hipaa Archives - Page 16 of 22

Posts Tagged ‘hipaa’

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Thursday, June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol). In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

Tags: hipaa, Positive Technologies, secure text, Signaling System 7, sms, SS7, text message, willful neglect
Posted in LuxSci Library: HIPAA
No comments »

Infographic: Texting in healthcare – a not-so-simple exchange

Monday, April 18th, 2016

Sending text messages between health care providers and patients is incredibly common but it is also generally a violation of HIPAA. See: To Text of Not To Text. Texting and healthcare. This infographic covers when texting occurs and where the risk arises.

Texting in healthcare – a not-so-simple exchange

Texting in healthcare - a not-so-simple exchange

Read the rest of this post »

Tags: hipaa, sms, texting
Posted in LuxSci Library: HIPAA
No comments »

Press Release: How To Text and Remain HIPAA-compliant

Tuesday, March 15th, 2016

WESTWOOD, MA, March 15, 2016 — LuxSci® announces the recent launch of SecureText, a unique solution to concerns about HIPAA-compliant text messaging, and an important step to safeguard and secure electronic patient health information (ePHI).

Communicating through text message is a convenience to which we have grown rapidly accustomed. However, sending unsecured texts places healthcare providers and patients at risk in several ways: (1) ePHI-laden messages are not always encrypted during transmission or storage; (2) anyone with access to a recipient’s phone or stored messages can view ePHI-laden messages; (3) and some ePHI-laden text messages travel through organizations which lack required HIPAA Business Associate Agreements. Additionally, since healthcare providers are required to obtain and maintain consent from patients for texting – providers must ensure that patients are adequately educated on the risks associated with sending ePHI via text and presented with secure alternatives to insecure texting.

Read the rest of this post »

Tags: ePHI, hipaa, press release, securetext, text message
Posted in LuxSci Insider, LuxSci Library: HIPAA
No comments »

To Text or Not To Text: Texting under HIPAA

Monday, February 29th, 2016

Sending text messages under HIPAA

Sometimes, technology just sneaks up on you. Patients want to speak with you – stat – about lab results or to schedule, be reminded of, and confirm an appointment without an interminable wait in the phone queue. Patients want text messaging — which has quickly become the new normal for everyday communication — to be used routinely for their healthcare needs, as well. You hesitate, concerned not only about the appropriateness of text messaging, but the legal ramifications. These are legitimate concerns.

HIPAA unambiguously states that sending health information in a text message is a straight up violation, unless it is to a patient and a proper consent form has been signed (as discussed below). This provision applies to messages as simple as appointment reminders. If you engage in such a practice and do not document context, consideration, and patient consent, you will be in willful neglect and quite possibly assessed up to $50,000 for each text message.

Why is text messaging such a hot-button issue to HIPAA enforcers? Under what conditions can health information be sent by way of regular text messages? The good news is that you can secure text messages rather simply and not jeopardize your patients’ privacy or your healthcare practice. Please read on.

Read the rest of this post »

Tags: common carrier, consent, hipaa, hipaa-compliant text, imessage, secure text, securechat, securetext, text messaging
Posted in LuxSci Library: HIPAA, Popular Posts
No comments »

Next Generation Data Loss Prevention (DLP) with LuxSci Secure Email

Tuesday, September 29th, 2015

Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data. E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.

In the context of email, DLP is usually achieved through the following formula:

Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
Have all outbound email scanned for these words, phrases, or patterns
For messages that match, take action:
1. Block: Refuse to send the message, or
2. Encrypt: Ensure that the message is encrypted
3. Audit: (and maybe send a copy of the message to an “auditor”)

This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly). If they do not match, then they will escape in a way that may be considered a breach.