Category Archives: Security Policies and Compliance


Simple Checklist For Creating A Business Continuity Plan

No one can predict the future; however, you can be ready with a sound business continuity plan. The business continuity checklist is the first step in the BCP process.  The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs.  The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides a competitive advantage.

Read the rest

What Firewalls To Use To Be HIPAA Compliant

Do you know what firewalls to use to be HIPAA compliant? Is your Network Secure? How is your organization doing with logging? If you don’t know the answer to these questions, you’re not alone.

I am going to bluntly state that medical offices need to have a UTM Firewall  (Unified Threat Manager Firewall) appliance. These types of Firewalls will make it more simpler for you to pass a HIPAA audit. Inspectors from Health and Human Services (HHS) Office of Civil Rights (OCR) check that patient health information (PHI) is secure in its storage, transference, and disposal. A firewall allows or denies access to anywhere PHI is kept.

 

Your Firewalls should have application-level inspection

To protect PHI data the UTM Firewall can authenticate access within applications that healthcare uses to provide care. In networking terms, layer 7 of the OSI is the application layer. The UTM firewall is smart enough to … Read the rest


Does A Office Printer Have To Be HIPAA Compliant?

Ensuring that your office printer is HIPAA compliant isn’t only important for the security of your patients but it’s also the law. That being said, all printer technology must be secured and maintained according to the standards outlined in HIPAA.

 

Types of print technology defined:

Print technology is defined as printers, copiers, multifunction printers, fax machines, and all other devices with similar functions.

 

How to know if my printer is HIPAA Compliant? 

I have some advice here for you when it comes to HIPPA compliance security and the print technology devices your office uses.

One of the BIGGEST weaknesses I continue to see when working with healthcare organizations is the lack of attention and knowledge of printing technologys play in HIPAA compliance.

As you know the confidentiality of health information of all your patients is vital, and the craziest part is that you might not even know your putting your … Read the rest


Amazon Alexa has some new HIPAA enabled Skills

Amazon Alexa has some new HIPAA Compliant enabled Skills Kit. Covered Entities and their Business Associates, subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), to build Alexa skills that transmit and receive protected health information as part of an invite-only program.  There are six new Alexa healthcare skills from industry-leading healthcare providers, payors, pharmacy benefit managers, and digital health coaching companies are now operating in the HIPAA-eligible environment. If you are interested in getting updates, click here.

New Healthcare Skills

The new skills are designed to help customers manage a variety of healthcare needs at home simply using voice – whether it’s booking a medical appointment, accessing hospital post-discharge instructions, checking on the status of a prescription delivery, and more.

The new HIPAA compliant healthcare skills:

  • Express Scripts (a leading Pharmacy Services Organization): Members can check the status of a home delivery prescription and
Read the rest

HIPAA Violation Examples And Fines

Not keeping up with HIPAA regulations can be quite costly for any physician’s office or entity that needs to adhere to compliance. HIPAA Violation fines range from $100 to over $4 Million. Staying compliant is not an easy task, regulations are always changing and you are required be up to date about every change. I have written below a few basic examples and how to avoid them.

 

What is this so called HIPAA Violation?

A HIPAA violation happens when there is some sort of Breach, acquisition, access or a disclosure of Protected health Information which is known as (PHI) that can result in personal risk of the patients. 

Everyone that works with PHI should be compliant:

  • Health Plans

  • Health care clearing houses

  • Health care providers who transmit claims in electronic form

  • Medicare prescription drug card sponsors

  • Any Business Associate, Entity or Individual that has access to any type of PHI. 

Read the rest

What is HIPAA used for?

Most of us already know the basic of HIPAA and what the acronym is which is; Health Insurance Portability and Accountability Act and it was passed by Congress in 1996. Now we can move onto the real question which is, what is HIPAA used for?

  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduces health care fraud and abuse;
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and
  • Requires the protection and confidential handling of protected health information

HIPAA is organized into separate “Titles.”  For information on the HIPAA Titles read below

Title I: Heath Care Access, Portability and Renewability

HIPAA Title I of the Health Insurance Portability and Accountability Act of 1996 protects health insurance coverage for workers and their families when they change or lose their … Read the rest


HIPAA Compliance Checklist

Are you looking for a HIPAA Compliance Checklist to self-evaluate your practice or organization? I have created an easy to read document that does just that.

This HIPAA Compliance Checklist was built upon a previous post called: HIPAA Compliance Program Tips which spoke about The Seven Fundamental Elements of an Effective Compliance Program Implementing written policies, procedures and standards of conduct. 

This checklist is only created with knowledge of general questions and answers that you should have in place to state that you are HIPAA compliant, and does not qualify as legal advice. Successfully completing this checklist DOES NOT certify that you or your organization are HIPAA compliant.Read the rest


HIPAA COMPLIANCE PROGRAM TIPS

Here are the Fundamental and Practical Tips for achieving HIPAA compliance with your organization. 

The Seven Fundamental Elements of an Effective Compliance Program

  1. Implementing written policies, procedures and standards of conduct.
  2. Designating a compliance officer and compliance committee.
  3. Conducting effective training and education.
  4. Developing effective lines of communication.
  5. Conducting internal monitoring and auditing.
  6. Enforcing standards through well-publicized disciplinary guidelines.
  7. Responding promptly to detected offenses and undertaking corrective action.

 

Five Practical Tips for Creating A Culture of Compliance

  1. Make compliance plans a priority now.
  2. Know your fraud and abuse risk areas.
  3. Manage your financial relationships.
  4. Just because your competitor is doing something doesn’t mean you can or should. Call 1-800-HHS-TIPS to report suspect practices.
  1. When in doubt, ask for help.

 

Feel free to comment below if you need assistance or have any questions regarding HIPAA Compliance and click on the following post looking for a HIPAA Compliance Checklist

 

Read the rest

Slack has upcoming HIPAA Compliant Features

Slack has been working hard and now have some upcoming HIPAA Compliant Features in the works. So far their file upload service is the only feature that is HIPAA compliant. Let’s not shy away from the vendor just yet because after all they are NIST complaint and which plays a roll into HIPAA.

 

Since its launch, Slack has not been HIPAA compliant, although steps have been taken to develop a version of the platform that can be used by healthcare organizations. That version is called Slack Enterprise Grid.

The only HIPAA compliance Slack app would be the Enterprise Gold which is not the same as the other business platforms. Slack Enterprise Gold is built on a more robust platform designed for 500 or more employees. 

The Slack Enterprise Gold platform encrypts data in transit and at rest. It has customer message retention and data loss prevention. Which is a step … Read the rest


Is Microsoft OneDrive HIPAA Compliant?

Are you looking to find out if OneDrive is a HIPAA compliant cloud storage solution? We reviewed the Microsoft Trust Center and found a page called HIPAA and the HITECH Act.

Within the document Microsoft states the following:

“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”

Since Microsoft OneDrive is bundled into Office 365, we decided to look for a PDF doc for Office 365 and behold Office 365 Compliance Framework for Industry Standards and Regulations . This PDF document offered a deeper insight for OneDrive and its capabilities on HIPAA compliance and the document specifically states that OneDrive for Business can be HIPAA compliant while OneDrive consumer cloud storage is not HIPAA compliant.

Is Microsoft OneDrive HIPAA Compliant?

So Is Microsoft OneDrive A HIPAA Compliant Service?

The … Read the rest