The passage of HIPAA Omnibus Rule heralds a new era of accountability for organizations that fall under the category of ‘business associates’ to a healthcare provider. The new rule has made some sweeping changes to the penalty system applied to each HIPAA violation category. Before you jump the gun and start worrying about the hefty fines, read this post to know whether you actually fit the role of a ‘business associate’ under the new rule.
The New Penalty System
Under the new rule, civil monetary penalties for noncompliance have been increased based on the level of violation. So, any breach of PHI (Protected Health Information) – whether intentional or accidental – can potentially set you back …
HIPAA Omnibus Rule: Should your organization’s IT department fret over it? — Part II
In the first part of this 2-part blog, we saw the update about the HIPAA Omnibus Rule and the deadline for compliance (September 23rd, 2013). Now, let’s analyze the before & after of this new rule, and if it really applies to you. (Check out the examples given for better understanding.)
The Scene Before HIPAA Omnibus…
Before this law was enacted, it was the responsibility of healthcare providers (hospitals, clearinghouses, insurance companies, etc.) to report to HHS about any breach into the protected health information (PHI) that they store. And they had to comply with the detailed HIPAA Privacy Rule and HIPAA Security Rule in order to show that the PHI had been properly safeguarded, and not b…
HIPAA Omnibus Rule: Should your IT department fret over it? — Part I
Today, the entire healthcare industry is abuzz over the latest development – the HIPAA Omnibus Rule. And all those businesses associated with healthcare providers – in some way or the other – are looking for some answers in that 500+ page proclamation, because certain clauses of the enhanced law have given them new obligations.
Early this year, the U.S. Department of Health and Human Services (HHS) announced HIPAA Omnibus Rule, a collection of reformations to HIPAA, in order to strengthen the privacy and security protections for health information. Promulgated on March 26th, this law is about to give two new responsibilities to the business associates of healthcare providers:
- Reporting data brea
…
Voices that matter – Identity and Access Management
Lately, the digital identities of users have evolved into playing a significant role in specifying how users interact with computer networks, thus making the IAM programs more and more complex.
Identity and Access Management has become one of the most celebrated, and at the same time, dreaded term in IT management. In the present days of cutting-edge technology, IAM has evolved into a branch of science and has been perceived as a very difficult process. IT administrators have to find innovative ways to deal with the new challenges that today’s technologies and business demands throw at them.
Procuring industry-level IAM information, processes, implementation stories, what worked for whom, etc. can b…
Tracking Workstation Logon/Logoff using ADAudit Plus
Before getting into the specifics, I would like to give a small introduction on tracking Logon / Logoff in Active Directory environment, which is a cumbersome process.
Auditing the Windows Active Directory environment
Logon Auditing
With the current Windows architecture it’s difficult to get all logon data at a single point. In an AD environment, a Domain Controller (DC) is the one which does the real authentication. When there are multiple DCs in a setup, handling the authentication mechanism, the logon data (please note only the logon data) is available in different computers (read as DCs). So to compute a clear logon activity collecting all these data is essential. Also another pain point here is …
- HIPAA Omnibus Rule: Should your organization’s IT department fret over it? — Part II
- HIPAA Omnibus Rule: Should your IT department fret over it? — Part I
- HIPAA Omnibus Rule: New Penalty system with steeper fines
- Tracking Workstation Logon/Logoff using ADAudit Plus
- Voices that matter – Identity and Access Management