National Health IT Week: 10 Steps to Protect My Covered Entity From Breach

As part of National Health IT Week, InfoGard presents a prerecorded webinar detailing 10 steps a covered entity can take to help protect itself from a breach.

Our technical staff will be answering questions about this presentation, HIPAA requirements, and security risk assessments via email and here on the blog throughout National Health IT Week. Send your questions to

Slides from this presentation can be found here.

SRA Training Workshop-web - Copy

Security Risk Assessment Workshop

InfoGard recognizes the concerns healthcare providers have with safeguarding patient information. The healthcare industry has seen a rise in the number of breaches to health records over the past 4. Offering guidance and hands on classroom experience focusing on security risk assessment of healthcare facilities, InfoGard will be conducting a training workshop on September 22, 2015 in Los Angeles.

This interactive workshop will provide a clear and practical understanding of the security requirements surrounding healthcare facilities. Attendees will learn how to identify, categorize, and address potential risks within a facility.

To find out more about the workshop and to register click here.

For more information on InfoGard’s Security Risk Assessment services, please visit

Retail Payment vs Medical Record Breaches

Those of us involved in the information security business receive lots of questions from friends, neighbors and family related to their concerns about privacy. At InfoGard, we are heavily involved in evaluating the security of both Healthcare IT and retail payment devices and systems. Questions related to the vulnerability of retail payments have become increasingly common. However, little concern is voiced about the safety of healthcare records. While everyone has heard about Target’s, Supervalu’s (Albertson’s) and Home Depot’s breaches, and more recently, Kmart, the general public lacks an awareness of healthcare breaches. Furthermore, even when they hear the dismal history, they lack the same level of concern. Continue reading

Indian Health Service Partnerships Conference

In March 2010, President Obama signed comprehensive health reform, the Patient Protection and Affordable Care Act (ACA), into law. The law makes preventive care, including family planning and related services, more accessible and affordable for many Americans.

Last week, August 13-15th, the Indian Health Service (IHS) Partnerships Conference annual meeting was conducted in Denver, Colorado. This meeting is focused on training for key health system staff in the Business Office, Contract Health Services (CHS) Program and Health Information Management (HIM) Program. This year’s conference topic was the implementation requirements related to the ACA. Continue reading


Are you ready for your HIPAA audit?

The American Recovery and Reinvestment Act of 2009 (ARRA) requires HHS to audit covered entity and business associate compliance with the HIPAA privacy and security standards. To effectively implement this statutory mandate, OCR has engaged the services of a professional public accounting firm to conduct performance audits, using generally accepted government auditing standards. You are receiving this letter because OCR has selected [Name of entity] to be the subject of an audit.”

These are the words that every healthcare provider dreads.  This is language directly from the initial notification letter that went out to 115 different covered entities alerting them that they had been selected for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) pilot HIPAA audit program.  The goals of the pilot audit are:

  • to assess HIPAA compliance for a wide range of covered entities (including providers)
  • to identify best practices for routine audits
  • to discover common risks and vulnerabilities that may not have been revealed through OCR’s traditional complaint and compliance reviews Continue reading