" hipaa Archives - Page 2 of 15 - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘hipaa’

How to Enhance EHR Security for Small Businesses

Monday, October 30th, 2017

Using a few added security services, small and medium businesses can run affordable EHR systems without worry. Find your options. 

Whether your practice uses a thousand-dollar EHR (Electronic Health Record) or free software, security should be your primary concern. Small and medium businesses (SMBs) are not financially equipped to pay a large sum for expensive EHR systems. Moreover, the software from large vendors may not exactly meet the requirements of SMBs. For these reasons, SMBs often rely on less expensive options.

This is arguably a smart move from an economic point of view. But what about security of health information in electronic health records? Do these systems fully comply with regulatory requirements including HIPAA? Is there a way to enhance the security of EHR using other means?

EHR Security for Small Business

No doubt, the government requires every EHR vendor to follow basic security measures like encryption (during storage) and access control. However, these might not be enough to prevent a sophisticated attack. Moreover, a number of processes during the use of an EHR can still be open to an attack. For example, texting, videoconferencing (video telehealth), sending or receiving email etc.

As per HIPAA, EHR vendors become business associates only when they have access to the health information. Simply put, if they host your data, they have to comply with all the requirements just like the covered entities. However, those vendors who merely sell software do not need to sign a business associate agreement (BAA).

Read the rest of this post »

WordPress & HIPAA – can these coexist?

Monday, October 23rd, 2017
For a deep dive, see our white paper: Securing WordPress

As we discussed in an earlier post, WordPress, despite its vulnerabilities, is the world’s most popular content management system for both blogging and creating web sites.  It is popular because it is quick to set up, easy to administer, with a very large choice of plugins for add-on functionality, and themes for making the sites look good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As LuxSci caters to a large segment of customers who have specific compliance needs, specifically HIPAA compliance, we are frequently asked about using WordPress in a medical provider setting. Given the information about WordPress vulnerabilities, the question usually asked is whether a site created using WordPress can secure access to electronic protected health information (ePHI) in a way that meets the requirements of the HIPAA-HITECH regulations.

WordPress for HIPAA-compliant sites?

Such questions are reasonable because although WordPress has many great features that make it quick and easy to get a web site running, it is still a third-party tool which is not specifically designed to conform to HIPAA standards. When using any third-party software, you should be aware of the associated risks that are out of your control. Vulnerabilities in WordPress can disrupt your site’s availability, perhaps even lead to a breach of protected and private information. Even if it is the WordPress software that’s at fault, the responsibility for any security lapses still falls on the site owner.

However, it is not all doom and gloom. The short answer to the question posed in the title of this post is “yes”. It is possible with care to build a site with WordPress (including plugins and themes) that is secured in a way that meets the requirements of the HIPAA security rules. The remainder of this post will discuss how this might be achieved.

Read the rest of this post »

Encrypted Messaging App: A Comparison of the Top 7 Apps

Friday, October 20th, 2017

An encrypted messaging app ensures that real-time communication is secure. Compare the security features of top apps and know your alternatives.

The need for encrypted messaging apps continues to climb, especially after the shocking revelations by Edward Snowden. Instant messaging (IM) offers a more convenient and more real-time mode of communication compared to email. Moreover, IM is better than SMS (regular texting) when it comes to security.

Encrypted Messaging Apps: How Secure Are They?

However, not all the messaging apps are created equal. In fact, the level of security varies significantly among the available apps. You ned to be able to differentiate a great encrypted messaging app from a merely good one. If you are looking for an encrypted messaging app for health information exchange, HIPAA-compliance should be your first priority.

This article compares the features, particularly the degree of security, among the top encrypted messaging apps. Also, you will learn what other options are available.

Read the rest of this post »

Demo of LuxSci SecureText

Monday, October 16th, 2017

 

See how LuxSci SecureText works from the sender and recipient perspectives.

Free Trial

Health Information Technology, HIPAA, and Need for Risk Analysis

Monday, October 9th, 2017

How does HIPAA law apply to health information technology? Know the role of risk analysis to maintain privacy and security of electronic health information.

The term “health information technology” (health IT) is a broad concept that encompasses an array of technologies to store, share, and analyze health information. With an increasing number of providers plunging into the vast pool of HIT, it becomes imperative that you have a clear vision of the association between HIT and HIPAA, along with the need to perform risk analyses.

Health Information Technology Involves Risk

Related: A Complete Guide To HIPAA Law: How It Keeps Your Privacy Protected

Read the rest of this post »

5 Security Measures for Safe Patient Portals

Monday, October 2nd, 2017

Many patients are apparently wary of embracing patient portals due to security concerns. Learn how you can reassure them about the safety.

No doubt, patient portals are highly effective in increasing patient engagement and optimizing treatment outcomes. But many patients tend to be reluctant in adopting this “new” tool as they are concerned about the security and privacy issues.

Security Measures for Patient Portals

The safety concerns make a lot of sense considering how hackers are increasingly attacking health data. If your practice uses patient portals, it’s your responsibility to convince the patients that their sensitive information is in safe hands. How will you do that?

Read the rest of this post »

5 Questions To Ask Before Transition to Health Information Exchange – HIE

Friday, September 22nd, 2017

Thinking of incorporating electronic health information exchange (HIE) into your business process flow? Here are 5 things you should not miss.

Health information exchange (HIE) through electronic means is a great way to add value to your practice. No doubt, any form of HIE has its own share of benefits. For example, faxing patient information has been in practice for decades now. (Further reading: Is FAXing really HIPAA Compliant?)

Health Information Exchange: HIE

But electronic HIE deserves a special mention because the data have to be standardized before exchanging electronically. Data standardization allows smooth integration of the health information into patient’s’ EHR. This results in an improved patient care.

Continue reading to know other health information exchange benefits and how to safely integrate electronic HIE into your practice.

Read the rest of this post »

6 Essentials For Privacy and Security in Telehealth

Thursday, September 21st, 2017

HIPAA covers Telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program. 

The rise of telehealth in healthcare has transformed patient-doctor interaction. Nonetheless, the privacy and security of protected health information (PHI) still remain a big question. These concerns make sense because a new technology, usually, comes with new challenges.

What is Telehealth?

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

The HIPAA Breach Notification Rule: What it Really Means to Providers and Insurers

Friday, September 15th, 2017

For many providers and insurers, the Breach Notification Rule is still a puzzle waiting for a solution. Partly, this is due to the fact that the rule is complex in itself, and requires attention to every detail. As a matter of fact, we cannot expect to be at our best when someone has stolen our sensitive information.

Do you understand the HIPAA breach notification rule?

To address this problem in the wake of rising health data breaches, we have compiled an easy-to-understand guide to the Breach Notification Rule. Let’s begin the journey with a quick overview of the Breach Notification Rule and its purpose.

Read the rest of this post »

What exactly is ePHI? Who has to worry about it? Where can it be safely located?

Friday, September 15th, 2017

There is often a great deal of confusion and misinformation about what, exactly, constitutes ePHI (electronic protected health information) which must be protected due to HIPAA requirements.  Even once you have a grasp of ePHI and how it applies to you, the next question becomes … where can I put ePHI and where not?  What is secure and what is not?

We will answer the “what is ePHI” question in general, and the “where can I put it” question in the context of web and email hosting, and SecureForm processing at LuxSci.

Read the rest of this post »