" hipaa Archives - Page 14 of 22 - LuxSci

Posts Tagged ‘hipaa’

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies that offer email encryption for HIPAA compliance allow senders to “opt-in” to encryption on a message-by-message basis. If the sender “does nothing special” then the email will be sent in the normal/insecure manner of email. If the sender explicitly checks a box or types a keyword in the body or subject of the message, then it will be encrypted and HIPAA-compliant.

Opt-in encryption is desirable because it is “easy.” End users don’t want any extra work and don’t want encryption requirements to slow them down, especially if many of their messages do not contain PHI. It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule. Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization. Organizations are responsible for the mistakes and lapses of their employees. Accidentally sending unencrypted emails with PHI is an automatic breach with serious penalties.

Read the rest of this post »

Tags: email, encrypted email, hipaa, hipaa compliance, omnibus, omnibus rule, opt in, opt out, phi, reportable, secureline, unencrypted, usability
Posted in LuxSci Library: HIPAA
No comments »

How Is HIPAA-Compliant Email Different from Secure Email?

Wednesday, June 21st, 2017

Protected health information (PHI) is heavily regulated under HIPAA, but the exact details can be confusing. The regulations are designed to keep everyone’s private information safe, but they also put a significant amount of responsibility on businesses.

HIPAA regulations apply to just about every aspect of a person’s medical information, including their transit, storage and security. Because email is such an important and extensively-used form of communication, HIPAA regulations apply to it as well.

HIPAA-compliant email vs secure email

Some may think that secure and encrypted email is all you need to keep PHI safe and emails compliant. The reality is that HIPAA email regulations go above and beyond standard secure email. To protect your business, you need to make sure that your email provider is HIPAA-compliant, not just secure.

Read the rest of this post »

Tags: baa, hipaa, hipaa-compliant email, phi, secure email
Posted in LuxSci Library: HIPAA
1 Comment »

How do I send HIPAA-compliant lab results via email?

Friday, May 5th, 2017

A question about HIPAA-compliant transactional email from Ask Erik:

As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:

“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”

We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address.   What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?

I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?

Thank you for the forum to ask real life scenario questions.

Lab results to email

Hello,

There are many aspects to your question.  Lets address each one in turn:

Read the rest of this post »

Tags: email, encryption, hipaa, lab results
Posted in Case Studies
No comments »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information. As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question! Here, we delve into how you can answer this for your site.

 

When does a web site need HIPAA compliance

Read the rest of this post »

Tags: ePHI, hipaa, hipaa compliance, privacy, web site
Posted in LuxSci Library: HIPAA
No comments »

Why Are Hackers Targeting Your Medical Records?

Thursday, March 2nd, 2017

Theft of Medical records is booming. Over the past few years, large scale breaches have become more common and increasingly severe. Last year in June, a hacker named thedarkoverlord was selling 650,000 US healthcare records as part of a long-running crime spree. The collection was listed on a deep web marketplace called the Real Deal for over $700,000 worth of Bitcoin.

A cancer treatment provider called 21st Century Oncology had 2.2 million patients records compromised in late 2015. The stolen data included patient names, the names of their doctors, social security numbers, insurance information, diagnoses and treatments. The company was required to notify all of the affected patients and they have also offered free credit protection for one year as partial compensation. 

This is just the tip of the iceberg. According to Bitglass, 113 million Americans were affected by healthcare data breaches in 2015. This is almost 10 times more than the previous year. The IDC’s Health Insights group predicted that one in three patients would be the victim of a breach in 2016. This trend is likely to continue or even intensify over the coming years.

Theft of Medical Records

Read the rest of this post »

Tags: credit cards, hackers, healthcare, hipaa, medical records
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

« Older Entries
Newer Entries »