HIPAA Blog - VM Racks
Questions? Contact Sales: 888-558-3645 Live Chat Email

What’s all the Hype about Kubernetes?

17Jan 2019
By vmradmin, VM Racks

The claim: Kubernetes takes traditional infrastructure deployments to the next level…

Kubernetes, or “K8s” as its popularly known, comes from a Greek word meaning “pilot,” or “helmsman.” Based on the original, internal Google code used to run their search, ads, and apps (and geekily named after the Star Trek: Voyager Borg drone known as ‘Seven of Nine’), it purports to warp infrastructure automation into new frontiers of efficiency and scalability. We asked Gil Vidals, David Breise, and Rick Montezuma of VM Racks to explain – on a practical level – what the hype is all about.

What is Kubernetes, or K8s?


Read more

Choosing the Right Type of Encryption for HIPAA Data

17Jan 2019
By vmradmin, VM Racks

Protecting your Patient’s Privacy…

It’s a necessity, especially for sensitive data like protected health information (PHI). HIPAA regulations require it. Today, most providers realize that encryption is the technique of choice; however, this seems to be the extent of most people’s knowledge.

If you are a manager, or involved in projects involving patient information in electronic health records (EHR), then it behooves you to know at least the basics of encryption, as well as where and when should it be applied.

There are two types of encryption that are commonly used to encrypt PHI data:

1. Symmetric, (or “secret key”) Cryptography
Read more

Public or Private? What Google Cloud Infrastructure (Plus Managed Services) Offers over Private Hosting

17Jan 2019
By vmradmin, VM Racks

The numbers are in …

More and more, companies are migrating to the public cloud. In fact, a recent survey of over 200 IT managers revealed that 84% have opted for using public cloud infrastructure over corporate data centers. Of those, 49% are utilizing the Google Cloud Platform (GCP). (Interestingly, the hybrid cloud is also becoming part of the conversation for the tech giant, but that’s another article).

The primary drivers to the public cloud, and GCP in particular, include: security, cost-efficiency, instant scalability, greater speeds, and higher availability. Let’s look at what GCP has…

Read more

Phishing in the Wrong Pond

15Nov 2018
By Gil Vidals, VM Racks

Have you heard the one about the company that decided to plan a “Phishing trip” for their employees?

Back in 2016, Atlantic Health System circulated a juicy email, promising employees a raise if they would simply respond with some key verification information. The information included employee id, date of birth, and home zip code. Roughly a quarter of the Health system’s 5,000 employees took the bait and opened the email; 2/3 of that group actually provided the requested information.

The company’s test proved insightful, and highlighted an all-too-common threat: an adversary with malicious intent can easily target “inter-office” email, capitializing on…

Read more

Is Gmail HIPAA Compliant ?

08Nov 2018
By admin, VM Racks

Still one of the most popular online searches in regard to HIPAA, the answer is clear: as a standalone service, Gmail is not HIPAA compliant. Even though Google employs some of the best security measures available, sending electronic protected health information (ePHI) using a regular Gmail account is explicitly prohibited by Google’s terms of service.

Google does, however, offer an enterprise solution for HIPAA compliance with their Google Apps platform. If you enter into a Business Associate Agreement (BAA) with Google, you will be able to use their Google Apps, HIPAA compliant platform.

Note: Before transmitting ePHI, your…

Read more

Hurricanes and HIPAA

09Oct 2018
By admin, VM Racks

How the HIPAA Emergency Plan Applies in Times of Disaster

In September of 2018, the powerful tropical storm known as Florence slammed into the eastern seaboard, causing catastrophic flooding and leaving 53 deaths in its wake. With a peak wind intensity of 140 mph, the long-lasting storm became the wettest tropical cyclone recorded in the Carolinas, dumping as much as 36 inches of rain on Elizabethtown, North Carolina. A public health emergency was subsequently declared for North Carolina, South
Carolina, and Virginia.

Along with the general public, healthcare providers also faced significant challenges created by the massive storm. Effective communications – always…

Read more

Physical Safeguards for HIPAA, Part 2: Workstation Use

25Sep 2018
By admin, VM Racks

In part 1 of this series, we learned that a laptop containing sensitive, protected health information (PHI) was stolen from the car of a West Virginia Health System employee. To make matters worse, the hard drive containing PHI was unencrypted, leaving the data open to access by unauthorized users.

While unfortunate, the occurrence does serve to highlight key issues concerning HIPAA security. As we saw in Part 1, regulations pertaining to data encryption and facility access security must be reviewed thoroughly, and robust security policies (lincluding locks on doors, cameras, restricted area signs, etc.) applied. Closely related to this…

Read more

Physical Safeguards for HIPAA, Part 1: Facility Access

24Sep 2018
By admin, VM Racks

A recent, potential breach of protected health information (PHI) – including social security numbers, financial information, and medial data – was reported by a major health system in West Virginia. The cause? A stolen laptop, taken from an employee’s car.

Despite equipping the laptop with security tools (including password protection), the health system failed to encrypt the laptop’s hard drive, allowing unauthorized users potential access to the sensitive, PHI data of over 40,000 patients.

Far from being overly restrictive, the HIPAA Security Rule was intended for just such situations; namely, to help organizations protect patients from having their personal Information divulged…

Read more

OpenVAS – Open Vulnerability Assessment System

30Jul 2018
By admin, VM Racks

If you’re looking for an open source software framework that is used for vulnerability scans and vulnerability management, the Open Vulnerability Assessment System (OpenVAS) is a first rate tool. First developed by Greenbone Networks, OpenVAS is a framework of services and tools supported by an open-source community that promotes vulnerability analysis and management. OpenVAS can be downloaded as binary packages, source packages, or a virtual appliance, or by using the terminal and executing the command “apt-get install openvas.”

Most commercial vulnerability scanners require a large amount of RAM, but OpenVAS will run off minimal RAM and computer resources. However,…

Read more

Encryption is Not Just a Buzzword

10Jul 2018
By admin, VM Racks

Data security has become a buzzword in recent weeks with the revelation of Cambridge Analytica’s involvement with Facebook’s data and election cycles worldwide. Now more than ever, ensuring the security and integrity of your customer’ information is a key requirement for business success in today’s modern climate.

So what steps are needed to ensure data security? The easiest step is to ensure all local (or on premises data) is encrypted. Fortunately, many software offerings have encryption built in, with features to protect your information. For example, Windows systems feature BitLocker, a full disk encryption system for encrypting your information.

So why…

Read more

Our certifications