Managed Services for HIPAA Hosting

Often when purchasing hosting services and online space, the product is similar between providers. Many hosting providers use the same virtualization technologies and differ only in their implementations and the physical hardware used to house the virtualized environments. What does differ drastically between providers is the quality and array of managed services offered. In many … Continue reading Managed Services for HIPAA Hosting

Largest Patient Breach Blamed on Chinese Hacker Group

On Monday, August 18th, Community Health Systems (CHS) reported that it had been the victim of a cyber attack from a Chinese hacking group named “APT 18”, a group alleged to have ties to the Chinese government. APT 18 successfully stole a large quantity of PHI data, including social security numbers, contact information, and other … Continue reading Largest Patient Breach Blamed on Chinese Hacker Group

Strengthening IT Security for HIPAA Compliance

Per the Health Insurance of Portability and Accountability Act of 1996 (otherwise known as HIPAA) Security Rule, a number of “technical safeguards” combined with the physical security of the computer systems that store and interact with protected health information (PHI) make up the bulk of what is required in order to fall within the realm … Continue reading Strengthening IT Security for HIPAA Compliance

Best SQL Server for HIPAA Compliant Businesses

The term “SQL Server” refers to the Relational Database Management System (RDBMS) software which runs on the physical/virtual host. There are many different implementations of SQL (Structured Query Language) and choosing between them is dependent upon the database requirements and can have an impact on compliance efforts when dealing with HIPAA guidelines. Many choices are … Continue reading Best SQL Server for HIPAA Compliant Businesses

Retaining Data for a HIPAA Audit

HIPAA guidelines regarding data retention state that the logs (access/activity) and protected health information (PHI) documentation proving that the covered entity is adhering to the HIPAA Security Rule are retained for six (6) years. This regulation mandates that records are to be retained for essentially any interaction with patient PHI and personally identifiable information (PII), … Continue reading Retaining Data for a HIPAA Audit

Server Hardening for HIPAA Systems

When compromising a HIPAA server, more often than not, the fundamental shortcoming (“exploit”) of the software that has allowed a user to gain unauthorized access is not inherent to the software being used, but is often a weakness caused by improper configuration or lack of patch application. The process of disabling the system services that … Continue reading Server Hardening for HIPAA Systems