Resources

Strengthening IT Security for HIPAA Compliance

Per the Health Insurance of Portability and Accountability Act of 1996 (otherwise known as HIPAA) Security Rule, a number of “technical safeguards” combined with the physical security of the computer systems that store and interact with protected health information (PHI) make up the bulk of what is required in order to fall within the realm... Continue reading

Best SQL Server for HIPAA Compliant Businesses

The term “SQL Server” refers to the Relational Database Management System (RDBMS) software which runs on the physical/virtual host. There are many different implementations of SQL (Structured Query Language) and choosing between them is dependent upon the database requirements and can have an impact on compliance efforts when dealing with HIPAA guidelines. Many choices are... Continue reading

Retaining Data for a HIPAA Audit

HIPAA guidelines regarding data retention state that the logs (access/activity) and protected health information (PHI) documentation proving that the covered entity is adhering to the HIPAA Security Rule are retained for six (6) years. This regulation mandates that records are to be retained for essentially any interaction with patient PHI and personally identifiable information (PII),... Continue reading

Server Hardening for HIPAA Systems

When compromising a HIPAA server, more often than not, the fundamental shortcoming (“exploit”) of the software that has allowed a user to gain unauthorized access is not inherent to the software being used, but is often a weakness caused by improper configuration or lack of patch application. The process of disabling the system services that... Continue reading

Beyond the Bounds of HIPAA Compliance

With all the talk of compliance to meet the requirements of the Health Insurance of Portability and Accountability Act of 1996 (otherwise known as HIPAA) and the different criteria that needs to be met to pass such an audit, it is easy to lose sight of the real fundamentals of HIPAA. What does compliance really... Continue reading

Multi-factor Authentication, Code Spaces, and the Amazon Attack

Most people are familiar with the idea of passwords, and the importance of using strong ones. However, what many don’t know is that there’s no such thing as an uncrackable password. With proper resources and time, an attacker can crack any password by means of brute force (trying every permutation in a given table). With... Continue reading

Apple’s HealthKit App may Require HIPAA Compliance

At the Apple Worldwide Developers Conference in 2014, Apple unveiled Health, an iOS8 application designed to create a data collection point for third-party accessories. In theory, Health centralizes health data collected by a user in order to interface with wearable technology. In addition to Health itself, Apple also unveiled HealthKit, the developer application programming interface... Continue reading

5 HIPAA Compliance Tips for Healthcare Startups

Maybe more so than any other industry, starting a business in the healthcare field is fraught with pitfalls that could put a serious obstacle in a healthcare company’s path. Handling and manipulating patient information in ways that can help physicians and other healthcare professionals more easily provide care is often the function of new healthcare... Continue reading

Best Web Server for HIPAA Compliant Hosting

Of all the things that make up a website, the most basic and low-level is the webserver. This is the application that serves the hypertext markup language (otherwise known as HTML) content to the user and makes a document that lives on a server somewhere viewable by a user with a web browser. Hypertext Transfer... Continue reading

$800,000 fine for violating HIPAA regulations

In September 2008, employees of Parkview Health System Inc. returned some files to a retiring physician. Allegedly, Parkview Health System initially took custody of these documents in order to facilitate these patients' transfer to new providers. The employees brought these boxes of documentation to her residence and, after realizing she was not home, left the boxes on the driveway. This was an innocent mistake on the part of these employees; this ignorance of HIPAA laws and careless handling of protected health information (PHI) led to a notable violation of HIPAA regulations. This incident resulted in Parkview Health System, Inc. having to pay a sizable 'Resolution Amount'.