Nat'l. Cybersecurity Awareness Month: Wk.#3

We live in an amazing time, one in which a growing number of sophisticated, ‘internet of medical things’ (IoMT) are facilitating critical treatments to improve patient health. Consider just two: difficult-to-monitor, chronic conditions like diabetes and heart failure are benefitting from “smarter” insulin pumps and pacemakers – both aided by real-time, remote monitoring and feedback loops.

Faster data processing is key: imagine having instant access to your body’s most basic functions (your “vitals”) through an assortment of “wearables” that can monitor heart rate, breathing or respiration rate, glucose levels, and more. This important data, combined with immediate access to your medical history provides physicians the capability to quickly respond to critical alerts, without requiring an office visit. 

Read more

Securing our Mobile Devices

No doubt, 2020 has disturbed the status quo in numerous ways, impacting our work, schooling, and social gatherings – even the way we receive our healthcare. 

And while the pandemic has hastened this transition to online health services – from telehealth to mobile health apps – a recent analysis notes how this change was already well underway, even before Covid-19 was a reality:  

Read more

If You Connect It, Protect It

October is National Cybersecurity month, and ‘If you connect it, protect it’ is the theme for week #1. (With over 90% of the US population now on the internet, the theme easily might have been ‘When you connect it, protect it’). 

It’s an apt reminder, as cyber criminals are capitalizing on the continuing explosion of data and connected devices: studies indicate that in 2016 organizations experienced a ransomware attack on the average of every 14 seconds; by 2021, it is estimated that frequency will be down to every 11 seconds. 

Read more

Today’s healthcare organizations put a premium on positive engagement and patient satisfaction. As a healthcare website developer, you seek to foster this with flawless functionality and elegant features to improve the user’s experience.

You do this by clarifying your brand, and what sets it apart; highlighting the provider’s services clearly is also key. In the end, you hope to strengthen relationships and attract new clients, so the practice will thrive.

Read more

All healthcare organizations, health app developers, and associated covered entities are responsible to protect sensitive, medical data. But will a simple software solution or training course be sufficient to make them HIPAA compliant?

Certainly, technology plays an important role. But HIPAA compliance depends on much more than the right security tools, or even obtaining a certification.

Read more
Save lives

It’s Time to Reframe Cybersecurity as an Essential Part of Patient Care

Sadly, it’s happened: As reported in the New York Times, on September 10 a woman fighting for her life was turned away from the University Hospital, Düsseldorf because hospital servers were infected with ransomware. With vital systems crashing, emergency treatment could not be administered. By the time the woman could receive services – in another hospital, 20 miles away – the hour delay resulted in her death. 

Read more

A quick survey of 3 recent breaches - including one very high profile case -  reminds us to be especially vigilant to avoid these all-too-common scenarios with protected health information

Breach #1: PHI on paper – even in your personal briefcase – isn’t good protection, and can lead to a breach of PHI

The following breach serves as a case-in-point: On July 2, 2020, a doctor from Lee Moffitt Cancer Center and Research Institute in Tampa left a briefcase in his car – never a safe place for paper files with PHI to reside – and the briefcase was stolen.   



Read more

Congratulations, you’ve made a wise choice to entrust your sensitive data to a proven, HIPAA compliant hosting specialist like HIPAA Vault! But wait – in terms of overall compliance, what does that really mean?

It does mean that the technical infrastructure we employ to host your sensitive data is fully compliant – expertly designed with multiple layers of security to protect your ePHI both in storage and in transit. Years of security and hosting expertise along with dedicated, live customer service work together to make “the HIPAA Vault difference.” 

Read more

They say you never know until it hits you. Whoever “they” are, they’ve got a point – especially if the “it” is failing to secure someone’s personal, protected health information (PHI). Once this sensitive data is divulged, the genie is out of the bottle – and the impact can be staggering.  

Just ask Advocate Health System, past bearers of a $5.5 million fine from the Office of Civil Rights (OCR) for allowing 4 million records to be breached (in 3 separate occasions), back in 2013. Among the security lapses was an unencrypted laptop containing patient records, stolen from an employee’s car.

Even more than the costly, regulatory fines that may come with HIPAA violations, ($100 to $50,000 per incident, depending on your degree of negligence, such as failures to do risk assessments and encrypt devices), the real issue is your customer’s welfare. If their personal, protected health information is made public, it damages them personally. Not only will you have lost the trust of someone you’ve sworn to “do no harm to,” but they may even decide to take legal action against you for damages.  

Read more

In the world of compliance requirements, two types of business practices are generally distinguished. The first, known as the “private sector,” are those regulations that apply to the for-profit, commercial industry. These may include HIPAA (for protected health information), SOX (for financial reporting), GLB (pertaining to information sharing), and others.

The “public sector,” on the other hand, is the business of the US Federal Government, and may include these governing security controls as well as the requirements of FISMA.

FISMA, or the Federal Information Security Management Act (enacted in 2002 and modernized in 2014) requires all agencies to protect sensitive data, according to the relevant information security guidelines of the FIPS 199 & 200 publications, and the technical configurations found in the NIST (National Information Security and Technology) 800 series, especially SP-800-53. 

Read more

Our certifications