BlueOrange Compliance

05/11/2020

Hackers are targeting healthcare workers and researchers fighting coronavirus, US and UK cybersecurity officials say

A joint warning was issued by the UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) to medical workers and research centers around the world with steps to strengthen cybersecurity.
The campaigns have primarily used a technique known as "password spraying," which employs widely used passwords across whole networks of logins. Even if only a few accounts use those passwords, that's all the hacking groups need to gain access.
As such, US and UK security officials urged healthcare and medical research staff around the world to take two main security precautions:
1. "Change any passwords that could be reasonably guessed to one created with three random words."
2. "Implement two-factor authentication."

05/04/2020

Cyber security is now more important than ever to running a secure practice. Blue Orange Compliance is here to keep you up to date with trusted information. Please join us on May 28th for a look at how cyber security plays an integral part in your practice's compliance and how it is being affected during COVID-19. Hear from our experts on what steps you can take to be better prepared.

05/01/2020

We are truly grateful for the dedication and self-sacrifice our community’s healthcare workers have shown during this unprecedented time of COVID-19. Our newest blog was written about a personal experience by a dear friend of the Blue Orange family and how those on the front lines in nursing homes are giving their hearts and souls to their residents. Blog can be found here: https://hubs.ly/H0q2_KJ0

The HIPAA Security Rule was created to protect an individual’s electronic personal health information (ePHI) which is created, maintained, and/or used by a covered entity. Review your plan to be sure you are prepared and can comply with HIPAA.

03/05/2020

The HIPAA Security Rule was created to protect an individual’s electronic personal health information (ePHI) which is created, maintained, and/or used by a covered entity. Review your plan to be sure you are prepared and can comply with HIPAA. Read our blog to learn more details.

The HIPAA Security Rule was created to protect an individual’s electronic personal health information (ePHI) which is created, maintained, and/or used by a covered entity. Review your plan to be sure you are prepared and can comply with HIPAA.

02/25/2020

How's the health of your Privacy & Security? BlueOrange Compliance representatives will be attending & exhibiting at the QHR Partner Solutions Expo in Arizona on March 3, 2020. Visit booth 209 during the event to learn more. https://hubs.ly/H0n9hhz0

02/04/2020

During tax season, online scams increase significantly due to the volume of personal information being transmitted. Learn how you can stay safe by taking part in “Tax Identity Theft Awareness Week.” Learn valuable tips on how you can protect yourself by taking part in the educational webinars. Read more.

Tax identity thieves and IRS imposters are ready for tax season, whether you are or not.

01/29/2020

Since HIPAA was passed into law, there have been major additions and key dates in the enactment of the regulations that have primarily focused on the goal of protecting healthcare information. Learn what it means for healthcare organizations.

The HIPAA Privacy Rule created national standards to protect individuals’ medical records and other personal protected health information (PHI). Test your plan to be sure you are prepared for breaches and can comply with HIPAA.

01/23/2020

In today’s cyberwar arena, many healthcare organizations are conducting pe*******on tests to determine the likelihood of real-world threats to IT assets and physical security. Is your organization breach resistant? An external vulnerability scan is a critical component of pe*******on testing and is often a key indicator of an organization’s potential breach exposure. Learn more.

HIPAA law requires covered entities to safeguard against “reasonably anticipated” threats to protected health information. With healthcare security breaches making all too frequent headlines, the threat of malicious hacking can certainly be reasonably anticipated. In this cyber-war landscape, he...

01/20/2020

Mobile device security refers to the measures taken to protect sensitive data stored on portable devices. The importance of mobile device security is often overlooked but may lead to personal information being exposed on the internet. Don’t forget to secure your internet-connected devices. These can include laptops, smartphones, tablets, “wearables,” and other portable devices.

Here are a few mobile device security tips: Require device encryption, use 6-character lock-screen passwords, disable content within lock-screen notifications, and don’t use public USB charging stations. For additional tips and more details, visit CISA, https://hubs.ly/H0mFszX0

01/10/2020

The use of voice-controlled devices (VcDs) like Alexa continue to benefit senior living and long-term care providers, both from clinical and personal applications. Whether a community provides devices to residents as a service or residents bring their personal devices with them, privacy and security are concerns, particularly with HIPAA. LeadingAge CAST along with BlueOrange Compliance share guidance and policies on using these technologies. Read the full article: Opportunities, and Risks, with New Smart Voice Technology in Senior Living.
https://hubs.ly/H0mwTpM0

01/09/2020

Don’t forget to file your annual breach reports. The deadline is March 1st. Business Associates and Covered entities need to be prepared and ensure that all potential breaches are appropriately identified, investigated, reported, and addressed according to HIPAA’s specific requirements. Don’t get penalized. Read our blog to learn more details.

The Office for Civil Rights (OCR) is increasing their enforcement of HIPAA! Don’t forget to file annual breach reports, due by March 1st, with HHS, OCR. Covered entities and business associates alike need to be prepared and ensure that all potential breaches are appropriately identified, investiga...

01/02/2020

Social media is an excellent channel for posting tips & news, marketing messages, and interacting with healthcare patients/professionals. What shouldn’t social media be used for? You are prohibited from disclosing any patient protected health information (PHI) on social media outlets. To learn more about specific HIPAA violations for social media posts, read this blog to learn how a dental practice was fined for posting patient information on social media.

Office for Civil Rights fines dental practice for HIPAA violations related to social media posts exposing patient information.