What 3 Recent Breaches Teach us About Data Security

15Sep 2020
By Stephen Trout

HIPAA Violation: Between the paper files containing PHI and two unencrypted USB storage devices, 4,056 patients had their private health information exposed. The PHI included patient names, dates of birth, and the kinds of services they received at Moffitt. 

In a perfect world, of course, physicians would be able to carry patient files (on paper) in their personal briefcase. Of course there was a time when they all would, for paper files were the norm. Yet while most health institutions have now transitioned to electronic records for faster…

Read more

Becoming HIPAA Compliant with HIPAA Guard

08Sep 2020
By Stephen Trout

What it doesn’t mean is that your organization as a whole is therefore HIPAA compliant. This is a vital distinction to make. In fact, the welfare of your data and of your organization depends on knowing the difference. 

What do we mean?

Let’s illustrate with an example. You’re driving down the highway at 65 mph, with cars whizzing by on either side of you. You feel confident that you’ll remain safe and secure in your vehicle, since you just had a complete, end-to-end safety inspection performed by your mechanic. 

Read more

How to Make Your Website HIPAA Compliant

31Aug 2020
By Stephen Trout

How to Heed This Wake-Up Call 

Clearly, failing to protect PHI is no small matter, but what’s it have to do with your website? Everything. If you host or plan on hosting a website that will interact with patient information, then security is everything. Hackers have a lucrative business selling medical records, and they get better at stealing them all the time. So why make it easy for them? 

It behooves you, then, to find a HIPAA web hosting specialist with trusted cybersecurity expertise, and also to verify that your host is following HIPAA guidelines. Preserving data…

Read more

How FISMA Requirements Can Impact HIPAA Compliance

11Aug 2020
By HIPAA Vault

So How Does FISMA Relate to HIPAA?

While FISMA and HIPAA requirements do share similarities in terms of required safeguards for sensitive information, following FISMA will cause HIPAA Compliance to be achieved without any additional methodology. This does not hold true going in the opposite direction, however; HIPAA guidelines do not encompass all that is required for FISMA compliance. 

HIPAA provides guidance to covered entities (those who handle protected health information, or PHI) to address the provisions required for the security and privacy of that health-related information. This may also apply to a…

Read more
HIPAA Encryption

HIPAA Encryption – Choosing the Right Kind

03Aug 2020
By HIPAA Vault

If you think about it, the reasons are understandable; technologies are subject to flux, and the changes often come rapidly. Painting with a broad brush about data protection, therefore, is a way of staying “technology neutral” as new techniques of protecting data are introduced. However, this dose not take away form the importance of HIPAA encryption.

Today, most providers realize that encryption is the technique of choice; HIPAA even states that covered entities (CEs) and their business associates should “implement a mechanism to encrypt PHI whenever deemed appropriate.” The “when appropriate” should…

Read more

Therapists, Telehealth, and HIPAA Email

28Jul 2020
By Stephen Trout

In addition, HIPAA privacy regulations – while calling for the application of appropriate protections for both you and your clients – weren’t intended to endorse specific technical solutions. The reason is clear: technologies are subject to flux, and the changes are often rapid.

In our present context, where life and ways of operating have changed significantly since COVID-19, one means of communication you’ve probably already transitioned to (or increased your use of) as a way of safely continuing to see clients, is telehealth services. Some EHR solutions already support this technology, with built-in, secure telehealth software…

Read more

HIPAA Compliance vs Certification – Do you Know the Difference?

17Jul 2020
By HIPAA Vault

So what’s really needed for HIPAA compliance? Does getting a certification guarantee adherance to HIPAA requirements? As with most questions, it helps to start by clarifying the relevant terms. Here’s the important distinction between compliance and certification:

  • HIPAA Compliance refers to adhering to the rules and requirements set forth by the Department of Health and Human Services (DHHS) policies and guidelines.
  • HIPAA Certification is the process to obtain or be awarded a document or designation to attest that a person has completed an educational course.

Note that these statuses cannot be used…

Read more

Kubernetes and Security: 6 Keys for HIPAA Compliance 

06Jul 2020
By Stephen Trout

What is Kubernetes?

Kubernetes is an open-source container system originally launched by Google, and comes from a Greek word meaning helmsman or pilot. It provides a unique platform for “automating deployment, and scaling operations of application containers across clusters of hosts.” 

In contrast to the old-school method of spinning up a whole new virtual machine for one application – an underutilization of the machine’s total resources – each container possesses all the self-contained applications (code and system tools) needed to run them. 

In addition, the strength of Kubernetes is also seen in its ability to choreograph…

Read more

Minimizing Healthcare Risk through Penetration Testing – Pt. 2

29Jun 2020
By Stephen Trout

HV: Ricoh, once you’ve done the work of thoroughly testing a company’s defenses with a penetration test, how might you communicate those results to the organization’s C-level executives (CISOs, CIOs, etc)? 

RD: I like to approach all C-level executives as if they were the CEO, because they all have a stake in the company’s well being and bottom line. We want them to embrace a posture of “collective fault and ownership,” instead of finger-pointing about weaknesses. (As an aside, I remember a hematologist company that we were working with that had developed a homegrown app., and…

Read more

Minimizing Healthcare Risk through Penetration Testing

19Jun 2020
By Stephen Trout

HV: Ricoh, it does seem that a major theme of your life has been protecting and advocating for others. Is that what motivates your interest in healthcare security as well?

RD: I’m passionate about ensuring that people’s lives and livelihoods are protected. I’ve seen how cyber security and digital forensics can be leveraged to uncover digital evidence that has helped patients; in law enforcement, I’ve seen how digital forensics is used to track down bad guys. From my military experience, I’ve seen how digital forensics evidence has helped make command decisions on the battlefield, saving soldier’s…

Read more

Our certifications