The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization can use. As you review and prepare your risk and compliance strategies for the coming year, check out some of our client's most read blog posts from 2016.
Demonstrating HIPAA compliance is a challenge for many digital heath companies. In fact, smaller digital health companies often struggle to meet even the basic requirements of the HIPAA Privacy, Security and Breach notification rules. Fortunately, Amazon Web Services and MS Azure, both of which offer Business Associate Agreements, provide the ability to physically protect production data in a simple manner. And with services like Catalyze, even the smallest startup can now provide a minimally acceptable physical security requirement.
A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon get asked. HITRUST is now the compliance standard for many large healthcare organizations like Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group.
For the average digital health company HITRUST certification can be a daunting task. Most organizations are required to manage their information security and compliance to multiple standards and regulations, not just HITRUST. So how do you build HITRUST certification into the mix of other information security standards and regulations you are already working to meet?
The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon Valley excess in a matter of weeks. The company, which has risen from a startup to being valued at $4.5 billion inside of two years, is clearly trying to get ahead of the issue. Zenefits cofounder and CEO stepped down amid “compliance concerns.”
The reality is that Zenefits story is indicative of many digital health success stories. It should not be a surprise.
Ostendio helps healthcare companies and medical device manufacturers improve security, reduce risk and demonstrate compliance through its cloud-based security platform, MyVCM. Email us at firstname.lastname@example.org to request a demo or to speak with an industry expert.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at email@example.com.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.