Manage

HIPAA violation examples: The five most common mistakes

By

Kristen Lee, News Writer

4/6

Healthcare data security: Lack of transmission security, encryption

Source: yogysic/iStock

Visual Editor: Sarah Evans

When it comes to healthcare data security, OCR said that the three main areas of error are the lack of encryption, lack of transmission security and the use of unpatched or unsupported software.

OCR said that all HIPAA-covered entities must either implement encryption or document why encryption is not reasonable and appropriate in a particular circumstance. From there, the entity must implement reasonable compensating healthcare data security controls.

Encrypting data in transit is also a requirement, OCR said. This is important, for example, in relation to mobile in healthcare.

And finally, healthcare organizations' use of unpatched or unsupported software creates a healthcare data security risk on systems that access ePHI. However, with patch management technologies, it is possible to automatically update and patch software.

View All Photo Stories

SearchCompliance

How to evaluate and select GRC vendors and tools
There is a variety of governance, risk and compliance software on the market. Learn about some of the available products and how ...
10 CCPA enforcement cases from the law's first year
It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. ...
Use ISO 22332 to improve business continuity plans
Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on...

SearchCIO

Calls for federal data privacy law grow alongside AR, VR use
A federal data privacy law would provide crucial safety guidance for development and adoption of technologies like augmented and ...
4 ways CIOs can adapt metrics for the new workplace
The limitations of traditional leadership and enterprise metrics are coming to the fore. To adapt, CIOs will need to focus on ...
Big opportunities for strategic CIO leadership today
CIOs and technology leaders have unprecedented opportunities to lead their enterprises in meeting today's new demands. Here are ...

SearchCloudComputing

An overview of Amazon EC2 vs. AWS Lambda
EC2 and Lambda meet different needs in an AWS cloud environment -- but can also work together. The only limits are in the minds ...
Break down the different AWS Graviton2 instance types
AWS Graviton2 processors power a range of EC2 instance types. To select the right one, consider an application's specific compute...
3 best practices for Amazon S3 cost optimization
Everything a business runs in the cloud costs money, and AWS S3 storage is no exception. Smart AWS users understand how to adjust...

SearchMobileComputing

Google bets on the new Tensor chip to help Pixel 6 succeed
The Tensor chip within the Pixel 6 and Pixel 6 Pro will perform machine learning tasks like translating foreign speech in real ...
Disney adopts Amazon's white-label voice assistant for hotels
The "Hey Disney" voice assistant is the first use of Amazon's white-labeled voice assistant in a major hotel chain. It will ...
Apple improves MDM on iOS, iPad OS
Changes to Apple's mobile device management protocol could lead to better MDM products for iPhones and iPads. The protocol update...

SearchSecurity

Emsisoft cracked BlackMatter ransomware, recovered victims' data
Emsisoft developed a decryptor for BlackMatter and also found vulnerabilities in about a dozen other ransomware families that can...
SolarWinds hackers attacking more IT supply chain targets
According to Microsoft, the Russian threat group known as Nobelium has already compromised 14 technology service providers across...
How to use Python for privilege escalation in Windows
Penetration testers can use Python to write scripts and services to discover security vulnerabilities. In this walkthrough, learn...

SearchStorage

NetApp Insight 2021 conference news and coverage
NetApp went virtual again for its annual Insight conference. Get the latest NetApp news in this updating 2021 conference guide.
RPO vs. RTO: Key differences explained with examples, tips
The recovery point objective and recovery time objective enable an organization to know how much data it can lose and how long it...
NetApp CloudOps platform to add security, CloudCheckr
NetApp's CloudOps platform, Spot by NetApp, matures further with new security and cloud oversight from forthcoming Spot Security ...

Close