" hipaa Archives - Page 8 of 22 - LuxSci

Posts Tagged ‘hipaa’

The HIPAA Safe Harbor Bill has Passed the Senate

Tuesday, December 22nd, 2020

The HIPAA Safe Harbor bill has passed the Senate without amendment and with unanimous consent. Known formally as H.R. 7898, the HIPAA Safe Harbor Bill amends the HITECH Act to direct the Department of Health and Human Services (HHS) to recognize organizations that follow security best practices, such as those that have HITRUST CSF Certifications.

HIPAA Safe Harbor Bill

It’s hoped that allowing HHS to take these cybersecurity practices into account when determining its rulings will encourage companies to adopt suitable security measures and certifications, while also reducing unfair punishments for those that had appropriate mitigation tactics in place.

What Is the HIPAA Safe Harbor Bill?

The HIPAA Safe Harbor bill grants HHS new considerations when auditing covered entities and business associates in situations that may result in fines. The changes incentivize organizations to adopt security best practices, because they will not face heightened scrutiny from regulators or need to be burdened by additional proof of compliance measures.

More specifically, the legislation amends the HITECH Act to require HHS to take on new considerations when determining enforcement actions or other regulatory compliance activities. The HIPAA Safe Harbor bill’s changes mean that HHS will have to consider whether business associates or covered entities have met recognized security standards in these situations.

Under the new bill, HHS will have to take an organization’s cybersecurity into account when calculating fines that result from data breaches and other security incidents. If the organization is recognized to have followed ‘recognized security practices’ for more than the past 12 months, then fines may be mitigated.

The bill also allows HHS to reduce the extent and length of its audits once it has determined that a provider meets cybersecurity best practice requirements. A history of following these requirements may also mitigate the remedies needed after violations of the HIPAA Security Rule.

The HIPAA Safe Harbor bill’s changes mean that organizations with HITRUST CSF Certifications can meet their compliance obligations under HIPAA’s Security Rule. The HIPAA Safe Harbor bill’s recognition of companies with HITRUST CSF Certifications should also serve to encourage other entities to proactively demonstrate their compliance.

The bill also recognizes the security standards, guidelines and practices developed by NIST and other similar authorities. The HIPAA Safe Harbor legislation’s incentives for covered entities and business associates aim to improve overall protections for health data.

The HIPAA Safe Harbor Bill: LuxSci Is HITRUST CSF Certified

The core of LuxSci’s business relies on high levels of security and compliance, so we are proud to be HITRUST CSF Certified. Our systems and services have been independently verified to conform with the HITRUST CSF Assurance Program. This includes security controls for Massachusetts Privacy Law, the GDPR and HIPAA.

The certification covers all of our services at the time of the assessment, from our secure web forms to our email and web hosting. It covers our systems at the time as well, such as firewalls, load balancers, email servers, backup servers and more.

The comprehensive nature of the HITRUST CSF Certification program, along with LuxSci’s constant commitment to the best in security and compliance, ensure that our clients are always in trusted hands.

Tags: hipaa, HIPAA Safe Harbor Bill, HITRUST, Sae Harbor
Posted in HITRUST CSF, LuxSci Library: HIPAA
Comments Off on The HIPAA Safe Harbor Bill has Passed the Senate

The CMS Interoperability and Patient Access Final Rule

Tuesday, December 22nd, 2020

The Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access Final Rule is a mouthful, but it’s also an important step for improving how health data is accessed and shared. While the rule may be beneficial in certain ways, it’s not without its risks. It opens up the door for patient data to be shared with third-party app developers outside of the tight confines of HIPAA regulations, which could lead to more breaches of sensitive data.

CMS Interoperability and Patient Access Final Rule

Read the rest of this post »

Tags: cms, Cures Act, hhs, hipaa, Interoperability and Patient Access Final Rule, Rule
Posted in New Feature Announcements, LuxSci Library: HIPAA
Comments Off on The CMS Interoperability and Patient Access Final Rule

Business Associate Agreement: Explained

Monday, October 26th, 2020

If your organization collects, stores or processes electronic protected health information (ePHI) it will need a clear understanding of business associate agreements (BAAs). This also applies to businesses that process ePHI on behalf of other organizations.

Business Associate Agreements

Each business associate agreement stipulates how a company will share its ePHI with the respective business associate, and where the responsibilities lie. Unless your organization is a rare breed that has its own web hosting, email service, lawyers, accountants and every other aspect of its business in-house, then it needs to have these agreements in place with every provider that it shares ePHI with.

Read the rest of this post »

Tags: baa, business associate agreement, hipaa
Posted in LuxSci Library: HIPAA
Comments Off on Business Associate Agreement: Explained

LuxSci Achieves HITRUST CSF Certification

Thursday, October 22nd, 2020

LuxSci announces today that it has achieved the HITRUST CSF Certification, the gold standard and most widely adopted security framework in the healthcare industry.

LuxSci Achieves HITRUST CSF Certification

What is HITRUST CSF Certification and why should it matter?

Today, we are very proud to announce that LuxSci has achieved the HITRUST CSF Certification, the gold standard and most widely adopted security framework in the healthcare industry. The full fleet of LuxSci services, including Secure High Volume Email Sending, Secure Marketing, Secure Email Hosting, Secure Connector for Microsoft 365 and Google Workspace, Secure Forms, Secure Texting, and Secure Web Hosting, were audited by our third-party assessor, Security Compliance Associates, and have earned Certified status for HIPAA and GDPR under HITRUST.

Read the rest of this post »

Tags: GDPR, hipaa, HITRUST, security
Posted in HITRUST CSF, LuxSci Insider
Comments Off on LuxSci Achieves HITRUST CSF Certification

Is Skype HIPAA Compliant? If not, what is?

Saturday, May 9th, 2020

In recent times we have seen a huge push toward telehealth, so many are wondering, “Is Skype HIPAA compliant?” While Skype is a practical tool that many people have access to, it’s important to consider any regulatory obligations you need to meet before you use it.

If your business collects, stores, transmits or processes electronic protected health information (ePHI), then it is subject to HIPAA regulations. Organizations that process ePHI on behalf of other parties also need to stick within the rules, otherwise they may face heavy fines.

Regardless of whether your organization provides health services through video or it uses video platforms to process ePHI in any other way, it needs to make sure it is using software that abides by the regulations.

Wondering, “Is Skype HIPAA compliant?” is a good starting point, but there are several things to consider before you commit to a video conferencing service.

Do You Need a BAA to Make Skype HIPAA Compliant?

A business associates agreement (BAA) is a contract between your organization and any others that process its data. In essence, these agreements outline how ePHI will be used, what control measures will be in place, and where the responsibilities lie between the two parties.

BAAs are absolutely necessary for HIPAA compliance. Even if your organization and its partner share ePHI with every control and security mechanism imaginable, as well as following all other aspects of the regulations, it would still be violating HIPAA if a signed BAA was not in place.

If your organization is going to be sharing ePHI over a video service, then it needs to be HIPAA-compliant.* However, the only way that it can be HIPAA compliant is if a BAA is in place.

Is Only the Business Version of Skype HIPAA Compliant?

Skype comes in several different versions, but the basic, consumer oriented one is not HIPAA compliant. The only type that offers BAAs and which could be made HIPAA compliant is Skype for Business, which is one of Microsoft Office’s business communication tools.  Note that “Skype for Business” is a completely different service than consumer Skype. 

However, it’s also worth noting that Skype for Business is currently being phased out in favor of Microsoft Teams. If you don’t already have a supported version of Skype for Business, you should look for HIPAA-compliant alternatives instead. Support for Skype for Business Online ends in 2021, while support for Skype for Business Server will be extended until 2025.

With this in mind, it’s probably not worthwhile pursuing any version of Skype for HIPAA compliance. If you use the basic version of Skype, you will be violating the regulations, and even if you can get Microsoft to sign a Skype for Business BAA, you may have to switch your software in 2021 anyway.

HIPAA-Compliant Alternatives to Skype

Considering that Skype for Business doesn’t have much time left and that it is not even the same as “regular Skype,” your organization will be better off finding a HIPAA-compliant alternative. One option is LuxSci’s SecureVideo, which was designed specifically to make it easy to stay within the regulations.

SecureVideo was developed from the ground up with HIPAA compliance in mind, ensuring that it became a practical video calling service that made security and compliance simple. The Zoom for Healthcare-based platform is great for telemedicine and other forms of sharing ePHI.

SecureVideo includes handy features like screen-sharing, file-sharing, and virtual clinics, with a capacity of up to 100 participants. This makes LuxSci’s SecureVideo a convenient and compliant alternative to Skype.

 

* During the Covid-19 pandemic, HHS has waived responsibility for breaches through non-compliant video conferencing services, like Skype. So, while Skype may not be compliant, it is OK to use during the pandemic. However, as the pandemic subsides and this waiver is lifted, you should have transitioned to a service that is actually HIPAA compliant.

Tags: business associate agreement, chat, ePHI, hipaa, hipaa compliance, microsoft, phi, skype, telemedicine, video, video conferencing
Posted in Business Solutions, LuxSci Library: HIPAA
1 Comment »

« Older Entries
Newer Entries »