Virtual 40th National HIPAA Summit Agenda, March 2023
Roadmap for CMMC’s CCP and CCA Credential
ISACA Industry Spotlight | Ali Pabrai
SmartStory Successfully Achieves HITRUST Certification
ecfirst Achieves HITRUST® Certification
Trionfo Solutions Achieves HITRUST® Certification
NIST Releases Updated Guidance for HIPAA, July 2022
CMMC and CUI: Rocket Fuel, Pabrai Podcast
MX2 Technology, an ecfirst Client, Achieves HITRUST Certification
NorthCoast, an ecfirst Client, Achieves HITRUST Certification
New! Achieve HITRUST i1 Certification in 2022, February 2, 2022
NIST Program Delivered in Collaboration with FBI InfraGard
HITRUST CSF Program Delivered in Collaboration with FBI InfraGard
HIPAA Safe Harbor, An ecfirst Webinar
Getting Started with CMMC, A DoD Mandate, ISACA Article, Ali Pabrai
Partnership Announcement - Virtual Auditor and ecfirst
HIPAA and COVID-19: Guidance from OCR
Cybersecurity Round-table, Des Moines, Nov 6, 2019.
HHS: Health Industry Cybersecurity Practices.
Meltdown and Spectre: Business Impact and Risk
ISACA Confirms Pabrai to Deliver Cybersecurity Brief in Bahrain
HITRUST CSF = Credible HIPAA Compliance
Pabrai Blog: Encryption = Prescription to Lower Risk!
Google Invites Pabrai to Present, The State of Cyber Attacks on Enterprises
HITRUST Blog Features’ Pabrai’s Is HIPAA in your Enterprise DNA?
Pabrai from ecfirst Appointed on HITRUST CSF Assessor Council Member
ecfirst Certified as a PCI Qualified Security Assessor (QSA)
PCI QSA Designation Requirements Successfully Met by ecfirst
Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. Websolv Computing, dba ecfirst, has successfully completed the requirements and is qualified as a PCI QSA.
Discuss your PCI DSS requirements, including risk and vulnerability assessment, penetration testing, policy development, and training with ecfirst.
Is HIPAA in Your Enterprise DNA? Ali Pabrai Blog with Konica Minolta
CHP+CSCS™ Program Confirmed for Las Vegas, NV on Nov 28-Dec 1, 2017
CHP+CSCS™ Program Confirmed for Philadelphia, PA on Sept 19-22, 2017
CHP+CSCS™ Program Confirmed for Chicago, IL on July 18-21, 2017
CHP+CSCS™ Program Confirmed for Orlando, FL on May 23-26, 2017
CHP+CSCS™ Program Confirmed for San Jose, CA on March 20-24, 2017
CHP+CSCS™ Program Confirmed for Columbus, OH on Jan 24-27, 2017
HIPAA Settlement Reinforces Lessons for Users of Medical Devices
Lahey Hospital and Medical Center (Lahey) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Lahey will pay $850,000 and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary and specialty care in Burlington, Massachusetts.
Lahey notified OCR that a laptop was stolen from an unlocked treatment room during the overnight hours on August 11, 2011. The laptop was on a stand that accompanied a portable CT scanner; the laptop operated the scanner and produced images for viewing through Lahey’s Radiology Information System and Picture Archiving and Communication System. The laptop hard drive contained the protected health information (PHI) of 599 individuals. Evidence obtained through OCR’s subsequent investigation indicated widespread non-compliance with the HIPAA rules, including:
- Failure to conduct a thorough risk analysis of all of its EPHI.
- Failure to physically safeguard a workstation that accessed EPHI.
- Failure to implement and maintain policies and procedures regarding the safeguarding of EPHI maintained on workstations utilized in connection with diagnostic/laboratory equipment.
- Lack of a unique user name for identifying and tracking user identity with respect to the workstation at issue in this incident.
- Failure to implement procedures that recorded and examined activity in the workstation at issue in this incident.
- Impermissible disclosure of 599 individual’s PHI.
In addition to the $850,000 settlement, Lahey must address its history of noncompliance with the HIPAA Rules by providing OCR with a comprehensive, enterprise-wide risk analysis and corresponding risk management plan, as well as reporting certain events and providing evidence of compliance.
Contact ecfirst to learn more about how to conduct a comprehensive and thorough risk analysis exercise with a credible risk management program.
ecfirst & (ISC)²® Offer HIPAA & Cyber Security Programs for CPE Credits
CHP Certification Program Confirmed for Chennai on Feb 17-18, 2016
Pabrai Brief on Healthcare Cyber Security in Seattle on Nov 3, 2015
Take the Cyber Security Readiness Quiz. Complimentary.
Assess the State of Your Organization’s Compliance with HIPAA, A Quick Self-Assessment
Cyber Threats Result in Business Risk
HIPAA Fines and OCR Identified Key Deficiencies
HIPAA Compliance: A Quick Self Assessment
CSCS™ Certification Program Confirmed for Dubai on Oct 4-5, 2015
CSCS™ Certification Program Confirmed for Chennai on Oct 8-9, 2015
Cyber Risk = Business Risk, Brief by Cyber Security Expert Pabrai in 4th Annual Phoenix Security & Audit Conference, Arizona
Just as the banks of a river, compliance safeguards and cyber security controls are vital to mitigating the risk to business. Like water in a river, sensitive, confidential information flows through all areas of the business. How prepared is the business from cyber attacks to compromise Personally Identifiable Information (PII) or confidential data such as Electronic Protected Health Information (EPHI)?
Are Your Applications HIPAA Compliant? Complimentary! Checklist for HIPAA Application Security
Over the past year, the cost of data breaches due to malicious or criminal attacks has increased from an average of $159 to $174 per record. Cyber attacks on healthcare organizations as well as business associates are on the rise. HIPAA mandates require that the EPHI processing applications meet defined requirements. Healthcare applications must be formally assessed to ensure HIPAA mandates are met. A cyber attack on an enterprise application may lead to a breach with EPHI accessed by unauthorized individuals.
HIPAA Certification Online, Special Promotion for a Limited Time
Cyber Risk = Business Risk, An Exec Brief from ecfirst
ecfirst Introduces Information Security Assessment for Small to Medium Businessest
Businesses must conduct a comprehensive and thorough assessment of the potential vulnerabilities to the confidentiality, integrity and availability of all confidential information, such as Personally Identifiable Information (PII).
ecfirst Video: Compliance & InfoSec Solutions
Exclusive! Checklist for Compliance & Information Security
Chinese Hackers Suspected in Healthcare Breach Impacting 4.5 Million
Pabrai Delivers Keynote Address in New York Conference
Prepared for HIPAA Audits in 2014?
Over $25 M in HIPAA Fines & 31 M Records Compromised! Medical records left unattended & accessible to unauthorized individuals
Technical Vulnerability Assessment is a HIPAA Compliance Mandate
Technical Vulnerability Assessment is a HIPAA Compliance Mandate
IRVINE, CALIFORNIA, USA â€“ May 25, 2014: A key requirement of the HIPAA Security Rule compliance mandate is that organizationsâ€™ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability (CIA) of all sensitive information such as Personally Identifiable Information (PII) or Protected Health Information (PHI).
Data breach results in $4.8 million HIPAA settlements
Information Security Staffing Program (ISSP) from ecfirst
ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA, provides the industry’s most flexible program for security staffing.
Toolkits for HIPAA, ISO & PCI DSS Released
IRVINE, CA USA — HIT/HIPAA UPDATE NEWS SERVICE — MARCH 20, 2014: Compliance mandates, such as HIPAA and HITECH, as well as international security standards such as ISO 27000 and PCI DSS, require organizations to develop a comprehensive and actionable set of policies and supporting capabilities.
ISSA Phoenix Features Pabrai Brief on BYOD & Compliance Mandates: Audit Ready? April 8, 2014
Compliance Mandates & BYOD: Audit Ready?
Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security
iPCR Product from Forte, Validated as HIPAA Compliant by ecfirst
NEWPORT BEACH, CALIFORNIA USA â€“ March 4, 2014
Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry.
Skagit County, Washington Breach Report Leads to OCR Investigation & HIPAA Fine
Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program.
Pabrai Compiles HIPAA Security Rule: Reference Guide, A Must Have Colorful Guide to HIPAA Compliance
IRVINE, CALIFORNIA, USA â€“ March 2, 2014: The HIPAA regulations require covered entities and business associates to comply with the HIPAA Security Rule. The HIPAA Security Rule: Reference Guide is a must have document that captures three core areas of information for each Standard defined in the mandate: Definition, Guidance Questions and Audit Readiness.
Cyber Security & Compliance Expert Pabrai Discuss HIPAA Self Attestation Checklist @ HIMSS, Orlando, Feb 24-25
HIPAA (ecfirst) – The Final Privacy and Security Rules of HIPAA have escalated the compliancy efforts of every healthcare organization. ecfirst will present key components of the new regulations, outline penalties for non-compliance, and provide recommendations for planning, preparing and executing sound HIPAA compliance policies and procedures.
Cyber Security Expert, Pabrai, Releases Self-Attestation Checklist for HIPAA Compliance
IRVINE, CALIFORNIA, USA â€“ Feb 6: We are surrounded by headlines every day about businesses and organizations compromised by cyber attacks. Security is only as strong as the weakest link and the hackers are having a field day with mining weak links in enterprise security.
MARS-E, Exchange Security
DES MOINES, IOWA, USA â€“ February 6, 2014: There is no integrated, comprehensive approach to security and privacy that respects applicable federal requirements under FISMA, HIPAA, HITECH, ACA, the Privacy Act, Tax Information Safeguarding Requirements, and state and other federal regulations.
Middle East Security Conference Features U.S. Cyber Security Expert Pabrai
IRVINE, CALIFORNIA, USA â€“ Jan 24, 2014: The recent massive data breach at U.S. retail giant Target is becoming a nightmare. Over 110 million impacted and details continue to emerge about Personally Identified Information (PII) compromised from credit card swipe machines and other systems.
Unencrypted Thumb Drive Loss Leads to HIPAA Breach & Fine!
OCR posts guide for disclosing PHI to law enforcement.
HIPAA Final Rule Deadline has Passed. Prepared? Get Certified.
Episource India Validated as HIPAA Compliant by ecfirst
HIPAA/HITECH Fine of $1,215,780 for Copier Breach of PHI
HIPAA PHI Breach by India Contractor
Pabrai to Deliver Featured Address at The Hackers Conference, Delhi
Conducting Vulnerability Assessments for HIPAA Compliance
Webcast: HHS HIPAA Compliance & Cyber Security
Webcast: Exec Brief on the HIPAA Final Rule
HIPAA Final Rule Updates, Exec Brief PDF Now Available
CSCS™ Program in India, April 17-18, 2013
Massachusetts AG Fines Billing & Pathology Firms $140,000 for HIPAA Breach
BOSTON â€“ Former owners of a Marblehead-based medical billing practice and four pathology groups have agreed to collectively pay $140,000, settling allegations that sensitive medical records and confidential billing information for tens of thousands of Massachusetts patients were improperly disposed of at a public dump, Attorney General Martha Coakley announced today …