" ePHI Archives - Page 9 of 10 - LuxSci

Posts Tagged ‘ePHI’

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

Tags: archived, compliance, encrypted, ePHI, hipaa, secure email, secureform, web hosting, web site
Posted in LuxSci Library: HIPAA
No comments »

HIPAA Compliance is Needed for Emailed Appointment Reminders

Friday, September 20th, 2013

HIPAA ComplianceTwice in the past few weeks I have received appointment reminders or scheduling information from doctors via email — via insecure, non-HIPAA-compliant email.

An email message contains identifying information: my email address and my name. The appointment email messages also contain information about “the past, present, or future provisioning of health care to an individual” … me! Taken together, this means that these email messages are ePHI (more details – what is ePHI?) and needed to be secured in a HIPAA compliant manner.

That they were not compliant was obvious to me:

Read the rest of this post »

Tags: appointment, ePHI, gmail, hipaa, hipaa compliance, notice
Posted in LuxSci Library: HIPAA
No comments »

What exactly does HIPAA say about Email Security?

Friday, August 30th, 2013

Performing daily business transactions through electronic technologies is accepted, reliable, and necessary across the nation’s healthcare sectors. Therefore, electronic communications and email have become a standard in the healthcare industry as a way to conduct business activities that commonly include:

  • Interacting with web-savvy patients;
  • Real time authorizations for medical services;
  • Transcribing, accessing and storing health records;
  • Appointment scheduling;
  • Referring patients; and
  • Submitting claims to health plan payers for payment of the services provided.

Read the rest of this post »

Tags: access control, addressable, audit controls, authentication, covered entities, email security, email security rule, encryption, ePHI, Health Insurance Portability and Accountability Act, heathhealthcare, hipaa, hitech, integrity, omnibus, phi, privacy, protected health information
Posted in AAA Featured Articles, LuxSci Library: HIPAA
9 Comments »

If you are using FTP, you should really stop!

Thursday, February 28th, 2013

FTP, the “File Transfer Protocol” has been around almost since the inception of the Internet.  As anyone with a web site knows, it permits files to be easily uploaded to and downloaded from servers.  It is built into every kind of web site authoring software and even into most web browsers.

Unfortunately, FTP suffers from the same design flaw that pervades the basic usage of email services like POP, IMAP, and SMTP.  If used in its default form, all data sent between your computer and the server is sent unencrypted, in “plain text”.  This includes your username, your password, and all file data.

Essentially, if you are in a wifi hotspot, anyone there can likely get your username and password and read your files.   Similar things can happen even though your direct or or office network connections …. connecting via FTP is like walking down the hall with your username and password taped to your forehead.  Any one (or any hidden camera) can see it and use it.

Read the rest of this post »

Tags: dreamweaver, ePHI, filezilla, firefox, ftp, hipaa, sftp
Posted in Business Solutions, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

WordPress for HIPAA and ePHI? Is that a good idea?

Tuesday, February 12th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is an extremely popular content management system for both blogging and creating web sites.  It’s popular because it is quick to set up, easy to administer, has a very large supported base of add-ons, and looks good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As we cater to a large segment of customers who have specific compliance needs, e.g. HIPAA compliance, we frequently are asked about using WordPress with ePHI … e.g. using WordPress to provide access to protected health information for members of the WordPress site.

Can this be compliant?  Is it a good idea?

Read the rest of this post »

Tags: breach, dedicated, ePHI, hipaa, php, security, web hosting, wordpress
Posted in LuxSci Library: HIPAA
No comments »

« Older Entries
Newer Entries »