What is HIPAA and why your forms must be compliant

Anyone who handles medical information has probably heard the horror stories about what happens when protected data falls into the wrong hands.

There is, for instance, the $16 million settlement that health insurance giant Anthem is paying in response to the largest U.S. health data breach in history.

In that case, hackers sent spear phishing emails to an Anthem subsidiary, where at least one employee responded to a fraudulent email and opened Pandora’s box for continued attacks. An investigation later found that the data breachRead more

What’s in a Name?

A recent, inadvertent email disclosure in a hospital setting led to a disclosure of PHI (protected health information) – a violation of HIPAA privacy rules – for 840 patients. The incident was yet one more validation of a recent Health IT report, which found:

“Data breaches in healthcare are 50 percent more likely to stem from internal mistakes by employees than from external causes, such as hackers,” according to a recent study in JAMA Internal Medicine.”

The disclosure of PHI occurred at University Hospitals Rainbow…

Are Windows Server Platforms HIPAA Compliant

Are Windows Server Platforms HIPAA Compliant?

Mission critical servers are valued for their longevity, and Windows is no exception. As a closed-source technology, Windows Server platforms typically have a long life-cycle, in part, because the training and manuals for the tools are proprietary, just like the software.

But similar to the Windows desktop distributions (XP, Vista, 7, 8,8.1, & 10), the Windows Server architectures can be problematic for HIPAA compliance. Yet with diligent care, a computer running Windows Server can comply with all aspects of HIPAA, and become an acceptable server on which protected health information (PHI)…

Charity and Security Begin at Home

It’s a debated idea in our national discourse lately, and believe it or not, there’s a parallel to cybersecurity. The charity debate (as we’ll call it) comes as a question of priorities; should we only look after ourselves and our own, and let it end there?

With no political agenda here, we can say that If one truly understands charity toward fellow man – especially in its supreme expression in the “Golden Rule” – the answer would clearly be “no.”…

Why Establish a Security Culture

Five “Security Culture” Markers:

Why Healthcare Has a Cyberattack Target On It…

We’ve all heard by now that healthcare is seriously lagging in cybersecurity effectiveness. According to a recent study, healthcare ranked 15th out of 18 major U.S. industries in terms of overall cyber health. Another study indicates that in the past seven years, 2,149 breaches have occurred, amounting to 176.4 million patient records disclosed.

If you’re a member of the healthcare industry, or even just a consumer of it (aren’t we all?), these statistics should prompt you to sit up and ask, “Why does healthcare seem to have a target on its back?”…

Mobile Device Management & HIPAA

Back in 2014, Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia was serving as an active business associate to six skilled nursing facilities, providing information technology services.

Unfortunately, one of their iPhones containing the unencrypted, protected health information of 412 nursing home patients – including their social security numbers, diagnosis and treatment information, and the names of family members and legal guardians – was stolen.

The resulting breach led to a $650,000 HIPAA fine.

At present, 90 percent of healthcare organizations use or plan to use mobile devices

The incident with CHCS should raise our security caution level, for the…

Who Has Access to Your Vital Records? The Surprising Fact of Employee Snooping

According to a privacy breach survey of healthcare providers – 70% of which admitted to having at least one security breach – 35% attributed the breach to unauthorized access by employees.

Take note of that stat: essentially, the survey found that the most common cause of HIPAA security breaches is actually small-scale snooping by employees.

The results went on to reveal that 27% of breaches occurred when an employee viewed the medical records of friends and family, and 35% when employees checked the medical records of their work colleagues.

Secure and Appropriate Collaboration

It goes without saying that the…

How a DevSecOps Mindset Promotes Better Security and Productivity

Changing a company’s security culture is hard sometimes. Consider the techy world of applications development, if you will. (Even if this doesn’t apply strictly to you, the lessons are helpful).

Typically, as one network security expert points out, the old ways of bringing usable software to market involved “every man to his island.” You had an IT island, a DevOps island, and last but not least, a Security island.

The Devops island had its goal: do continuous deployment and continuous release of code, with automation being a driving force wherever possible. Sure, you employed a Source Code scanner…

A TotalHIPAA Podcast

Andrew Kroninger, TOTAL HIPAA’s Director of Customer Success, recently interviewed Gil Vidals, founder and CEO of VM Racks, a HIPAA compliant cloud managing solution. The two discussed Gmail’s potential for HIPAA compliant email messaging. You can listen to this episode of our podcast HIPAA Talk! here or on your mobile device via Apple Podcasts. Or, read our summary:

AK: Can I email PHI?

GV: HIPAA mandates that you protect PHI (Protected Health Information) in transit, in storage, and at rest. There is a common misconception that email is a secure way to send and receive PHI. On…