Jonathan Krasner

Google to Remove ePHI from its Search Results

By Jonathan Krasner – HIPAA data breaches can occur if ePHI is posted on an open web site. In that situation, not only is the ePHI available for viewing, it also can be indexed by an Internet search engine such as Google. Many data breaches have been uncovered by finding the unauthorized ePHI via a Google search.

Read More

Phase 2 HIPAA Audits – The OCR Emails Have Begun

By Jonathan Krasner – Back in March, we reported that OCR had announced its Phase 2 Audit Program. OCR stated that they would compile a database of both Covered Entities and Business Associates to form the basis of the pool of organizations potentially targeted for audit. They have followed up on their intentions and in the last week organizations have started to receive contact emails from OCR.




OCR HIPAA Audits – It’s Real This Time

By Jonathan Krasner – Although HIPAA is an important set of laws passed to protect the sensitive medical information handled by millions of covered entities and business associates, HHS Office for Civil Rights has never established a permanent compliance audit program.


IBM Says that 2015 is the “Year of the Healthcare Breach”

By Jonathan Krasner – At the end of the year all kinds of publications and organizations publish yearly summaries to review the events of the past 12 months. Much of the time this can be positive publicity for a celebrity, firm, organization or industry. In this case, for healthcare, it is decidedly negative. Why has IBM made this proclamation? According to a company report just released, over 100 million records were compromised in the first half of 2015.


It’s Not Just Large Data Breaches That Matter

By Jonathan Krasner – We are all well aware of the epidemic of large data breaches that have been occurring recently. Anthem, Blue Cross, UCLA, the list goes on and on. Over 143 million records breached to date – an astounding figure! Since 2009, when the Office of Civil Rights “Wall of Shame” came into existence, there have been over 1,200 breaches of 500 records or more that have been reported.


The Security Risks of Medical Devices

By Jonathan Krasner – There are a large number of potential attack vectors on any network. Medical devices on a healthcare network is certainly one of them. While medical devices represent a potential threat, it is important to keep in mind that the threat level posed by any given medical device should be determined by a Security Risk Assessment (SRA) and dealt with appropriately.