Mobile Device Management and HIPAA

24Nov 2020
By Stephen Trout

Case 1: Back in 2014, Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia was serving as an active business associate to six skilled nursing facilities, providing information technology services.

Unfortunately, one of their iPhones containing the unencrypted, protected health information of 412 nursing home patients – including social security numbers, diagnosis and treatment information, and the names of family members and legal guardians – was stolen.

The resulting breach led to a $650,000 HIPAA fine.

In addition to meeting the fine, CHCS agreed to a corrective action plan. While assessing the fine,…

Read more

Ten Essentials to Look for in a HIPAA Compliant Hosting Company

17Nov 2020
By Stephen Trout

Proactive care By providing a highly responsive environment, a HIPAA host actually enables the high data availability and timely access of patient data and critical treatment information you depend on every day. Obviously, if you can’t access your patient data when you need it, it’s hard to provide good treatment.

Preventive care By providing a highly secure environment, a HIPAA host also protects your patient data from being corrupted, or held for ransom. Your patients will thank you that their private information wasn’t stolen, and/or advertised…

Read more

3 Healthcare Security Wake Up Calls

12Nov 2020
By Stephen Trout

In the business of healthcare technology and cybersecurity, the same holds true: violent storms and invisible icebergs (malicious viruses, cyberattacks) may indeed rock our boat, but they also motivate us to do something more than grab a life jacket and bail out. We begin to think how to “secure the ship” in new ways. 

One reason we’ve done this is that the storm of COVID-19 has seen opportunists – unscrupulous actors seeking to exploit the “fear and uncertainty caused by the unstable social and economic situation” as INTERPOL reported. COVID-19 themed…

Read more

A HIPAA Compliant, Multi-Server Environment

03Nov 2020
By Stephen Trout

Your HIPAA compliant plan will therefore include a minimum of three servers: an isolated Web Server, Web Application Firewall (WAF), and a Database Server. Our IT Security Specialists expertly configure your server network with layers of “protective armor” – including access controls, encryption, and customized 24/7 monitoring – to guard against malicious attack.

System Security, Resource Utilization 

It is “best practice” for protected health information (PHI) to keep your database server separate from your website server. In this way, even if your public-facing web server were to be compromised, the database server would be inaccessible. 

Having dedicated…

Read more

The Future of Healthcare: IoT, 5G, & Managed Security

27Oct 2020
By Stephen Trout

In this final week of National Cybersecurity Awareness month, we’ll look closer at the Internet of Things (IoT) with a particular focus on what this means for cloud, HIPAA, and the future of healthcare. Two trends will be especially impactful: the rise of 5G, and the growth of managed security and cloud. 

Where We Are

It is estimated that nearly 11.6 billion IoT devices will be in operation by next  year. 

Many of these IoT devices lack the capability for security patching – they simply weren’t designed for it – and so currently depend on the…

Read more

Securing IoMT for Healthcare

19Oct 2020
By Stephen Trout

Unfortunately, the threats to these connected devices are also real; just like any computer, IoMT software can be hacked and viruses may crash critical systems. But unlike the typical computer that gets bumped offline – albeit with potentially costly downtimes – in this case the consequences may be deadly: think dangerous loads of insulin delivered to diabetics, or sabotaged pacemakers for already erratic heart conditions. (Remember former VP Dick Cheney’s very real concern about potential assassination plots via his implanted defibrillator?).

To make matters worse, the issue of security updates…

Read more

Week 2 of National Cybersecurity Awareness Month

13Oct 2020
By Stephen Trout

With smartphones and mobile devices, medical wisdom and even physicians are just a couple screen taps away. Besides apps, telemedicine is already a well-established practice. In 2014, about 15 million people in the United States received care via the Internet. By 2020, the global telemedicine market is expected to be worth more than $34 billion.

Patients enjoy the convenience of telemedicine. Providers experience greater productivity by being able to see more people. And insurers love the cost savings. In fact, insurers and employers are increasingly willing to pay for telemedicine.

Despite this, an alarming…

Read more

Week 1 of National Cybersecurity Month

06Oct 2020
By Stephen Trout

For healthcare, an emphasis on preventive care and greater personal monitoring will require added vigilance. “Wearables,” remote monitoring, smartphone apps, and telehealth are all connected technologies changing the way care is delivered right now – and all of these need IT protections. 

What will this mean going forward? A recent analysis promoting this digital transformation in healthcare concludes, 

Healthcare organizations will need a robust yet scalable security and storage ecosystem that is regularly backed up, available, and fully compliant. As patients demand more access to their…

Read more

HIPAA WordPress for Developers

28Sep 2020
By Stephen Trout

To achieve all this, you require a solid foundation. This begins with a secure infrastructure for handling electronically protected health information (ePHI) – one that preserves data integrity, availability, and privacy. Flexibility, speed, and cost efficiency are also critical. This is what HIPAA WordPress provides.

Still, you imagine that a HIPAA compliant infrastructure may be costly; you wonder if you can possibly build out the necessary safeguards yourself. Many developers have taken up the challenge, only to discover that meeting all the requirements for HIPAA compliance can be daunting. Thousands of hours later, mounting…

Read more
HIPAA certification vs HIPAA compliance

HIPAA Certification vs Compliance – Do You Know the Difference?

25Sep 2020
By Stephen Trout

So what’s really needed for HIPAA compliance? Does getting a certification guarantee adherance to HIPAA requirements? As with most questions, it helps to start by clarifying the relevant terms. Here’s the important distinction between compliance and certification:

  • HIPAA Compliance refers to adhering to the rules and requirements set forth by the Department of Health and Human Services (DHHS) policies and guidelines.
  • HIPAA Certification is the process to obtain or be awarded a document or designation to attest that a person has completed an educational course.

Note that these statuses cannot be used interchangeably; they each have their own separate purposes. For…

Read more

Our certifications