Blog

We ensure small to medium sized health care organizations are successfully able to navigate through complex HIPAA regulatory compliance.

“Protecting Patient Data”

Get the latest Spiral Security Advisor and Risk Management Updates

April 9, 2024

How Florida’s HB473 Protects Small Physician Offices from Cybersecurity Incident Liability

L Kirby CISA, CRISC, CDPSE. CTPRP, CEH HIPAA HIPAA Compliance, HIPAA Risk Assessment, NIST 800-66 Rev2, vCISO

As a small physician practice, you’re no doubt well-aware of the growing threat of cyber attacks and data breaches in the healthcare industry. Cybersecurity has become a critical concern, not only for safeguarding sensitive patient information, but also for protecting your practice from crippling legal and financial liabilities. That’s why Florida’s recently passed House Bill […]

February 19, 2024

Review of Special Publication 800-66 Rev. 2, Implementing HIPAA Security Rule

L Kirby CISA, CRISC, CDPSE. CTPRP, CEH HIPAA, Technology HIPAA Risk Assessment, NIST 800-66 Rev2

Introduction In the ever-evolving landscape of cybersecurity, organizations face a constant barrage of threats that can compromise their information systems and the valuable data they hold. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-66 Revision 2 provides a comprehensive framework for conducting risk assessments, an essential component of any robust information […]

February 10, 2024

Montefiore Medical Center’s recent HIPAA settlement

L Kirby CISA, CRISC, CDPSE. CTPRP, CEH HIPAA, Technology HIPAA Compliance, HIPAA Risk Assessment, vCISO

Montefiore Medical Center’s recent HIPAA settlement serves as a critical case study highlighting the consequences of not conducting regular and thorough risk assessments. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) imposed a $4.75 million penalty on Montefiore Medical Center for violations of the HIPAA Security Rule stemming from a […]

December 6, 2023

“Unlocking HIPAA Compliance: The Case for a vCISO in Small Practices”

L Kirby CISA, CRISC, CDPSE. CTPRP, CEH HIPAA HIPAA Compliance, vCISO

In the ever-evolving landscape of healthcare cybersecurity, small practices find themselves navigating the complexities of HIPAA compliance. As the custodians of sensitive patient information, ensuring data security is not just a legal obligation but a critical component of providing quality care. The Challenge for Small Practices Small healthcare practices often face resource constraints, making […]