There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations. Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges. This seems to be […]
Yearly HIPAA Security Reviews are critical to meeting compliance requirements of all organizations under the HIPAA umbrella, either directly or via being a Business Associate. We have found that many organizations, especially the smaller ones, do not place much emphasis on these reviews, skip them, ignore them, or hope that they go away. They treat […]
We get many questions regarding MySQL databases and HIPAA website compliance. These range from confusion over the auditing of access to stored ePHI to what HIPAA’s data encryption requirements actually are to how HIPAA applies to MySQL databases. Next, we will attempt to address some of these subtle questions.
The short answer is “Yes“. The HIPAA Omnibus (and HITECH) rules states that a chain of Business Associate Agreements is required from the Covered Entity though each business partner in the chain of companies that have potential access to the ePHI of that covered entity. In the case of LuxSci HIPAA resellers, the chain of […]
When health care organizations review their operations to see where electronic protected health information (ePHI) is being saved, transmitted, and viewed, a great deal of time is spent on the obvious candidates: email, chat, stored files, and health records, etc. Many overlook the fact that ePHI can be embedded in Contacts, Calendars, and Tasks. Consider […]
