebrate what makes Abyde unique. We are highlighting the features that make Abyde well, Abyde! Abyde is the leading compliance software for healthcare practices and Business Associates.  Over the last few days, we’ve shared how Abyde’s Security Risk Analysis (SRA) and Scorecard simplify compliance. Our SRA, a required assessment by the government, takes just minutes to complete.  Then, SRA generates a Scorecard that analyzes your assessment and provides clear recommendations, ensuring a thorough evaluation. Can you believe there are more amazing features of the Abyde software?  Today, we’re highlighting the dynamically generated policies and procedures.  Doable Documentation Now, you might be wondering, what’s the big deal about this documentation? Well, if you haven’t noticed, documentation is a big deal in compliance, showing the government that you are on top of keeping Protected Health Information (PHI) safe.  HIPAA requires that your business has to have custom, personalized policies and procedures documented.  Cookie-cutter templates are not going to cut it when it comes to compliant documentation. Now, before you start to wonder how you are ever going to write all these policies, take a deep breath. We’re here to help. The Abyde software will dynamically generate policies and procedures for you. All we need from you is some simple information, then voila! The software will generate an extensive policy or procedure for you.  Have any changes to your business? No worries, mark the change in your Abyde software, and we’ll instantly create a document with the newest information.  Abyde stores all your policies, new and old, in the software, keeping things organized for your business. Our dynamically generated policy and procedures save your practice countless hours of writing documentation, letting you focus on what matters most, running your business.  To learn more about how Abyde can help your business, email info@abyde.com and see the policy and procedure generation in action by scheduling a demo here for Business Associates. 

HIPAA Compliance Scorecard
Cybersecurity, HIPAA

Abyde Feature Week: Scorecard

March 19, 2024 Comments Off on Abyde Feature Week: Scorecard

March 19, 2024 Welcome to Feature Week! Whether you stayed tuned from last week, or are a first-time reader, we are celebrating the features that Abyde offers to make it easy for your practice to stay compliant. Yesterday, we highlighted Abyde’s state-of-the-art Security Risk Analysis (SRA), turning a complicated evaluation of your business’s compliance practices into a simple questionnaire that can be completed in minutes.  Once your SRA is done, the Scorecard comes into play.  Get comfortable and stay tuned on how this feature can make HIPAA a breeze for your business.  Keeping Score Whew!, That SRA wasn’t so bad, right? So, what’s next? This isn’t a scorecard like in golf but is a hole-in-one when it comes to monitoring your compliance practices. The Scorecard is a review of your answers to the SRA and gives your business a thorough explanation of how your current practices hold up against regulations, and what your organization can do to improve.  The SRA is like a coach’s playbook, outlining the game plan for HIPAA compliance. The Scorecard is this plan in action, like reviewing your game tape, seeing what you need to improve and what vulnerabilities you have as a business.  This scorecard is easy to review and gives your business the risk levels of your current practices.  Each question is unique, and some practices are more critical than others. For instance, only changing your password every six months is not ideal, but not as risky as not encrypting your files.  Unfortunately, some practices will never be ‘low risk’, even if they are not wrong just because there’s always the chance of human and technological errors.  For instance, numerous employees working remotely while handling Protected Health Information (PHI) is always going to be riskier than all PHI staying in one location.  Impacted by a breach? You can easily show proof of a Security Risk Analysis by downloading the Scorecard in the software, showing the government that you take HIPAA seriously.  You can also see every version of your Scorecard in the software, seeing how your path to compliance has gotten easier with the help of Abyde. Ready to keep your HIPAA compliance score? Reach out to info@abyde.com and schedule a demo here for your business.

HIPAA Security Risk Analysis Software
Cybersecurity, HIPAA

Abyde Feature Week: Security Risk Analysis

March 18, 2024 Comments Off on Abyde Feature Week: Security Risk Analysis

March 18, 2024 For some, this might be Spring Break, but we have something even more exciting planned: Feature Week! Throughout this week, we are going to share the amazing things we have to offer Business Associates (BAs) for HIPAA compliance. I know that Spring Break and software features might seem like worlds apart, but somehow at Abyde, we make compliance and simplicity go hand in hand.  So, get comfortable, fix your beach chair, grab a drink, and see how Abyde can make your compliance journey easy with our Security Risk Analysis (SRA).  What is a Security Risk Analysis (SRA)?  A Security Risk Analysis (SRA) is a required assessment of risks and vulnerabilities of how Protected Health Information (PHI) is handled. The quick 411– PHI is identifiable information about a patient, like a social security number, medical records and more.  The Security Risk Analysis, established in the Security Rule, is an overall evaluation of how your business properly protects PHI, ranging from how often you change the passwords on your systems, to security alarms on the door of the business.  This assessment is required, and organizations’ lack of one is a common HIPAA violation.  Last year, a BA was fined $100,000  by the Office of Civil Rights (OCR) after they were impacted by a ransomware attack. One of the first things the OCR looks for is an SRA. As you might’ve guessed, there was no SRA in place, contributing to the hefty fine.  How Abyde can help There’s A LOT of information to go through, and it might be overwhelming.  That’s where our simplified Security Risk Analysis comes in.  With Abyde, you can now analyze your processes without needing to hire a consultant or trying to audit yourself by referring to tons of paperwork.  Before Abyde, an SRA could take weeks. With Abyde, it takes minutes. Our simple questions get straight to the point, and if you don’t know the answer to something? Don’t worry! You can mark the question and it will come back up later in our Ongoing Questions section on the dashboard, or call our team of compliance experts for help.  Abyde is here to make compliance simple. It’s what we do best.  Stay tuned for the next day in our feature week: our Scorecard.  To learn more about the features of the Abyde software, email us at info@abyde.com and see the software in action by scheduling a demo here for Business Associates and here for Covered Entities. 

Change Healthcare Breach Update
Audits, Cybersecurity, HIPAA

Change Healthcare Breach: What We Know Now

March 14, 2024 Comments Off on Change Healthcare Breach: What We Know Now

March 14, 2024 BREAKING NEWS! Your friends at Abyde are right back at you with an update on the Change Healthcare breach. Check out our first blog post on the breach here!  Now, to quickly bring you up to speed, Change Healthcare, a division of United Healthcare, was impacted by a ransomware attack. This ransomware attack is like nothing we’ve ever seen, and being called the most significant attack on our healthcare system of all time.  This ransomware attack was disastrous, taking Change Healthcare systems offline, and making it impossible for healthcare providers to check for insurance eligibility, see new patients, properly process prescriptions correctly, and much more.  Now, it’s been several weeks since the initial attack, and we have the latest scoop for you.  What’s going on now?  Well, now here comes the fallout. While some of the systems have been able to get back online, like pharmacy functions, Change Healthcare is still not 100%. This has been detrimental to healthcare providers, and is costing them $100 million a day! Now, I know that’s gotta hurt.  Now, the lawsuits are starting to roll in. Now, multiple class action lawsuits have been filed against Change Healthcare/United Healthcare due to its inadequate security systems and how it’s been handled.  Unfortunately, in this attack, it’s highly likely Protected Health Information (PHI) is in the hands of criminals. In this ransomware attack, over six TB of stolen data was encrypted by the deceptive hackers. So, these lawsuits are just getting started.  The government is also involved in this breach, investigating the causes and effects of the ransomware attack. The FBI has run into this group of hackers before and has taken some of their servers offline, causing many to think this attack was of vengeance.  The Department of Health and Human Services also came together to discuss and address the impact of the cyber attack for more to come. As of yesterday, March 13, the Office of Civil Rights also released a statement of beginning their investigation of the attack.  It’s safe to say this is far from over, and it’s been a tough month for United Healthcare.  What should I do?  To keep up with the news, we recommend you follow our news page, where we release the newest updates in compliance news and the best tips for your practice or business.  To keep up with the Change Healthcare system updates, you can follow this page here.  To keep your practice or business safe, and avoid this hot water that United Healthcare found itself in, it is essential for you to proactively protect your organization. This includes working with an IT company, employing firewalls, encryption, and of course, having compliance software like Abyde.  Abyde is your one-stop shop when it comes to compliance management, allowing you to evaluate your risks and address them before it’s too late. Need documentation in order? Yeah, all in the software. Oh and – let me stop you right there, yes, we also dynamically generate our personalized policies and procedures, so don’t worry about writing them.  And if you experience a breach? We’re here for you. We have an awesome team of compliance experts here to help you navigate any situation, so you’re not alone.  Want to learn more about compliance? Reach out to us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates! 

Top Mistakes of Business Associates in Healthcare
Business Associates, HIPAA

Top Mistakes of Business Associates in Healthcare: How to Avoid Partnership Pitfalls

March 13, 2024 Comments Off on Top Mistakes of Business Associates in Healthcare: How to Avoid Partnership Pitfalls

March 13, 2024 Hi Business Associates (BAs)!  We know that working with healthcare practices adds the stress of securing the Protected Health Information (PHI) of patients. Running a business and protecting patients can be tough, but it’s a requirement under HIPAA.  This shared responsibility is key to keeping your business compliant, allowing you to have a successful business, happy partners, and of course, safe patients.  Here are some of the most common compliance violations BAs make, and how you can avoid them.  Dude, Where’s My Business Associate Agreement?  The first thing a Business Associate needs to do is sign a Business Associate Agreement (BAA) when working with a Covered Entity (CE). BAAs are a game plan for our business alongside healthcare practice. With a proper BAA, your organization has documentation of your shared responsibilities to keep PHI secure.  If there’s anything you need to know about compliance, it’s to document everything! This BAA includes important information about permitted uses and disclosures of PHI, safeguards that the BA is expected to establish, Breach Notification requirements, training requirements and more.  Now, this map of your partnership seems like a pretty easy thing to do, especially because it takes some liability off of your shoulders.  However, one of the most common violations of HIPAA for BAs is not having this agreement documented. There have been millions of dollars in fines that stem from one simple thing: not having a BAA. It’s a simple step your business has to take, and with Abyde, we make it easy. With our software, we will draft a personalized BAA for your organization. All you have to do is sign it and send it off to your CE partner. Worried about losing this BAA? Don’t worry! It lives in the software having this documentation readily available for your business. Getting Schooled A Lack of training is another top mistake for BAs. Once again, as a BA, it is imperative to be aware and educated on compliance. While compliance training might not exactly be as exciting as a Rocky montage running around Philly, it is very important, and when done right, can be fun. Abyde nails entertaining training with our interactive material, simplifying complicated topics into top-notch training.  Once again, training is vital for BAs, and when not completed, the consequences can be severe. When you violate HIPAA rules, like not training, the minimum fine is $137 per incident. Something like that can add up pretty quickly.  Additionally, training is so important in promoting a culture of compliance, ensuring all employees know the essential role they play in your business. Breach Bandits Unfortunately, breaches are common in healthcare. While it is imperative to take proper precautions against breaches, like having an IT company’s assistance, controlled access, and more, it can still happen. Sometimes, no matter how hard you secure your business, breach bandits still find a way through your security.  While it might happen to you, you can always control how you handle the situation. Before a breach even occurs, you need to take the proper cybersecurity precautions, and also complete a Security Risk Analysis (SRA).  After a breach, it is required to follow the Breach Notification Rule of HIPAA. The Breach Notification defines what your business needs to do if it is impacted by a breach, including how it needs to be reported and how it must be shared with affected patients.  The consequences of improperly handling a breach can be catastrophic, with major fines affecting your business.  For example, the first ransomware attack ruled on by the OCR impacted a BA. This Business Associate was caught in the crosshairs of a ransomware attack and was fined $100,000 due to their lack of a SRA and having no policies and procedures in order.  Now, dun dun dun! That’s where Abyde steps in again. Our software includes a simple SRA for your business to complete, going through all OSHA requirements in a questionnaire that takes minutes to complete. Well, you might now be wondering: What about policies and procedures? How do I quickly write those? I don’t know what I need? Well, the Abyde software has dynamically generated policies and procedures for your practice, drafted in seconds.  Overall, your friends at Abyde know that running both a successful business AND ensuring the protection of patients’ data can be complicated, and that’s why we’re here to help.  Abyde is the simple solution for all of your compliance concerns, with our intuitive software making compliance easy.  To learn more about how Abyde can eliminate your business’ compliance worries, email us at info@abyde.com or schedule a consultation here.

Common Compliance Vocabulary
Best Practices, HIPAA, OSHA

A to Z: A Compliance Dictionary

March 12, 2024 Comments Off on A to Z: A Compliance Dictionary

March 12, 2024 Today, we’re taking you to compliance school. Don’t worry, there won’t be a test, so no need to study!  Sometimes compliance can be complicated, and with so many specific words, it’s easy to feel overwhelmed. At Abyde, we believe in simplifying compliance, so we’re kicking it back to Kindergarten – more specifically, the ABCs. Here are the ABCs of compliance – see how many you already know!  Audit – An audit is an examination of how compliant your practice currently is. The random HIPAA audit program will likely resume this year.   Business Associate – A Business Associate is someone who handles Protected Health Information (PHI) and performs functions on behalf of a Covered Entity (both defined on this list!). Business Associates include a variety of fields, like medical equipment manufacturers, medical marketing teams, disposal companies, and more.  Covered Entity – A Covered Entity directly works with sensitive patient data. This includes healthcare providers, health plans, and clearinghouses.  Disaster Recovery Plan – A Disaster Recovery Plan is a required set of procedures to handle the effects of an unexpected event. This includes identifying potential risks, like different natural disasters, and more.   Electronic Protected Health Information – Electronic Protected Health Information, or ePHI for short, is any PHI that is created, received, maintained, or transmitted in electronic form.   Fraud – Fraud is deception to obtain something of value. HIPAA is in place to protect patients and prevent fraud by securing patient information and if these regulations are broken, there are consequences.   GDPR – The GDPR, or General Data Protection Regulation, is essentially a HIPAA equivalent for our friends across the pond, or the European Union. The GDPR includes more than just healthcare, but does define the privacy of patient records.  HIPAA – HIPAA, the thing you probably have heard of at least a million times (at least I know I have), or the Health Insurance Portability and Accountability Act, signed into law in 1996, protect the privacy and security of individuals’ health information and to establish standards for the electronic exchange of health information. Incident Response – An incident response is how you handle a situation. Under HIPAA, remember to document everything and report it in a timely manner.  Joint Commission – Joint Commission is an accreditation agency that evaluates healthcare organizations. Joint Commission would be considered a Business Associate if they come into contact with Protected Health Information.  Know your Patient – Know Your Patient, or KYP, is a way to identify a patient before any information is shared with the wrong person.  Logs – Logs are prevalent in HIPAA and OSHA, and are just documentation. This includes things like asset logs, or documentation of the items your practice has, and things like a breach log, which includes an explanation of a breach (who, what, where, when, etc.) Minimum Necessary Standard – The minimum necessary standard is the protocol that the least amount of sensitive information about a patient should be shared. Notice of Privacy Practices – The Notice of Privacy Practices is a required notice to patients on how their information will be used and shared.  OSHA – OSHA, or the Occupational Safety and Health Administration, is the government agency that ensures safe and healthy working environments for workers.  PHI – Protected Health Information, or PHI, is identifiable information about a patient that is created and shared by a Covered Entity or Business Associate. This includes names, social security numbers, emails, medical record numbers, and more.   Quality Management – Quality Management is the constant need to improve and monitor current processes and how to optimize patient care, employee safety, and more. Overall, how you can make your organization better for all involved.  Ransomware – Ransomware is a form of malware that holds data for ransom, requiring practices to pay a ransom for access to PHI.  Security Rule – The Security Rule is a component of HIPAA and sets the standard for all of the necessary safeguards a practice must have in place to protect PHI.  Training – Training is the continuous learning and improvement of all employees (including the owner) of compliance regulations. Update Information – Updating information is very important in compliance, ensuring all information is up-to-date about your practice is key. For instance, have employees leave? Make sure you make a note of that in your policies and roles. With the Abyde software, we do that for you!  Vulnerability Assessment – A Vulnerability assessment is a way to test cyber security frameworks to ensure that your system is secure.  Whistleblower – A whistleblower is someone who calls out violations of compliance. Whistleblowers are to be protected and make our healthcare systems a safer place.  X-ray Safety – X-ray safety precautions are vital, like any use of equipment. For instance, make sure proper protective equipment is worn, use shielding, and be aware of the position of the device.  Yearly Risk Assessment – A Yearly Risk Assessment is a thorough evaluation of your practice’s compliance. With Abyde, we ask these questions throughout the year, ensuring your practice is compliant if you’re doing the right thing! Zero tolerance – There is Zero tolerance for breaking HIPAA or OSHA legislation.  Whew! This one might have been a little bit longer than our traditional ABCs, but they’re all so important to keeping our patients and staff safe. To learn how you can keep your practice or business compliant, reach out to info@abyde.com or schedule a consultation here for Covered Entities, and here for Business Associates.

Ransomware in Healthcare
Best Practices, Cybersecurity, HIPAA

Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Comments Off on Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Ransomware. Even the name sounds ominous! With the Change Healthcare ransomware attack, you might have heard a lot about ransomware in the news lately. While the effects of the attack are wreaking havoc on the healthcare system, you might be wondering what this notorious ransomware is all about.  Well, you’ve come to the right place! We’re here to educate you on ransomware and how your practice or organization can be prepared for this cybercrime.  What is it, exactly?  Ransomware is a form of malware, or malicious software, that encrypts the files of a victim and requires a ransom to access files again. This is a very common way hackers infiltrate healthcare systems and over 4,000 ransomware attacks occur a day!   If you’re confused about how ransomware works, here’s a simple example:  Dan the Doctor was having an alright day, and then he got an email that went to his practice that he thought would turn it into the best day of his life! The email said he won 20 million dollars! All he had to do was click the link in the email to receive it. He clicked it as soon as possible, already dreaming of spending the rest of his life on the beaches of Hawaii.  Spoiler alert: his day was going to get a lot worse.  As he clicked the link, ransomware began its sinister magic: encrypting patients’ protected health information (PHI). He couldn’t believe what he did, putting his patients and his practice in jeopardy. Then, to get access to these files again, he had to pay thousands of dollars, or these files would be put online, putting his innocent patients even more at risk.  His dreams of Hawaii turned into a very hurt wallet and his patients at risk.  While you might think that could never happen to you: email scams, or phishing, are the most common way ransomware attacks are sent.  Our simple example is just a story, but it happens often in the healthcare field. For example, the most recent major cybercrime is the ongoing Change Healthcare ransomware attack, in which they paid 22 million dollars in ransom!  The OCR is also beginning to fine practices and organizations that do not take the proper precautions against ransomware attacks. The first ransomware attack fine was announced in October, costing the Business Associate (BA) $100,000 in HIPAA fines.  What do I do?  Now, while ransomware attacks have become extremely prevalent, with a 278% increase in ransomware breaches reported to the OCR, there are precautions you can take.  Working with an IT company is key for your practice or business, with prevention being the first line of defense. This includes things like encrypting your files, keeping all software up-to-date, having firewalls, antivirus and more.  Additionally, working with a compliance program like Abyde also lowers your risk. By identifying your vulnerabilities and enacting the right protocols, ransomware stands no match! For instance, password updating, proper data handling, access controls, and training, are all different barriers that help your practice or business.  Also, if your practice is infected by ransomware, do not pay the ransom, get the infected device offline and off the network, report the breach to the OCR, and get IT experts to investigate the attack.  To learn more about how your practice can stay compliant and secure against ransomware attacks, email us at info@abyde.com and schedule consultations for Covered Entities here, and Business Associates here.

How can HIPAA & HR non-compliance affect your practice? Join our live webinar with HR for Health on April 15.

REGISTER TODAY
X