" privacy Archives - LuxSci

Posts Tagged ‘privacy’

6 Essentials For Privacy and Security in Telehealth

Thursday, September 21st, 2017

HIPAA covers Telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program. 

The rise of telehealth in healthcare has transformed patient-doctor interaction. Nonetheless, the privacy and security of protected health information (PHI) still remain a big question. These concerns make sense because a new technology, usually, comes with new challenges.

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

Are you encouraging insecurity via your Web site contact and intake forms?

Friday, April 15th, 2016

Many Web sites have “contact us” pages and other Web forms for receiving requests from existing or potential customers.  This includes “new patient intake” forms on the Web sites of healthcare providers.

 

The garden variety Web form suffers from several serious problems:

  • Spam – Getting unwanted form submissions from Web robots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your Web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions.   Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data.   This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice”.  Why?

Read the rest of this post »

Does sending email using BCC make it HIPAA Compliant?

Thursday, January 30th, 2014

HIPAA Email SecurityPeople have asked us if sending an email to someone via BCC (Blind Carbon Copy) is HIPAA-compliant.  For example, a doctor’s office sending a newsletter to its patients via BCC.  The presumption is that because when a message is sent via BCC, the recipient’s email address is not visible in the message that there is no way to identify the individual(s) to whom the message was sent and thus the messages do not contain any “personally identifiable health information” (ePHI) that is protected by HIPAA.

The short answer is “BCC is not good enough“.  For the long answer, read on.

Read the rest of this post »

Dangers of Private Domain Registrations and WHOIS Masking

Wednesday, January 22nd, 2014

Any time you register a domain name, you are required to provide valid contact information for the owner of the domain.  This information is published and made publically available in the “WHOIS” database.  Anyone can look there to see who owns the domain and to contact the domain owner if necessary.

Private Domain Registration, or WHOIS Masking, or contact privacy, is a service offered by some domain registrars where they will either (a) not publish the domain owner’s contact details, or will (b) publish “masked” details — i.e. details that point to anonymous names and addresses at the registrar.

Read the rest of this post »

LUXSCI