Skip to main content
Learn more about advertising with us.

Comply Assistant’s Blog

Page 1 of 2


October 14, 2016

Have you tested your breach incident response process?

By Gerry Blass

Adding a cybersecurity tactical simulation test to an overall information security risk assessment is a must in today’s world. It is a sure bet that attacks and breaches will continue to occur and so the need for functional assessments, mitigation, awareness and response are key to protecting your organizations confidential information.

Read more


August 25, 2016

How to avoid HIPAA penalties based on some of the largest!

By Gerry Blass

Reviewing some of the largest fines can help healthcare organizations learn how to avoid them should an incident occur. Many experts say that it isn’t IF an incident will occur, it’s WHEN. Here is a sample list of how to be ready for an OCR audit due to either an incident or routine phase two audit protocols:

  • Be a functional organization by properly funding your information security program
  • Empower your Chief Information Security Officer (CISO)
  • Conduct periodic risk assessments (HIPAA rules, OCR Phase 2 protocols, NIST (including Cybersecurity framework), PCI, Intrusion vulnerabilty scanning,  external penetration testing, phishing exercises, etc)
  • Implement and maintain operational policies, procedures and plans (e.g facility security plans, etc)
  • Educate the workforce on a periodic general basis and focused as needed
  • Implement a process to assess  third party business associates for information security risk and contracts
  • Mitigate known risk in the order of highest to lowest
  • Protect vulnerable PHI in transit and at rest
  • Be prepared for an OCR audit, now based on phase 2 protocols
  • Be prepared to respond to an incident

Read more


August 5, 2016

Third party (BA) contract and privacy and security risk management

By Gerry Blass

The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.

Read more

  • 1
  • 2