" hitech Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘hitech’

Opt-out email security: A step towards better HIPAA Privacy Rule compliance

Tuesday, August 22nd, 2017

Breaches of electronic Personal Health Information (ePHI) from email communications amongst HIPAA covered entities, their business associates, and health care consumers reveals a common pattern. Patient records are often emailed unencrypted (see here, here and here), or sent to unintended recipients (examples here and here).  Poor email practices might also cause bulk emails (e.g., health newsletters, office closing notices etc.) to be sent without masking the names/emails of the recipients (see here). All of these can be breaches of HIPAA.

Email Breach

Email breaches continuously leak ePHI from healthcare

While not as prominently exposed by the media as hacking incidents, where large numbers of records can be compromised in a single attack, HIPAA violations owing to poor email practices proceed at steady rate. However, the consequences can be as just as problematic for the healthcare provider, despite the smaller number of exposed individuals. The insidious drip-drip-drip leakage of ePHI via improper email usage is often harder to handle and the sort of ePHI exposed can be subtle.

Read the rest of this post »

HIPAA Law and HITECH/Omnibus Conformance – Small Medical Practice

Monday, August 14th, 2017

As the owner of a small to medium-sized medical business (a 1-19 physician practice, say, with 5-50 employees) you have many concerns – how to hire and retain competent staff, how to deal with your vendors such as office payroll, billing and collection services, and, above all, how to serve your patients’ needs in the most economical and expeditious way.  I.e., by speeding up scheduling, quickly accessing medical records, coordinating treatment with other doctors, etc. Time spent managing your information and communications infrastructure for HIPAA or HITECH compliance may not seem to be the most critical aspect of your work.

HIPAA / HITECH

However, the use of ICT – information and communications technologies –  in the healthcare industry has become increasingly pervasive and has special relevance for every medical practitioner, given the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which adds more substance to the original Health Insurance Portability and Accountability Act (HIPAA)  privacy and security rules.  HITECH also incentivizes medical practitioners to step up their use of electronic health records (EHR) to “exchange electronic health information with, and integrate such information from, other sources.”

Read the rest of this post »

Interview with Mason Rothert, CEO of Mediprocity our partner for SecureChat

Friday, February 20th, 2015

Mason Rothert is the CEO of Mediprocity, the company that we have partnered with and worked closely with to provide LuxSci SecureChat.

Mason Rothert & Nicholas Magers conceived Mediprocity while working together in the healthcare field calling on physician offices and healthcare provider centers. At the time, Mason Rothert was working as V.P. of Sales and Technology for a management company overseeing long-term care facilities and a full range therapy company. Nicholas Magers was finishing up his MBA at USC and working for a pulmonary company as a sales director. They decided to combine forces in order to solve the fragmentation of communication amongst covered entities and business associates in healthcare. They would focus on the new technologies available as well as the growing need to encrypt patient health information in order to prevent data breaches.

Mediprocity begin in 2009 as a social network for healthcare.  The Company culture has always been to be physician-centric and to help improve communications.  As smartphone and text messaging popularity grew rapidly, it was clear in 2010 that Mediprocity needed to become a simple secure solution for HIPAA-compliant communication.  They set out to combine the best elements of instant messaging, SMS text, and Email.

LuxSci has integrated the Mediprocity secure communications product into its offering and is continuing to work closely with them to integrate the SecureChat service more and more tightly with LuxSci’s SecureLine secure emailing offerings.

Mason has agreed to this interview so that we can answer many common SecureChat-related questions for you.

Read the rest of this post »

HIPAA Compliance Checklist: What You Need To Do

Thursday, January 29th, 2015

LuxSci provides HIPAA-compliant services and must itself maintain HIPAA-compliant business operations in order to comply with HIPAA HITECH and Omnibus regulations.  As such, many of our customers and leads look to us to find out exactly what they need to do to be compliant.

This article provides you with a quick and easy-to-read overview of the various things needed for compliance.  The items given below should not be considered a complete or formal list for compliance, nor will doing all of these things guarantee that you are compliant.  As always, we recommend that you consult a lawyer to determine the compliance needs specific to your particular situation

Read the rest of this post »

What exactly does HIPAA say about Email Security?

Friday, August 30th, 2013

Performing daily business transactions through electronic technologies is accepted, reliable, and necessary across the nation’s healthcare sectors. Therefore, electronic communications and email have become a standard in the healthcare industry as a way to conduct business activities that commonly include:

  • Interacting with web-savvy patients;
  • Real time authorizations for medical services;
  • Transcribing, accessing and storing health records;
  • Appointment scheduling;
  • Referring patients; and
  • Submitting claims to health plan payers for payment of the services provided.

Read the rest of this post »

HIPAA: A Crash Course

Wednesday, July 25th, 2012

LuxSci has written much about how HIPAA and HITECH impacts various aspects of your online business over the years.  Here we bring together most of these discussions into a framework that makes it easy for you to find and read about the aspects of HIPAA most relevant and interesting to you.

Read the rest of this post »

HIPAA Faxing: How To Send and Receive FAXes in a Secure and Compliant Way

Friday, May 6th, 2011

We have previously discussed how it may be OK according to HIPAA to send and receive FAXes with ePHI over standard analog phone lines.  See: Is a FAX document HIPAA-Secure?

However, we have observed that customers more and more wish to integrate FAXing with their computers, taking advantage of the “paper-free” office that is arriving most places.  Why should they have to print and manually fax things or receive FAXes on an old-fashioned FAX printer, when their computers have FAX capability?  Can that capability be used in a HIPAA-compliant way?

The answer is “Yes, you can”.  This article explains how and points out things to watch out for.

Read the rest of this post »

Is Blackberry HIPAA Compliant? What You Need To Know

Tuesday, July 13th, 2010

We are often approached by customers wanting to use their blackberry mobile devices to send and receive email that may contain electronic Protected Health Information (ePHI).  Such customers, when they must abide by the HIPAA and HITECH laws governing medical privacy, must comply with a long set of regulations that covers, among other things, how ePHI may be transmitted over the Internet.

This article deals with the security of sending and receiving email on a Blackberry configured for Internet email services (i.e. it does not apply to those connecting to an Blackberry Enterprise Server and Exchange).

Read the rest of this post »

HIPAA HITECH Business Associate Agreement and LuxSci Account Requirements

Saturday, January 30th, 2010

Changes to HIPAA as a result of HITECH provisions in the American Recovery and Reinvestment Act are going into effect on February 17, 2010.  These changes seriously impact the requirements on Business Associates and impose significant liability penalties on HIPAA violations.  For a discussion of these and how they relate to email and web services, see: HITECH 2010: HITECH Impact on Email and Web Outsourcing.

In response to these changes and to ensure that both LuxSci and its HIPAA customers are HIPAA-compliant:

  • Old BAA Void: All Business Associate Agreements (BAA), formerly known as Medical Privacy Agreements, that current LuxSci customers have by virtue of the old BAA being incorporated automatically in LuxSci’s Master Services Agreement are VOID as of February 17th, 2010.
  • New BAA Required: Any LuxSci Customer who is using or plans to use LuxSci for ePHI (electronic protected health information) of any kind (i.e. email, web sites, WebAides, databases, etc) must explicitly sign our new BAA and ARA (Account Restrictions Agreement) before LuxSci will consider itself a Business Associate and the customer’s LuxSci account HIPAA compliant.

LuxSci will be contacting customers that it believes might need to sign a BAA and ARA during the month of February.  However, as LuxSci does not know which customers are using their account(s) for storage or transmission of ePHI, it is up to our customers to contact LuxSci to establish a BAA.

See:

Read the rest of this post »

Security and HIPAA Changes Coming Soon to LuxSci

Wednesday, January 20th, 2010

On January 30th, 2010, LuxSci will be releasing a set of software updates that add new security features and enhance existing security features.  Additionally, LuxSci is introducing a new Business Associate Agreement for HIPAA customers — one that complies with the new HITECH provisions of HIPAAThese changes will impact some existing and future customers, as described in this notice.

Read the rest of this post »