" hipaa Archives - Page 17 of 22 - LuxSci

Posts Tagged ‘hipaa’

Adding HIPAA Compliance to your Web Forms in 10 minutes

Tuesday, April 21st, 2015

Forms are pervasive on websites; the number of forms associated with medical websites is growing exponentially as everyone is scrambling toward digital transformation. The goal of a paperless office seeks to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another. That presents a problem as the requirements for a HIPAA-compliant website are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a website, which itself is likely not HIPAA-compliant yet
  2. They have some web forms already or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA-compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing.”

Read the rest of this post »

Tags: form, hipaa, hipaa compliant, hipaa form processing, pdf forms, secureform, web form
Posted in LuxSci Library: HIPAA, Secure Form
No comments »

Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price

Wednesday, October 8th, 2014

There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations.  Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges.  This seems to be increasingly less likely as of October, 2014.

Myths and hidden costs pervade this equation. If a HIPAA-aspiring entity isn’t fully educated about the finer details of the compliance process, they could end up paying very large amounts of money for Google services and still be non-compliant. Here we discuss some misconceptions about Google services as they apply to HIPAA to help you avoid the pitfalls of non-compliance.

Read the rest of this post »

Tags: baa, business associate agreement, email encryption, gmail, Google apps, hipaa, hipaa compliance, ombibus
Posted in LuxSci Library: HIPAA, New Feature Announcements
No comments »

Interview with Security Compliance Associates for HIPAA Security Risk Assessment

Wednesday, August 27th, 2014

Yearly HIPAA Security Reviews are critical to meeting compliance requirements of all organizations under the HIPAA umbrella, either directly or via being a Business Associate.  We have found that many organizations, especially the smaller ones, do not place much emphasis on these reviews, skip them, ignore them, or hope that they go away.  They treat them as a necessary “check mark” rather than an active process that is instrumental to maintaining security and preventing the breaches that been cropping up all over the news.

Solid Security Reviews improve your company’s inherent security posture and awareness and the security of all services you employ through all vendors … including your secure email and secure forms.  I.e. the security of your outsourced services can be compromised if your own systems are compromised.

As such, LuxSci proactively recommends all HIPAA customers and all customers with similar needs, to undergo yearly security reviews.  One excellent organization that performs these is Security Compliance Associates.

Today we are interviewing Randy Homa, Senior Vice President and Director of Health Care Services, at Security Compliance Associates (SCA). He will address many of the questions we have had posed with respect to HIPAA Security Reviews.

Read the rest of this post »

Tags: hipaa, meaningful use, risk assessment, sca, security compliance associates, security review
Posted in LuxSci Library: HIPAA
No comments »

Encryption and Auditing for MySQL Databases under HIPAA

Monday, July 21st, 2014

encrypting and auditing MySQLWe get many questions regarding MySQL databases and HIPAA website compliance. These range from confusion over the auditing of access to stored ePHI to what HIPAA’s data encryption requirements actually are to how HIPAA applies to MySQL databases. Next, we will attempt to address some of these subtle questions.

Read the rest of this post »

Tags: access, audit, database, disk, encryption, ePHI, hipaa, mysql
Posted in LuxSci Library: HIPAA
No comments »

Do HIPAA Resellers Need Business Associate Agreements with their Clients?

Thursday, March 27th, 2014

The short answer is “Yes“.

The HIPAA Omnibus (and HITECH) rules states that a chain of Business Associate Agreements is required from the Covered Entity though each business partner in the chain of companies that have potential access to the ePHI of that covered entity.

In the case of LuxSci HIPAA resellers, the chain of companies is:

  1. LuxSci
  2. LuxSci Reseller
  3. Resellers’ Customers (be they Covered Entities or Business Associates)

So, LuxSci would have a business associate agreement with the Reseller and the Reseller would have separate business associate agreements with each of his/her customers.  This is because the LuxSci HIPAA reseller is acting as a VAR (value added reseller) of LuxSci, administering his customers accounts.  As such, the HIPAA Reseller provides basic support to his customers, can do password resets, can technically access their ePHI via password reset and support processes, etc.

Read the rest of this post »

Tags: business associate agreement, hipaa, reseller
Posted in LuxSci Library: HIPAA
No comments »

« Older Entries
Newer Entries »