Yearly HIPAA Security Reviews are critical to meeting compliance requirements of all organizations under the HIPAA umbrella, either directly or via being a Business Associate. We have found that many organizations, especially the smaller ones, do not place much emphasis on these reviews, skip them, ignore them, or hope that they go away. They treat […]
We get many questions regarding MySQL databases and HIPAA website compliance. These range from confusion over the auditing of access to stored ePHI to what HIPAA’s data encryption requirements actually are to how HIPAA applies to MySQL databases. Next, we will attempt to address some of these subtle questions.
The short answer is “Yes“. The HIPAA Omnibus (and HITECH) rules states that a chain of Business Associate Agreements is required from the Covered Entity though each business partner in the chain of companies that have potential access to the ePHI of that covered entity. In the case of LuxSci HIPAA resellers, the chain of […]
You buy a HIPAA compliant web hosting infrastructure. You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism. You think you are all set — but you are not. HIPAA compliant web hosting services provide a server infrastructure that allows […]
Twice in the past few weeks I have received appointment reminders or scheduling information from doctors via email — via insecure, non-HIPAA-compliant email. An email message contains identifying information: my email address and my name. The appointment email messages also contain information about “the past, present, or future provisioning of health care to an individual” […]
