Healthcare Cybersecurity News

QI’s Experts talk Cyber, HIPAA Compliance, and everything you need to know to keep your patients safe.

Decommissioning Equipment for HIPAA Compliance

Apr 19, 2018 | Healthcare Compliance

One of the most overlooked but critical aspects of HIPAA compliance is medical equipment management and decommissioning equipment and media that..

Granting and Revoking Access to PHI

Apr 19, 2018 | PHI Security

Effective access control is a fundamental part of securing Protected Health Information (“PHI”). Access control is essentially giving access when and..

SMBs paid out an estimated $301 million in ransom during the 2016-2017 period

Apr 19, 2018 | Healthcare Cyber Security

A recent survey indicated some interesting trends in ransomware attacks against small-to-medium size businesses (“SMBs”). According to the survey of..

What To Do With Unexecuted Business Associate Agreement

Transferring PHI without an executed Business Associate Agreement ("BAA") has become a point of intense focus for federal regulators, and one from..

Completed a Risk Analysis...Now What?

OCR has focused so much on risk analysis that there is a common misperception in the industry that a risk analysis is the primary task needed to be..

Storing PHI Offshore

A fundamental aspect of risk management and HIPAA compliance is knowing where the Protected Health Information (“PHI”) you create, store, maintain, or..

How To Properly Dispose of ePHI

The proper destruction of electronic Protected Health Information (“ePHI”) is often overlooked and, if done improperly, can lead to impermissible..

When an Initial Attack May Be Just the Tip of the Iceberg

Recent events indicate what we have long suspected; attackers often target the same organizations again after a successful attack. This exact scenario..

Selecting Security and Privacy Officers

An often overlooked aspect of HIPAA compliance is the selection of a HIPAA Security Officer and HIPAA Privacy Officer. These roles are often filled by..

Annual Breach Notification Deadline Approaching


If you had a breach in 2017 that affected less than 500 individuals, the deadline to notify the U.S. Department of Health and Human Services (“HHS”)..