IRON RODSecurity

Blog

EMS Cybersecurity Insights & Resources

AllHIPAAEMSePCRPHIHipaa complianceEms securityRansomwareIncident responseBAAComplianceEms cybersecurityFire departmentMdmMFA42 cfr part 245 cfr 164 308AmbulanceBreach notificationCADCad securityChain of custodyDe identificationFire station securityFoiaHipaa risk analysisNEMSISOcr reviewPhishingPublic recordsPublic safetySudVendor riskZero trustZoll

42 CFR Part 2 in the Field: Substance-Use Disorder Confidentiality That HIPAA Doesn’t Cover

Most EMS agencies know HIPAA cold. They train on it at orientation, build their ePCR workflows around it, audit for it. And then 42 CFR Part 2 walks in thr

42 cfr part 2ConsentSudRe disclosureCompliance

The HIPAA Risk Analysis That Holds Up Under OCR Review

OCR expects a risk analysis that maps threats to vulnerabilities, not a generic compliance checklist. Here is what 45 CFR 164.308(a)(1)(ii)(A) actually requires and how to build it for your EMS agency.

Risk assessmentComplianceHipaa risk analysis45 cfr 164 308Ocr review
EMS Cybersecurity Blog and Resources | Iron Rod Security