Entries by Grant Elliott

HIPAA & HITRUST: Learning to Walk, Before You Can Run

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high school diploma. While both HIPAA and HITRUST share the common goal of protecting healthcare data and personal health information (PHI), they differ in very fundamental ways. What is HIPAA? The […]

How MyVCM Can Protect Against Future Ransomware Attacks

WannaCry ransomware swept the globe, impacting over 150 countries in a reported 450,000 attacks. The attack hit several different industries, from hospital systems in the United Kingdom to FedEx in the US. Ostendio is committed to ensuring that your organization is protected from cyber threats,  and that everyone in an organization is aware of their […]

HIPAA Compliance and Cloud Service Providers

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you are compliant with the Health Insurance Portability and Accountability Act (HIPAA) when sharing this information with 3rd parties? If you are using a Cloud Service Provider, or are planning on using one soon, […]

OCR Audits Place Business Associates Under the Microscope

“60 percent of business associates have experienced data breaches.”1 With cybercrime on the rise, especially in the healthcare industry, healthcare organizations and their third parties (business associates or BAs) need to become more cognizant of how they handle sensitive patient data. 2016 saw the first-time OCR fined a BA for failing to safeguard PHI. As […]

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of Ostendio, and a former CISO, I speak with a lot of different companies about what their security concerns are. Here are my predictions for what 2017 may bring: […]

End-of-Year Round Up: 3 Must Read Ostendio Blog Posts

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization can use. As you review and prepare your risk and compliance strategies for the coming year, check out some of our client’s most read blog posts from 2016.   […]

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health companies penalized for non-compliance, the fast-growing benefits company has discovered the hard truth: compliance should not be an afterthought. As I wrote about earlier this year, meteoric growth, while […]