Archive for month: May, 2018

Why Do A Security Risk Assessment?

Categories: Articles

Doing a “gap analysis” each year does not replace a Security Risk Assessment.

In a recent article from OCR, a clear distinction is made between what a gap analysis should be used for and why the need for a full Security Risk Assessment. They point out that practices and providers need to consider all potential risks regarding ePHI, not just previous years’ concerns.

See the rest of the article HERE.

Should you have any questions about your Risk assessment and corrective action plan, we are glad to see if we can help. If you are not sure what the differences are or if and when you need to perform them, please call on us for help.

WWW.GSGCOMPLIANCE.COM

Todd Greenberg and Bill Steuer

GSG COMPLIANCE

877-270-8306 ext. 133

678-209-2021 x133 (local)

877-828-8809 (fax)

404-643-4276 Cell

How to Prevent and Respond to Security Incidents

Categories: Articles

prevent and respond to security incidentsMedical practices are quickly getting a dose of reality on how critical it has become to protect information systems in the wake of the city of Atlanta ransomware attack this past month. An attack that caused courthouse documents and services like payment processing to become inaccessible for consumers.

Costs quickly add up to respond, correct and recover from a security breach. According to a recent article, written by Engadget, “The ransom demand was approximately $51,000, but according to the city’s Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation.” The city of Atlanta is reportedly facing a $2.7 million price tag to fix the issue.

The purpose of the HIPAA Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity, and availability of ePHI; protecting the practice and its patients. Practices must diligently prepare to protect itself from a security breach. It is imperative and a requirement for all practices to implement systems, policies, and procedures to protect electronic protected health information (ePHI).

To help prepare practices for such instances, we put together nine simple tips that every practice should know to help prevent and respond to security incidents.

1. Conduct a Security Risk Assessment
Understand potential security threats (e.g., downtime and costs associated with ransomware) and the impact they may have on your practice (risk and lost revenue). Use this information to shape your overall security strategy while understanding the risk and likelihood of each scenario occurring.

2. Train Your Employees
Because cybersecurity threats are continually evolving, an ongoing training plan for employees must be implemented. The training should include examples of security risks, as well as instruction on security best practices (e.g., lock laptops when away from your desk). Train your employees and then hold them accountable to follow the practice’s policies diligently.

3. Protect Your Network and Devices
Implement a password policy that requires strong passwords that expire every 90 days. Deploy firewall, VPN and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Consider implementing multi-factor authentication and encryption for hard drives. Constant network monitoring is vital especially if you work in healthcare where ransomware attacks are a daily occurrence.

4. Update Your Software
It is essential to use current software products and be vigilant about patch management. Cybercriminals exploit software vulnerabilities utilizing a variety of tactics to gain access to computers and data.

5. Create Straightforward Cybersecurity Policies
Write and distribute a clear set of rules and instructions on cybersecurity and distribute to all employees of the practice. These policies may include policies on social media use, personal device use, authentication requirements, and even what employees can and can’t do on the company computers and network.

6. Back Up Your Data
Regular backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a modern data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.

7. Enable Uptime
Choose a modern data protection solution that enables “instant recovery” of data and applications. Application downtime can significantly impact your business’ ability to generate revenue.

8. Know Where Your Data Resides
Maintaining oversight of business data is an essential piece of the security puzzle. The more places data exists, the more likely it is that unauthorized individuals can gain access to it. Avoid “shadow IT,” which is information-technology tools and systems used inside practices without explicitly organizational approval. An example of this is employees using Dropbox to share data without knowledge to the practice.

9. Control Access To Computer
Use security cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for access to all systems. Remove administrative privileges from all parties who do not need them on a regular basis to reduce the risk.

Provided by Chris Jann, Founder & CEO, Medicus IT (678.495.5902 or cjann@MedicusIT.com).

How to Recruit Top Talent: Referrals

Categories: Articles

Employee Referrals - Avery PartnersWhen it comes to recruiting people who are sure to succeed in their role, Avery Partners relies foremost on Employee Referrrals.

Research shows that referral programs are many times more effective than relying on job boards to find and hire applicants. Employee referral programs have proved to improve the recruiting function’s return on investment because referred individuals typically get up to speed faster, need less onboarding, are more satisfied in their roles and stay longer at the company. Referrals have also proved to be a cost-effective way to tap into a large, qualified labor pool of passive job seekers.

The more you research it, the more it becomes clear: almost always, the first step of any hiring process should be asking your existing employees if they know someone good for the role. A great referral program allows you to turn your entire workforce into recruiters. When you only have so many recruiters and so many resources to reach out to candidates, it helps to have a great referral program to empower all of your employees to help in sourcing.

The Avery Difference

At Avery Partners, we are different in that we take all the risk. We meet each of our candidates face to face for the interview to make sure they are the best fit for the job. These candidates are also OUR employees. We manage all their paperwork, applications, check references, federal verification and tax forms, background checks, drug screenings, pay-records, taxes, etc. This takes the hassle off your company and staff so that you can do what you do best.

Please contact Jennifer Hall for more information at the office (770) 642-6100 x237 or email Jennifer.Hall@AveryPartners.com

Meet the Team

Categories: Meet the Team

Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 3)

Todd Withrow, Marketing & Web Design

  1. Are you Married? I am not married. I do have a girlfriend though of 3 years.
  2. Do you have any children? If so, how many? I do not have any children. I’ve always wanted like eight though. Everyone I tell this to tells me the same thing “wait till you have one”😊
  3. Do you have any siblings? I do. I have one brother. His name is Wade Withrow. He works in security for one of the largest retail store chains in the country. He too was born and raised in Georgia—and still lives here.
  4. Do you have any pets? I have two Morkies. I didn’t know what a Morkie was until we got some. Morkies are a mix between a Yorkie and Maltese. They are two years old. Still look like puppies.
    Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 2)
  5. Where did you grow up? I was born in Decatur, GA. We moved to Norcross, GA for a few years while my Dad built our house in Duluth, GA. I lived there until college, then I moved out. My parents still live there.
  6. What part of town do you live in? I bought a house in Buford, GA after graduating college and landing my first job. I still have the house but am currently looking in the North Georgia Mountains for a new place to call home.
  7. If you could live anywhere in the world, where would you live? Why? The North Georgia Mountains appear to be a nice place to live. But if I could live anywhere, it would be somewhere east of Atlanta. Close enough to get to the city, and only a few hours away from the beach in Tybee Island. And not too far away from the mountains. So somewhere with a lot of land, and close to a city, the beach, and the mountains😉
  8. If you aren’t currently working your dream job, what would your dream job be? I love what I do. Website design and internet marketing changes daily. It keeps me on my toes. It’s a full-time job just keeping up with everything. But that’s pretty much what I do. Then educate our staff and clients and business partners so they stay up to date with everything as well.
  9. Did you go to college? If so, where? I did. The Art Institute of Atlanta. For multimedia and computer animation. Then to DeVry for a BA in Entrepreneurship.
  10. Are you working in the field of study you went to college for? Yes. There wasn’t much computer animation work in Atlanta at the time I graduated, so I relied heavily on my multimedia education. Multimedia = websites. About half of our business is website design and development. The other half is internet marketing. Then I definitely utilized my Entrepreneurship education from DeVry when I started NicheLabs about 12 years ago.
  11. What do you do for fun? I love the outdoors and traveling. I do a bit of traveling back and forth to Florida for business, as we have several hundred clients in SWFL. And my extended family, and girlfriend’s family, all live up north. So when traveling back and forth from FL to GA and up north we stop and enjoy the various sights to see. We do a lot of hiking.
  12. If you won the lottery tomorrow, in what ways would it change your life? I’d donate my time to helping start-ups be more successful. I have a ton of business and product ideas I’d love to explore. If I’m not able to have the “eight” kids I want, maybe I’d start an orphanage😊
  13. What is something we don’t know about you that we would be surprised about? I’m a big nature and animal lover. I’d love to hike the entire Appalachian Trail. When I get back, buy a bunch of land, and animals, and live off the land. Might be a bit surprising for someone so entrenched in technology and business / social networking.
  14. What’s the most embarrassing thing you ever did? When I was really young, I went to a summer camp. I had to get up in front of a ton of kids and put on a comedy show. I had all of my jokes written down and ready. But when I got up, the sheet of jokes fell out of my book, and I didn’t realize it. So I stood up in front of everyone, fumbling around for my jokes, but couldn’t find it. So I had to wing the whole skit. I had everyone laughing, but to this day, I’m still not sure if they were laughing “with” me or laughing “at” me. Hence the reason I’m still a little shy about public speaking 😐

Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 1)

© Copyright - Healthcare Services - Website support by NicheLabs.com