CastleHill Managed Risk Solutions Blog

The Costs of Storing Protected Health Information (PHI) in Spreadsheets

Posted by Michael Duggan on Aug 8, 2017 2:29:00 PM

There is a data war being waged in many healthcare organizations – spreadsheets vs. overall data security and integrity. In fact, in our experience, the number one risk to data protection and management is the common spreadsheet. Excel has been around since 1985, and, while a long-proven data workhorse, carries with it a multitude of security risks. In fact, according to the Identity Theft Resource Center, 2016 data breaches overall increased 40%, and the Healthcare sector accounted for about 35% of those breaches which were largely driven by hacking or similar practices (over 50% and climbing sharply).

Read More

Topics: healthcare

How Can I Ensure Our Vendors Are HIPAA Compliant?

Posted by Michael Duggan on Jul 20, 2017 1:54:00 PM

You’ve been diligent about developing the needed policies and procedures to ensure HIPAA compliance within your organization. It’s been challenging, but your internal audits have been positive, and you are confident your internal processes are up to standard. Are you as confident about your vendors and their HIPAA compliance?  If your vendors aren’t compliant, who pays the price? You do. As the outsourcing organization, you are responsible for the HIPAA practices of all vendors who have access to, work with, or store your sensitive PHI. Beyond the vendors who physically touch your data, such as IT providers, data centers, and document shredders, HIPAA compliance requirements could extend to other vendors who may have access to your contacts database, or even the data center where your IT provider backs up their own data (see: How Many Degrees of Separation Are There Between You and Your Data?

Read More

Topics: healthcare

Evaluating Governance, Risk, and Compliance (GRC) for Protected Health Information

Posted by Michael Duggan on May 2, 2017 11:44:52 AM

How Do Your Risk & Compliance Programs Stack Up?Do you know where your healthcare organization stands when it comes to evaluating and managing your Governance, Risk, and Compliance (GRC) for Protected Health Information (PHI)?

Read More

Topics: GRC, healthcare