Sharing office space can make a lot of sense for healthcare providers. It’s cost-effective, it looks professional, and it can even make things more convenient for patients. But there’s a side most providers don’t think about: when you share space, you can also share HIPAA liability. And here’s the kicker — even if you’re doing…
In July alone, multiple headlines reminded us that cybersecurity failures aren’t just a compliance problem—they’re an existential threat to healthcare practices. From ransomware attacks to regulatory crackdowns, we’re seeing a clear pattern: 📉 Providers are going out of business not because the threats are new, but because the response still isn’t there. Let’s unpack three…
Another small medical practice has closed its doors following a ransomware attack. This time, it was Alpha Medical Centre, a Georgia-based clinic that served its patients for years before being forced to shut down permanently after cybercriminals stole patient data and threatened to leak it. Sadly, this isn’t rare anymore. We’re seeing it happen again…
Most healthcare providers didn’t enter the field to become cybersecurity or compliance experts — and they shouldn’t have to be. But HIPAA doesn’t exempt small or mid-sized practices from its requirements just because you’re busy caring for patients. Here’s the uncomfortable truth: 94% of covered entities aren’t fully compliant with HIPAA, and one of the…
Just the other day, one of our business development managers shared an interesting conversation with me. He had reached out to a solo practitioner—a licensed mental health counselor—who works in a shared office space. This practitioner confidently stated that he was not required to conduct and document an annual HIPAA Risk Assessment. His reasoning?He uses…
A recent report by risk advisory firm Kroll (Kroll Data Breach Outlook 2025: Healthcare Most Breached Industry) reveals that healthcare has become the most frequently breached industry, accounting for 23% of all data breaches—up from 18% in 2023. Kroll also noted weak incident response practices, which not only amplify the damage of breaches but also…
New York’s new Health Information Privacy Act (HIPA) is poised to become one of the strictest state laws governing how health information is processed and shared. This comprehensive approach means that many organizations, some of which might not have previously considered themselves subject to health information privacy regulations, will need to re-examine their data handling…
Introduction In today’s fast-moving, technology-driven world, businesses can no longer afford to treat IT as just a support function. Instead, technology must be a strategic enabler of growth, innovation, and competitive advantage. However, many small and mid-sized businesses (SMBs) struggle with balancing IT strategy and IT operations—often due to budget constraints or a lack of…
Throughout my career, I have held a variety of senior leadership roles, including Chief Operating Officer, VP of Finance, VP of Technology, Chief Information Officer, and now CEO. Regardless of the title, one thing has remained constant: my belief in the transformative power of information technology. In every industry I’ve worked in, IT has been…
On December 27, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a proposal to update the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The primary goal of these updates is to better protect patient data from cyber threats. To information security professionals, this proposal brings…
Proposed HIPAA Security Rule Updates: A Summary On December 27, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a proposal to update the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Since the last update in 2013, the healthcare industry has become almost entirely dependent on…
Navigating the Challenges of the Security Rule Since the publication of the Security Rule in 2005, HIPAA Risk Assessments have been a mandatory requirement for covered entities. Despite this long-standing necessity, many entities—particularly smaller ones—struggle to conduct comprehensive and meaningful risk assessments annually. This article explores the significance of these assessments and the challenges covered…
