Resources Archives

By Gil Vidals, October 1, 2014, HIPAA Blog, Resources

Understanding PIPEDA Data Protection for IT Pros

Personal Information Protection and Electronic Documents Act (PIPEDA) is the Canadian law that serves as the rulebook on data privacy. In some regards, PIPEDA has many parallels with HIPAA in terms of the way that it mandates certain handling of electronic health information. However, PIPEDA does not concern primarily with protected health information (PHI), as... Continue reading

By Gil Vidals, September 17, 2014, HIPAA Blog, HIPAA Compliance, Resources

Managed Services for HIPAA Hosting

Often when purchasing hosting services and online space, the product is similar between providers. Many hosting providers use the same virtualization technologies and differ only in their implementations and the physical hardware used to house the virtualized environments. What does differ drastically between providers is the quality and array of managed services offered. In many... Continue reading

By Gil Vidals, September 10, 2014, HIPAA Blog, HIPAA Compliance, Resources

Largest Patient Breach Blamed on Chinese Hacker Group

On Monday, August 18th, Community Health Systems (CHS) reported that it had been the victim of a cyber attack from a Chinese hacking group named “APT 18”, a group alleged to have ties to the Chinese government. APT 18 successfully stole a large quantity of PHI data, including social security numbers, contact information, and other... Continue reading

By Gil Vidals, August 19, 2014, HIPAA Blog, HIPAA Compliance, Resources

Best SQL Server for HIPAA Compliant Businesses

The term “SQL Server” refers to the Relational Database Management System (RDBMS) software which runs on the physical/virtual host. There are many different implementations of SQL (Structured Query Language) and choosing between them is dependent upon the database requirements and can have an impact on compliance efforts when dealing with HIPAA guidelines. Many choices are... Continue reading

By Gil Vidals, August 14, 2014, HIPAA Blog, HIPAA Compliance, Resources

Retaining Data for a HIPAA Audit

HIPAA guidelines regarding data retention state that the logs (access/activity) and protected health information (PHI) documentation proving that the covered entity is adhering to the HIPAA Security Rule are retained for six (6) years. This regulation mandates that records are to be retained for essentially any interaction with patient PHI and personally identifiable information (PII),... Continue reading

By Gil Vidals, August 12, 2014, HIPAA Blog, HIPAA Compliance, Resources

Server Hardening for HIPAA Systems

When compromising a HIPAA server, more often than not, the fundamental shortcoming (“exploit”) of the software that has allowed a user to gain unauthorized access is not inherent to the software being used, but is often a weakness caused by improper configuration or lack of patch application. The process of disabling the system services that... Continue reading

Resources - Page 61