Right Encryption

Protecting your Patient’s Privacy –

it’s a necessity for sensitive data like protected health information (PHI). 

And yet, HIPAA regulations can seem a bit vague about exactly how it should be done. Actually, that’s intentional; HIPAA wasn’t intended to endorse specific technical solutions. 

Read more

Your patients value your counsel, and are willing to share with you their deepest, personal struggles. As a therapist, you handle that information as a sacred trust. Unfortunately, that trust may be broken – however unintended – through an unwise use of technology.  

No doubt, technology allows for flexibility in the way you share and store protected health information; you harness the tools that best fit the needs of your practice. 

Read more

All healthcare organizations, health app developers, and associated covered entities are responsible to protect sensitive, medical data. But for some, it’s tempting to think that the right software solution or security tool is sufficient to make them HIPAA compliant.

Certainly, technology plays an important role. But HIPAA compliance depends on much more than the right security tools, or even obtaining a certification.

Read more

When it comes to deploying applications and services at scale, the ability to use efficient, containerized pieces of software has clearly changed the game. 

Containers are highly valued for their portability and ability to run on various environments – including local desktops, virtual and physical servers, test and production environments, and in private or public clouds. As widespread adoption of containers continues, Gartner’s prediction that more than “70% of global organizations will run containerized applications by 2022” certainly seems accurate. 

But what about security, particularly for healthcare applications? The good news is container systems like Kubernetes can be HIPAA Compliant, with the right security measures applied. (If you paused reading the last sentence and thought Kuber-what?, here’s a quick overview):

Read more

In part-1 of our interview with Ricoh Danielson, we discussed how a comprehensive, “real world” penetration test (also known as ethical hacking) can help you fix the gaps in your company’s security. 

Why do you need it? 

Let’s take a moment to recap why you need it: for those in healthcare especially, cybercrime represents an enormous risk to both patients and health organizations. The beauty of an objective pen test report from someone “outside” your organization is that the IT team as well as executives can see their security blind spots, and leverage this “early detection” to make changes. Your sensitive patient data can be better protected, while saving you a bundle in potential breach costs, downtime, and remediation. 

That said, let’s continue our conversation with Ricoh:

Read more

Part 1 of an interview with Ricoh Danielson, Information Security Expert

Ricoh Danielson is an impressive guy. From his time serving as a US Army Combat soldier in Iraq, to becoming a legal advocate for veterans in their battle to receive PTSD treatment; then later developing his security expertise in digital forensics for law enforcement and the military, Ricoh has dedicated himself to a singular passion: protecting others.

Now a leader in Information Security, Ricoh has turned his sights on healthcare – an industry frequently targeted for cyber attack. It was a privilege to speak with him recently about how healthcare organizations can improve their critical security posture, and specifically, the need for penetration testing – a practice that fits in well with a comprehensive, HIPAA compliance program:

Read more

You like saving everything to your hard drive – it’s what you do. Then your laptop or tablet gets lifted, right out of your car.  

Sure, you thought it was safer to have sensitive information under your own watchful eye – except when it was on your car seat, while you went to the 7-11 to get gum. (Expensive gum!)  

Then again, computer hard drives have been stolen right out of offices, and cell phones with private health data have fallen into the wrong hands, leading to serious breaches. Which brings up a question:

Is sensitive data – such as Protected Health Information (PHI) that passes through your Office 365 apps and remains on your hard drive – really safer than in the cloud?

Read more

“Have you seen the video?” It’s a query for a connected world, bringing the world up close. From cell phones to visual doorbells – even police body cams – video helps tell a story – and maybe solve a crime. 

Now imagine this crime is an attempt to steal your company data, or disable your website. It might even be your employee (61% of IT leaders do believe their employees maliciously put their sensitive data at risk, according to a 2019 survey), or one of your contractors.

Chances are, there won’t be a video; however if a digital record of system events exists, then you’re in business. With these logs, crucial questions can now be answered: Who accessed the system? How was a breach attempted? What was the extent of the damage, if any? Armed with this data, audit logs help you stay proactive, able to track and possibly prevent future malicious activity.

Read more

One of the clear lessons of our recent pandemic has been that an invisible virus can do great harm to a body, if only given a “portal” through which to enter. The “attack vectors” are varied, if not deceptive: airborne, on surfaces, and even by those who show no symptoms.

Fortunately, we’ve learned firsthand how the vigilant use of protections – while not a guarantee – does help limit transmission, keeping us and our communities safer.

Read more

Note: It’s National Hospital Week, celebrating hospitals, health systems and health care workers. This year’s theme: “A Week of Thanks.” 

With that in mind, and especially during these trying times, we wanted to take a few weeks away from our series on HIPAA Plugins for WordPress to mention the important contributions of our own Terri Vidals and the Los Angeles Surge Hospital – a new, “Covid-19 Only” hospital fighting to stem the tide of the novel coronavirus. You can read part-1 here. 

Read more

Our certifications