All posts by admin

5 Facts to Be Aware of About HIPPA Compliance

5 Facts to Be Aware of About HIPPA Compliance

Although HIPAA compliance is a subject that affects many businesses, it’s not necessarily something that people willing want to spend their time focusing on. However, just as it’s crucial for a business to follow all IRS guidelines, the same goes for HIPAA compliance. And the good news about this topic is it’s not necessarily as daunting as it may initially seem.

When it comes to avoiding running afoul of HIPAA guidelines, one of the most important things is to stay up to date about new changes. Since there are new changes that get implemented from time to time, we thought it would be helpful to cover five things to know about HIPPA compliance in 2015:

Safe Harbor

The term Safe Harbor applies to HIPAA’s Final Breach Notification Rule. What this term means is in the event of a breach, a “covered entity” ensures that PHI was not disclosed. The key to properly complying with Safe Harbor is to take the necessary upfront risk assessment steps. While doing so require an investment of time and resources, not putting off this task is the best way to avoid steep fines in the event of a breach.

Encryption Isn’t the Complete Solution

A common mistake that companies make in regards to HIPPA compliance and the cloud is assuming that encryption takes care of everything. While encryption like AES-256 is vital for achieving and maintaining compliance, it’s just part of the bigger picture. Strong policies for encryption key management also need to be in place for everything to work properly.

Remember to Monitor Data Access

Simply put, you need to have a way to monitor who has access to your data. If you currently aren’t equipped to know when an intruder is trying to breach your system, this is an issue that you need to remedy as soon as possible.

Mobile Apps and Devices are Subject to the Same Guidelines

While mobile apps and devices are shaping the future for many companies, it’s important to remember that mobile solutions & offerings are subject to the same HIPAA rules and regulations. Although this reality shouldn’t deter you from charting your future course with mobile, it does demonstrate the need to do so in a well-planned manner.

Be Sure Employees Are Trained

HIPAA compliance isn’t something that should exist in its own silo. While it makes sense to have dedicated team members focused on this task, it’s a topic that needs to be communicated to your entire organization. The best way to communicate important topics like security awareness and HIPAA compliance responsibilities is to ensure that you have a formal annual training program in place.


Got more questions and or thoughts? Need help creating and implementing your organizations HIPAA Policies & Procedures? Give our team a call today 818-356-7183 or 888-959-0220 and ask for Josh

Read More



There are many different components that go into the updated HIPAA regulation, but what do organizations often times overlook? Here are the top 5.

Encryption– data must be encrypted both in flight (between your user and your database) as well as at rest (as it sites on the disk).  This can be done using something as simple as an SSL Certificate for data in transit, an application or database product that integrates with your delivery to encrypt the data before it hits your disk.  The bottom line is that all fines and penalties that have been levied thus far had to do with unencrypted volumes.  In fact, recently, a large company was levied a hefty $1.7M fine, not because the data was proven to be lost, but because the data was unencrypted. If the data was in fact encrypted, it would not have been considered a breach.

Physical Security in Your Office– Ensuring security around your office is extremely important. That includes employee badges, monitoring guests coming in and out, and locking file cabinets.  Many customers come to us with the mind-set that if they move their data to a secure facility like Connectria, then their data is safe.  They are correct, Connectria employs many security safeguards to protect our customers, however if a hacker was able to get passwords because you had poor security in your office, that would most definitely count as a breach.

Training– What many companies overlook is that fact that the weakest link in any security plan is the human factor.  You can place controls on access to the data, but if employees are taping passwords to keyboards, they are inviting a breach of your data.  Employees should be well trained in their responsibilities to protect the data they have been entrusted.  The very fact that a person’s most vital personal information is in their care should not be taken lightly.  In addition to instructing the employee on the internal controls specific to your organization, reviewing cases where fines and penalties have been levied also helps the employee to understand the real-world application of the safeguards you have in place. (MEEI breach, Blue Cross breach, Cignet breach)

Separate your web/application from your database-This is a general hosting best practice that also applies to HIPAA. All of your Protected Healthcare Information (PHI) is going to be stored in your database and you want to make sure it is separate from the rest of your environment. There are certain ports that you want open on a web server that you don’t want open on a database server, so you have to logically separate those two data points.

Business Associate Agreements-Many people do not realize the importance of the Business Associate Agreement (BAA) or the fact that they MUST HAVE A BAA WITH EVERYONE IN THE CHAIN OF DELIVERY.  The BAA sets roles and responsibilities for both the Business Associate and the Covered Entity.  In addition, the Omnibus Rule that took effect in March of this year established certain requirements regarding liabilities and Breach Notification.  If you are a Software as a Service Provider and you do not have a BAA with anyone connected to your support of your healthcare customers you are out of compliance and will be subject to fines and penalties, regardless of your implemented security controls.

For more information re

Read More

Guidelines For Developing a HIPAA Compliant Text Messaging Policy

Guidelines For Developing a HIPAA Compliant Text Messaging Policy

Include text messaging in your practice’s electronic communication policy, in addition to policies for email, social media, and the patient portal. Make sure a qualified healthcare attorney,

familiar with privacy and security laws in your state, reviews the policy prior to implementation.

Address these Issues:

  1. Who in the practice is authorized to text message with patients?
  2. What type of information is appropriate for texting? Clinical and financial questions? Product reorders? Surgery scheduling?
  3. Who reviews/responds to patient text messages? Who has access to them?
  1. How fast will the practice respond? After hours? On the weekend? Next business day?
  1. Will you allow communication using Protected Health Information (PHI)?
  1. What happens if a patient sends an inappropriate question, or an inappropriate photo by text? How does the practice handle it?
  2. Are texts sent on practice-owned mobile devices, personal devices, or both?
  1. What kind of patient texts trigger staff or the physician to call back instead of text back? Don’t just say “emergencies.” Clarify what you mean. These days people text back and forth about serious issues all the time – they may do the same if they have significant pus coming out their wound.
  2. How are text messages moved to the patient record?
  3. What is the process for doing so? How often and by whom?
  1. Where are text messages archived and how often? Local server? Cloud-based storage?
  2. How frequently are text messages deleted from mobile devices? Describe the process, how frequently it occurs, and who monitors it.

Customize these Statements:

  1. The practice sends/receives unencrypted, unsecured text messages only with patients who have signed a statement that explains the risks inherent in unencrypted, unsecured messages. (See #3 in the Practice Brief for a list of these.)
  2. The practice owns all text data messages and attachments, including images and videos, sent to and received from patients, even if the text messages are on a personal device.
  3. The manager or physicians can ask to review text messages and data at any time.
  1. Use of the mobile device (personal or practice owned) is covered under the practice mobile device policy. (This policy includes details such as; password protection requirements, what happens if it is stolen, device upgrades, etc.)
  2. All mobile devices used for text messaging with patients are encrypted and secure. (Explain how this is done and which encryption software is used.)
  1. All data from text messages is included in the patient record. This includes text and images. Describe the process, how frequently it occurs, and who monitors it.

To get assistance with creating and managing your organizations policies, give our HIPAA Compliance Officer a call direct at 888-959-0220

Read More

Top 7 Preparations For HIPAA Omnibus Changes

Top 7 Preparations For HIPAA Omnibus Changes

With the recent changes to the HIPAA Omnibus Rule, organizations and their business associates must address how they’re compliant and what changes to make to minimize risks. All transmission, storing and viewing of PHI must remain secure and compliant for both organizations and their associated vendors once the revisions take affect. With that in mind, healthcare organizations must ensure that their vendors will sign a Business Associate agreement to keep vendors aware of their liability with potential compliance risks.

The HIPAA Omnibus Rule explicitly details what extent organizations and business associates are liable for the exchange of PHI within the solution. Business associates must remain compliant and be able to disclose information if requested for any HIPAA investigation of their solution or any organization using their product to transmit, store or view PHI. With these details in mind, organizations must ensure that all vendors used for communicating or storing any PHI is compliant and able to provide proper documentation of PHI exchange for the organizations and the Secretary of the Department of Health and Human Services in case of potential security risks.

With secure text messaging, facilities can use a solution with features that help eliminate potential HIPAA risks with no messages stored locally or available without prior authorization to the network. Eliminating the need for vendors that won’t sign a BA or don’t provide the right feature set, secure text messaging helps minimize risks surrounding the transmission, storage or viewing of PHI. The right solution provides features and reporting to comply with the changes to the HIPAA omnibus rule and keep security a priority at your facility with a Business Associate agreement.

Be ready to extend your reach and help ensure that your organization and all associated third parties are taking the proper steps to secure PHI and eliminate potential risks with:

  • Updated Security And Privacy Policies
  • Proper Breach Notification Protocol
  • Executed Agreements With Associated Vendors

Top 7 HIPAA Preparations:

  1. Ensure associated vendors provide notification of potential PHI breaches
  2. Report on all PHI exchange with associated vendors
  3. Conduct periodic risk assessments to prevent security holes within vendor’s solution.
  4. Provide updated agreements to ensure understood liability and compliance with associated vendors.
  5. Compose risk analysis procedures examining potential access of PHI
  6. Document internal steps to help ensure PHI is not intercepted by unauthorized parties, both within the organization and with vendors
  7. Guarantee that any vendors transmitting, storing or viewing PHI signs a business agreement to help ensure

In Conclusion

With the recent HIPAA changes, healthcare organizations must realize the important to remain compliant. The HIPAA Omnibus

Rule allows healthcare organizations to ensure that their associated vendors are not only liable but help protect all PHI for your facility. Updated Business Associated Agreements need to include language to address the liability of any solution used by a healthcare facility to store, transmit or view PHI. Finding a secure text messaging solution simplifies the process further, giving facilities the ability to use and track communication of any PHI and remain compliant to changes to the HIPAA Omnibus Rule. Even with this solution, follow these 7 essential steps to keep security and protection of PHI a priority for your organization since the September 23rd deadline hit. For more information about how to remain compliant or how to implement secure text messaging,

Call for a free consultation from one of our HIPAA Compliance professionals today at 818-356-7183.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website