" hipaa Archives - Page 17 of 22 - LuxSci

Posts Tagged ‘hipaa’

7 Ways You Could be Unknowingly Violating HIPAA

Friday, August 14th, 2015

Non-compliance with HIPAA can easily lead to unintended breaches where data is exposed to unauthorized parties. This can be very expensive! Violating HIPAA can cost anywhere from $100 to $50,000 per violation (or per data record).

You don’t want to be caught in a situation where inaction, neglect, or lack of knowledge can result in violating HIPAA. Many small and large organizations are often unknowingly using systems in a way that is either already in breach or which results in frequent sporadic breaches.

Check your organization!

If any of the following scenarios apply to you, it is worth bringing them up the person responsible for compliance (your HIPAA Security Officer) to include in your mandatory yearly Risk Analysis.  Is the risk of breach worth continuing with “business as usual?”

Talk To LuxSci’s HIPAA-compliance Experts

 

Read the rest of this post »

Tags: asymmetric key encryption, encryption, ePHI, hipaa, hipaa compliance, web forms
Posted in LuxSci Library: HIPAA
No comments »

Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price

Wednesday, October 8th, 2014

There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations.  Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges.  This seems to be increasingly less likely as of October, 2014.

Myths and hidden costs pervade this equation. If a HIPAA-aspiring entity isn’t fully educated about the finer details of the compliance process, they could end up paying very large amounts of money for Google services and still be non-compliant. Here we discuss some misconceptions about Google services as they apply to HIPAA to help you avoid the pitfalls of non-compliance.

Read the rest of this post »

Tags: baa, business associate agreement, email encryption, gmail, Google apps, hipaa, hipaa compliance, ombibus
Posted in LuxSci Library: HIPAA, New Feature Announcements
No comments »

Interview with Security Compliance Associates for HIPAA Security Risk Assessment

Wednesday, August 27th, 2014

Yearly HIPAA Security Reviews are critical to meeting compliance requirements of all organizations under the HIPAA umbrella, either directly or via being a Business Associate.  We have found that many organizations, especially the smaller ones, do not place much emphasis on these reviews, skip them, ignore them, or hope that they go away.  They treat them as a necessary “check mark” rather than an active process that is instrumental to maintaining security and preventing the breaches that been cropping up all over the news.

Solid Security Reviews improve your company’s inherent security posture and awareness and the security of all services you employ through all vendors … including your secure email and secure forms.  I.e. the security of your outsourced services can be compromised if your own systems are compromised.

As such, LuxSci proactively recommends all HIPAA customers and all customers with similar needs, to undergo yearly security reviews.  One excellent organization that performs these is Security Compliance Associates.

Today we are interviewing Randy Homa, Senior Vice President and Director of Health Care Services, at Security Compliance Associates (SCA). He will address many of the questions we have had posed with respect to HIPAA Security Reviews.

Read the rest of this post »

Tags: hipaa, meaningful use, risk assessment, sca, security compliance associates, security review
Posted in LuxSci Library: HIPAA
No comments »

Encryption and Auditing for MySQL Databases under HIPAA

Monday, July 21st, 2014

encrypting and auditing MySQLWe get many questions regarding MySQL databases and HIPAA website compliance. These range from confusion over the auditing of access to stored ePHI to what HIPAA’s data encryption requirements actually are to how HIPAA applies to MySQL databases. Next, we will attempt to address some of these subtle questions.

Read the rest of this post »

Tags: access, audit, database, disk, encryption, ePHI, hipaa, mysql
Posted in LuxSci Library: HIPAA
No comments »

Do HIPAA Resellers Need Business Associate Agreements with their Clients?

Thursday, March 27th, 2014

The short answer is “Yes“.

The HIPAA Omnibus (and HITECH) rules states that a chain of Business Associate Agreements is required from the Covered Entity though each business partner in the chain of companies that have potential access to the ePHI of that covered entity.

In the case of LuxSci HIPAA resellers, the chain of companies is:

  1. LuxSci
  2. LuxSci Reseller
  3. Resellers’ Customers (be they Covered Entities or Business Associates)

So, LuxSci would have a business associate agreement with the Reseller and the Reseller would have separate business associate agreements with each of his/her customers.  This is because the LuxSci HIPAA reseller is acting as a VAR (value added reseller) of LuxSci, administering his customers accounts.  As such, the HIPAA Reseller provides basic support to his customers, can do password resets, can technically access their ePHI via password reset and support processes, etc.

Read the rest of this post »

Tags: business associate agreement, hipaa, reseller
Posted in LuxSci Library: HIPAA
No comments »

« Older Entries
Newer Entries »