" hipaa Archives - Page 10 of 22 - LuxSci

Posts Tagged ‘hipaa’

What is Willful Neglect Under HIPAA?

Thursday, March 7th, 2019

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), spells out rules for the privacy and protection of health information. The HIPAA Privacy and Security Rules establish standards for implementing physical, administrative, and technical safeguards to ensure that Protected Health Information (PHI) is handled with the utmost confidentiality and integrity.

The failure to adhere to the regulations established under HIPAA can lead to criminal and civil penalties, followed by progressive disciplinary actions. These penalties apply to healthcare entities, as well as individuals.

The reckless or intentional failure to comply with the rules set forward under HIPAA is called “Willful Neglect.” Violations, as a result of willful neglect, can carry severe penalties, civil or criminal depending on the exact facts of the case.

Case in point

In early 2011, the HHS (The Department of Health and Human Services) levied a fine of $4.3 million on an entity named Cignet Health Center for willful neglect. What’s unique about this case is that the entity was not fined for breach of privacy.

Read the rest of this post »

Tags: hipaa, hipaa compliance, HIPAA email, HIPAA rules, willful neglect
Posted in LuxSci Library: HIPAA
No comments »

What You Need To Know About the HIPAA Security Rule

Thursday, January 10th, 2019

In this day and age of rampant cybercrime, protecting a patient’s electronic health information is of the utmost importance. But, how do you know if the protections are adequate? Well, that’s where the HIPAA Security Rule comes in.

What is the difference between the privacy and security of health information?

With respect to health information, privacy is defined as the right of an individual to keep his/her individual health information from being disclosed. This is typically achieved through policy and procedure. Privacy encompasses controlling who is authorized to access patient information; and under what conditions patient information may be accessed, used and/or disclosed to a third party. The HIPAA privacy Rule applies to all protected health information.

Security is defined as the mechanism in place to protect the privacy of health information. This includes the ability to control access to patient information, as well as to safeguard patient information from unauthorized disclosure, alteration, loss or destruction. Security is typically accomplished through operational and technical controls within a covered entity. Since so much PHI is now stored and/or transmitted by computer systems, the HIPAA Security Rule was created to specifically address electronic protected health information

Now, the HIPAA Security Rule isn’t extensive regarding the regulatory text. However, it is quite technical. It is the codification of specific information and technological best practices and standards.

The HIPAA Security Rule mainly requires the implementation of three key safeguards, that is, technical, physical, and administrative. Other than that, it demands certain organizational requirements and the documentation of processes, as it is with the HIPAA Privacy Rule.

Developing the necessary documentation for the HIPAA Security Rule can be complex, compared to the requirements of the HIPAA Privacy Rule. Healthcare providers, especially smaller ones, need to be given access to HIT (Health Information Technology) resources for this purpose.

Having said that, the HIPAA Security Rule is designed to be flexible, which means covering all the required aspects of security shouldn’t be tough. There is no need for leveraging specific procedures or technologies. Organizations are allowed to determine the kind of resources necessary for ensuring compliance.

Read the rest of this post »

Tags: ePHI, hipaa, hipaa compliance, hipaa security rule
Posted in LuxSci Library: HIPAA
No comments »

HIPAA Email: Does it Require Encryption?

Tuesday, July 31st, 2018

HIPAA’s encryption requirements fall in a grey area. This is mainly due to two reasons:

  • encryption is required when ‘deemed appropriate’, which means email encryption is not absolutely necessary and ‘mutual consent’ can be used in place of encryption.
  • there are a number of ‘addressable requirements’ pertaining to the technical safeguards as far as ePHI encryption is concerned

What exactly is mutual consent?

Mutual consent refers to a mutual understanding between doctor and patient that email containing ePHI can be sent to patients’ email account without encryption. Patients should communicate their approval in writing after being informed of the security risks and understanding that a secure option is available. You must additionally maintain all records of mutual consent.

Mutual consent does not waive off other HIPAA-related requirements. You must still use HIPAA-compliant systems, log and audit non-encryption choices, and back-up and archive all email communications sent insecurely, etc.

Encryption at rest is ‘addressable’

‘Addressable’ means that the safeguard should be implemented or an alternative to the safeguard that delivers the same results should be implemented. In the absence of both, you should document and justify why no action has been taken with regard to the safeguard.

Read the rest of this post »

Tags: encrypted email, hipaa, hipaa compliant, hipaa-compliant email
Posted in LuxSci Library: HIPAA, HIPAA Marketing, LuxSci Library: Security and Privacy
No comments »

When can sending TLS-Secured Email be NOT HIPAA Compliant?

Tuesday, May 1st, 2018

In a question recently submitted to “Ask Erik,” John asked:

“How does sending a TLS-encrypted email sometimes become non-compliant?  Lets says I send an email from my Office 365 Business account to a gmail.com account which both support TLS encryption.  Is it because I do not know what path and what servers the email has to go through?  Does each server have to decrypt the email and is that when it becomes non-compliant?  I love the Luxsci forms by the way!”

This is a great question!  In a recent survey that LuxSci did, less than 50% the people interested in secure email even knew what TLS is and how it works.  So it is not surprising that there is a lot of confusion out there about what is acceptable for compliance and what is not.

Read the rest of this post »

Tags: hipaa, portal pickup, smtp, tls
Posted in LuxSci Library: HIPAA
No comments »

What is Cloud Computing? Or How to Speak Intelligently about Cloud and Virtual Private Servers

Tuesday, March 20th, 2018

We are often asked questions about Cloud Servers and Virtual Private Servers (VPS) and which is better and in what circumstances.  We also find that many customers are using these terms without a good understanding of what they mean and the differences between them.

Read the rest of this post »

Tags: citrix xenserver, cloud server, hipaa, parallels, private cloud, public cloud, virtual private server, virtualbox, vmware esx, vps
Posted in Dedicated & Cloud Servers
1 Comment »

« Older Entries
Newer Entries »