hipaa Archives - Page 10 of 22

HIPAA Email: Does it Require Encryption?

Tuesday, July 31st, 2018

HIPAA’s encryption requirements fall in a grey area. This is mainly due to two reasons:

encryption is required when ‘deemed appropriate’, which means email encryption is not absolutely necessary and ‘mutual consent’ can be used in place of encryption.
there are a number of ‘addressable requirements’ pertaining to the technical safeguards as far as ePHI encryption is concerned

What exactly is mutual consent?

Mutual consent refers to a mutual understanding between doctor and patient that email containing ePHI can be sent to patients’ email account without encryption. Patients should communicate their approval in writing after being informed of the security risks and understanding that a secure option is available. You must additionally maintain all records of mutual consent.

Mutual consent does not waive off other HIPAA-related requirements. You must still use HIPAA-compliant systems, log and audit non-encryption choices, and back-up and archive all email communications sent insecurely, etc.

Encryption at rest is ‘addressable’

‘Addressable’ means that the safeguard should be implemented or an alternative to the safeguard that delivers the same results should be implemented. In the absence of both, you should document and justify why no action has been taken with regard to the safeguard.

Read the rest of this post »

Tags: encrypted email, hipaa, hipaa compliant, hipaa-compliant email
Posted in LuxSci Library: HIPAA, HIPAA Marketing, LuxSci Library: Security and Privacy
No comments »

When can sending TLS-Secured Email be NOT HIPAA Compliant?

Tuesday, May 1st, 2018

In a question recently submitted to “Ask Erik,” John asked:

“How does sending a TLS-encrypted email sometimes become non-compliant? Lets says I send an email from my Office 365 Business account to a gmail.com account which both support TLS encryption. Is it because I do not know what path and what servers the email has to go through? Does each server have to decrypt the email and is that when it becomes non-compliant? I love the Luxsci forms by the way!”

This is a great question! In a recent survey that LuxSci did, less than 50% the people interested in secure email even knew what TLS is and how it works. So it is not surprising that there is a lot of confusion out there about what is acceptable for compliance and what is not.

Read the rest of this post »

Tags: hipaa, portal pickup, smtp, tls
Posted in LuxSci Library: HIPAA
No comments »

What is Cloud Computing? Or How to Speak Intelligently about Cloud and Virtual Private Servers

Tuesday, March 20th, 2018

We are often asked questions about Cloud Servers and Virtual Private Servers (VPS) and which is better and in what circumstances. We also find that many customers are using these terms without a good understanding of what they mean and the differences between them.

Read the rest of this post »

Tags: citrix xenserver, cloud server, hipaa, parallels, private cloud, public cloud, virtual private server, virtualbox, vmware esx, vps
Posted in Dedicated & Cloud Servers
1 Comment »

Cyber Espionage Infiltrates American Small Business

Tuesday, January 30th, 2018

The last thing an architect could imagine is that his company’s proposal for a new commercial building site along a stunning San Francisco Bay view would lose to a competitor with a similar design and infrastructure, a lower bid, and a leaner delivery schedule. It happened. And cyber-espionage was the culprit.

New technology spans the globe as small businesses find themselves victims to espionage as someone steals their sales pipelines, customer lists, corporate secrets, and corridors to their Fortune 1000 clients without their knowledge. It was Robert Mueller, former head of the FBI, who stated in 2012 that “there are only two types of companies: those that have been hacked and those that will be.” A well-known attorney updated that comment recently when he warned his colleagues that “You are a company that has been hacked or a company that doesn’t know you were hacked.” This is a reality check for all business owners.

Read the rest of this post »

Tags: cyber, espionage, healthcare, hipaa, HIPAA Law
Posted in LuxSci Library: Security and Privacy
No comments »