Category Archives: Security Policies and Compliance
Is Your Website ADA Compliant?
The Americans with Disabilities Act (ADA) is a landmark civil rights law that prohibits discrimination against disabled individuals in all areas of public life. It gives millions of people with disabilities equal access to employment, government, telecommunications, and businesses.
Businesses must make reasonable modifications to accommodate customers with disabilities. Title III of the ADA addresses businesses specifically. It prohibits discrimination on the basis of disability in places of public accommodation, which include restaurants, private schools, sports stadiums, office buildings, and more. Businesses are required to make “reasonable modifications” to serve people with disabilities.
Who Needs to Be Compliant?
Under Title III, businesses “open to the public” both in the physical world and online are required to provide equal access to people with disabilities.
Examples of businesses open to the public include:
- Restaurants and bars.
- Retail establishments.
- Hotels and other places of lodging.
- Parks, zoos, and other places of recreation.
Conduct A ISO 27001 Risk Assessment in 7 Steps
Risk assessments are the most important part of any ISO 27001 project. They help you determine how to get your ISMS in order and keep it that way. This is the core of your information security management system, which is what you get when you implement the Standard.
What is an information security risk assessment?
When you look at the bigger picture of an information security management system, your first step is to look for risks. A risk assessment is a tool used to assess and manage incidents that have the potential to cause harm to your sensitive data. Your first step is to identify vulnerabilities that a cyber criminal could exploit or mistakes that employees could make. Then you determine the risk level and decide on the best course of action to prevent them from happening.
How to conduct an ISO 27001 risk assessment
Risk assessments can be complicated. … Read the rest
This Year You Should Expect Stronger Cyber Security Regulations
The government is cracking down on cyber security. According to The Wall Street Journal, and companies are expected to comply with the more stringent cyber security regulations.
In early 2021, a SolarWinds and Microsoft hack occurred. They have been linked to Russia and China, respectively. President Joe Biden has issued a presidential executive order that mandates cyber attack reporting in some critical infrastructure sectors. The confirmation of a new National Cyber Director has also occurred. He is Chris Inglis and will oversee the cybersecurity efforts of the U.S. government.
Later in 2021, Kaseya and JBS SA were hit by ransomware. This is a big deal for critical infrastructure companies, because more regulation will likely follow. According to Sidley Austin LLP Partner Sujit Raman: “I think we’re going to see more regulations, because the government is going to have to step in and say, ‘Look, this is a national security … Read the rest
Why HIPAA Compliance Matters In Telehealth
While the world has dealt with the far reaching effects of COVID-19, the healthcare industry has had to deal with many unique challenges. The procedure to protect both patients and staff from possible exposure to virus’s is a tricky process, especially when in some locations hospitals have also been dealing with patient surges. Keeping up with scheduled visits and procedures is a challenge, and keeping patients and staff aware of what is going on around them is a challenge as well.
Telehealth Grew Exponentially Due To COVID
The Centers for Disease Control and Prevention (CDC) has created a specific condition in which many physicians’ offices are finding themselves doing routine patient visits virtually. While the concept of telehealth appointments has been around for years, telemedicine has only recently become the new norm for many people. During the recent pandemic, the number of Medicare beneficiaries using telehealth services increased by 11,700%. … Read the rest
Basics of FERPA – School Compliance
FERPA stands for the Family Educational Rights and Privacy Act. It was designed to protect both the privacy and security of certain kinds of educational records. It gives students, former students, auditing students, and others, certain privacy rights with respect to personally identifiable educational records.
What are Educational Records?
FERPA defines educational records as any records maintained by an educational agency, institution, or person acting for such that can identify a student on an individual level.
What is Directory Information?
Directory information refers to information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed (such as grade level or field of study). Grades, student IDs, social security numbers, disciplinary records, GPAs, and the like should not be considered “directory information,” and therefore, should not be disclosed.
What rights do parents have under FERPA?
For kids under 18, … Read the rest
The Tiers of HIPAA violations
If you violate HIPAA, you will be fined. The penalty fee is determined by how serious the violation is. However, most cases are solved with a technical guidance from the OCR or agreeing to change your policy and procedures to prevent future violations. Financial penalties for HIPAA violations are reserved for the most serious violations of HIPAA Rules.
What Happens if you Violate HIPAA? – HIPAA Violation Classifications
What happens if you break HIPAA? Well, that depends. The Office for Civil Rights prefers to resolve violations using non-punitive measures, such as with voluntary compliance or issuing technical guidance to help covered entities address areas of non-compliance. But more serious violations may result in corrective action, such as termination of your business or even criminal charges.
The four categories used for the penalty structure are as follows:
- Tier 1: A violation that the covered entity was unaware of and could not
QUICK HIPAA FACT SHEET
This quick HIPAA fact sheet will point you in the right direction! Did you know HIPAA, the Health Insurance Portability and Accountability Act was created in 1996? HIPAA is designed to maintain strict privacy over an individual’s health records.
Other acronyms you need to know for HIPAA compliance: PII (Personally Identifiable Information), EPHI (Electronic Protected Health Information) or just PHI (Protected Health Information).
HIPAA’s Goal:
To increase the privacy of medical and related information by controlling who has access to it. If you’re a healthcare professional, you are required to understand and follow HIPAA.
Examples of PHI:
Patient name, address, date of birth, phone number, medical record number, Social Security number, email, and diagnosis.
Who Has to Follow HIPAA?
Health plans, healthcare clearinghouses, and healthcare providers. As of January 2013, with the addition of HITECH, HIPAA also now applies to lawyers, consultants, contractors, cloud providers, software vendors, and more.
How
… Read the restThe 18 Identifiers Of PHI
In this article I will outline the 18 identifiers of Protected Health Information also known as PHI. Under the Health Insurance Portability and Accountability Act, known simply as HIPAA, PHI is any information (identifiers) about health care, health status, or payment for health care that can be linked to a specific individual.
THE 18 IDENTIFIERS
- Names
- All geographical subdivisions smaller
than a state, including street address,
city, county, precinct, and zip code - All elements of dates (except year) for
dates directly related to an individual
(birthdate, admission date, etc.) - Phone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers,
including license plate numbers - Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, such as fingerprints
and voiceprints - Full face photographic images and any
comparable images - Any other
HIPAA For Business Associates
HIPAA defines business associates as a person or entity that provides services to a covered entity that involves the disclosure of PHI.
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act, was enacted in 1996 primarily to simplify the flow of healthcare information, and to make sure that all PHI (Personal Health Information) is kept confidential and private and is only used in the way for which it was intended. This means that medical information can only be collected, shared, stored, and used for legitimate purposes, and must be properly protected.
Who must follow HIPAA?
Business associates who work for HIPAA-covered entities must comply with HIPAA. Business associates are people who work with, or provide a service to, a covered entity and, in doing so, have access to PHI. They could be attorneys, accountants, or transcriptionist’s. HIPAA-covered entities include healthcare providers (pharmacists, doctors, hospitals, and labs), healthcare plans … Read the rest
Is A Comcast Business Modem HIPAA Compliant?
I know the reason your here is to find out if a stand alone Comcast Business Modem can be used in a Medical Practice and pass the HIPAA compliance security check for protecting a healthcare network. Well, first there are a few things we need to know about HIPAA and Firewall Requirements.
HIPAA Firewalls 101
The internet is full of viruses and malicious software actively attempting to execute exploits and gain access to computers and networks. Without proper firewalls in place patient data will be vulnerable and accessible to bay guys.
Firewalls can provide a first line of defense. A firewall acts much like a solid brick wall around a building, complete with a gate and security guard. The security guard only allowing the specific things you have told him through.
What Would A Proper HIPAA Approved Firewall Do?
Can A Comcast Modem Reduce Risk And Impact Of Malware?
- A