So you’ve developed a nifty new app for healthcare, and need it secured for HIPAA compliance? Perfect, we can help

But realize, that’s only a start. Consider the reality: a 7-year study conducted by researchers from Michigan State and Johns Hopkins University found that approximately 53% of all data breaches reported to the Office for Civil Rights (OCR) were actually the result of internal negligence.

Reasons for these data breaches might include:

• theft of data by current or former employees
• poor password policies
• careless use of laptops or mobile devices
• stolen hard drives (from the workplace, or employee’s cars or homes) with unencrypted data
• email phishing scams, etc.

All of which to say that when an HIPAA auditor comes…

Examining Your Social Media Policies for HIPAA Compliance

With over 2.8 billion users worldwide – over a third of the world’s population – social media is fast changing the way we communicate. In the U.S. alone, the percentage of adults using some form of social media, such as Facebook, Twitter, YouTube, or LinkedIn, has risen dramatically, from 8% in 2005 to nearly 70% in 2018.

Increasingly, healthcare workers and their patients are among those realizing the benefits: sharing articles on the latest medical research, networking and making referrals, marketing their practices to new and existing clients, and even communicating directly with patients about their care.

Staying Compliant with…

Another Stolen Laptop

Another potential breach of protected health information (PHI) — including names & addresses, medical diagnoses, and medications — was reported by a major health system in Michigan.

The cause? Yet another stolen laptop, this one containing approximately 15,000 patient records.

Securing electronic PHI means, at minimum, implementing “reasonable and appropriate physical safeguards related to equipment and facilities.”

Resolve this year to keep your PHI HIPAA-compliant and SECURE: https://bit.ly/2OvVueG

Reduce your stress at work, improve your performance, and contribute to your (and your company’s) overall health.

Studies show that as little as 10 minutes of exercise during your work day can help you de-stress, re-focus, and even boost your brainpower. It might be a vigorous lunch time walk – or even a quick game of ping-pong like we do at VM Racks. Physical activity helps you unwind, releases endorphins, and even provides some fun in the midst of an often sedentary day filled with mental calculations and multi-tasking.

Here’s some other great ways to reduce your stress:

• Enjoy some nature (rather than an electronic screen). Getting outside broadens your horizons (literally) so you don’t…
  

Will your company be impacted by GDPR?

Four years after its adoption by the European Parliament, the General Data Protection Regulations (GDPR) – a set of compliance requirements designed to give individuals greater control over their personal data in an increasingly digital economy- finally went into effect on May 25, 2018.

GDPR’s overall scope is broad, impacting all personal data (ie, any data that can be used to directly or indirectly identify a living person, including genetic, psychological, cultural, religious and/or socioeconomic).

GDPR’s Global Reach
Among its many reforms, GDPR also seeks to protect sensitive patient data (protected health information, PHI) by ensuring it is collected…

Do You Know the Difference? HIPAA Compliance vs HIPAA Certification

Should I obtain either or both statuses?

These are common questions that should be addressed when dealing with the protection of medical data and patient records within a HIPAA Compliant hosting environment. First, the differences:

• HIPAA Compliance refers to following the proper rules in accordance with requirements and regulations set forth by policies or guidelines.

• HIPAA Certification is the process to obtain or be awarded a document or designation to attest a person has completed an educational course.

These statuses cannot…

What’s all the Hype about Kubernetes?

The claim: Kubernetes takes traditional infrastructure deployments to the next level…

Kubernetes, or “K8s” as its popularly known, comes from a Greek word meaning “pilot,” or “helmsman.” Based on the original, internal Google code used to run their search, ads, and apps (and geekily named after the Star Trek: Voyager Borg drone known as ‘Seven of Nine’), it purports to warp infrastructure automation into new frontiers of efficiency and scalability. We asked Gil Vidals, David Breise, and Rick Montezuma of VM Racks to explain – on a practical level – what the hype is all about.

What is Kubernetes, or K8s?

David:…

Choosing the Right Type of Encryption for HIPAA Data

Protecting your Patient’s Privacy…

It’s a necessity, especially for sensitive data like protected health information (PHI). HIPAA regulations require it. Today, most providers realize that encryption is the technique of choice; however, this seems to be the extent of most people’s knowledge.

If you are a manager, or involved in projects involving patient information in electronic health records (EHR), then it behooves you to know at least the basics of encryption, as well as where and when should it be applied.

There are two types of encryption that are commonly used to encrypt PHI data:

Public or Private? What Google Cloud Infrastructure (Plus Managed Services) Offers over Private Hosting

The numbers are in …

More and more, companies are migrating to the public cloud. In fact, a recent survey of over 200 IT managers revealed that 84% have opted for using public cloud infrastructure over corporate data centers. Of those, 49% are utilizing the Google Cloud Platform (GCP). (Interestingly, the hybrid cloud is also becoming part of the conversation for the tech giant, but that’s another article).

The primary drivers to the public cloud, and GCP in particular, include: security, cost-efficiency, instant scalability, greater speeds, and higher availability. Let’s look at what GCP has…

Phishing in the Wrong Pond

Have you heard the one about the company that decided to plan a “Phishing trip” for their employees?

Back in 2016, Atlantic Health System circulated a juicy email, promising employees a raise if they would simply respond with some key verification information. The information included employee id, date of birth, and home zip code. Roughly a quarter of the Health system’s 5,000 employees took the bait and opened the email; 2/3 of that group actually provided the requested information.

The company’s test proved insightful, and highlighted an all-too-common threat: an adversary with malicious intent can easily target “inter-office” email, capitializing on…