Posts Tagged pcihipaa

How Can You Ensure Your Email is Safe and HIPAA Compliant?

How Can You Ensure Your Email is Safe and HIPAA Compliant?

Using free email providers like Gmail, Yahoo, and MSN are expedient and easy to set up. It’s the reason why some healthcare providers rely on them. While you could stretch to make the argument that these email services can be configured to be “HIPAA capable,” none in the eyes of security experts are HIPAA compliant. And not complying with the safeguards required by HIPAA law can lead to unnecessary violations and costly fines.

What Makes Email Vulnerable?

We all send countless emails every day without thinking about it. But from a technological and safety perspective, there are several links in the chain, which make email vulnerable to malicious interference. Once an email is sent it moves from your workstation to your email server…then onto your recipient’s email server…from there your recipient’s workstation pulls the message from their server. Along the way, there’s a copy of the email stored on each workstation and server.

To satisfy HIPAA requirements, protected health information must be secure both at rest and in transit. This entails having your email messages protected while resting on workstations and servers, but also being secure until they reach the intended recipient’s inbox. There are paid services, like Google’s G Suite, that claim to be HIPAA compliant, but they don’t encrypt your email all the way to the recipient’s inbox. If your email is not secure while in transit, it is susceptible to theft.

The Business Associate Aspect

A big issue with using free email providers is the lack of business associate agreements. As a responsible health care provider, you must have signed agreements with any third-party vendor that handles your protected health information. This means your email and file sharing service needs to sign a business associate agreement in order for them to be HIPAA compliant. Unfortunately, this isn’t possible with free email providers and taking a chance on using one could have costly and disastrous consequences.

Phoenix Cardiac Surgery found this out the hard way in 2012. That’s when they were forced to pay the Department of Health and Human Services $100,000 for HIPAA violations. One of the company’s abuses— as uncovered by the Office for Civil Rights’ investigation—was transmitting electronically protected health information to its employees’ private email accounts using an internet-based email service and posting sensitive data on a publicly accessible, Internet-based calendar service. Phoenix Cardiac Surgery did not have a business associate agreement in place with these vendors, which is a violation of the HIPAA Security Rule.

The Best Way To Secure Your Email

At PCIHIPAA, we offer an email add-on that encrypts your emails and integrates with Outlook, Gmail, and other popular email providers. It’s easy to use, as it allows you to send messages as you normally would. Your recipients are able to view your messages without any software on any browser. With our HIPAA-compliant email solution, you can track and verify that your email has been received by the intended patient. We utilize military-grade end-to-end encryption which ensures that cybercriminals aren’t able to intercept your sensitive data and disrupt your business.

We’ve all heard horror stories about protected health information being compromised via email. It’s simply not worth risking HIPAA violations and fines to use an unsecured email provider.

Call us today at 800-588-0254 and let us know you’re a Medical Association of the State of Alabama member to find out how we can set up an email solution that gives your practice peace of mind and 100% assurance of being HIPAA compliant.

Posted in: HIPAA

Leave a Comment (0) →

The Painful Reality of Ransomware and How to Protect Against It

The Painful Reality of Ransomware and How to Protect Against It

Imagine if in a split second you were unable to access all of your patients’ health care records. A cruel ransomware attack had locked you out of your computer system, and in order to regain your precious data you needed to pay a cybercriminal’s demand in bitcoin.

Unfortunately by the time you finish reading this article several businesses in the U.S. will experience this dreadful reality. Most commonly the disaster will occur when an infected email attachment is opened and spreads through a network.

Health care providers have a significantly higher risk of being targeted by ransomware. The reason for this is simple: you possess a large amount of data that is valuable to cybercriminals. In addition, hackers know you need to access medical records, digital x-rays, and test results to provide medical services to your patients. This, they hope, will motivate you to meet their demands to get your protected health information back.

A sudden disruption to a business proves to be a strong impetus. Nearly three-quarters of businesses infected by ransomware pay up to recover their data. Studies show, however, that less than half of them receive the necessary decryption key to unlock their data. The good news is there’s a simple, secure solution to avoid going through this painful scenario.

Ironclad Data Protection

Many practices don’t have the expertise, time or resources to deal with a ransomware attack. Many feel confident that their IT service provider has addressed security and backup needs in the event of a disaster. As a leading provider of HIPAA compliance software, we know several cases where a practice’s IT provider has not properly backed up their system. This can put you in the unenviable position of having to deal with unsavory cybercriminals. Here’s how our OfficeSafe software protects your data with the most secure online backup storage service available, and alleviates worries about a ransomware attack.

We provide a HIPAA compliant data backup solution with 256-bit encryption and SQL database restoration. This makes backing up and restoring your practice’s crucial data easy. In the event of a ransomware attack, you’ll have ten days of data backup, enabling your practice to easily find a clean data backup set. This is critically important. If your practice doesn’t have the capability to reinstate your data to multiple restore points in the past, you don’t have a sufficient disaster recovery solution.

OfficeSafe’s centralized management portal is designed for healthcare service providers and goes beyond file-and-folder backups, delivering a secure hybrid local and cloud solution. With our point-to-point encryption, you can use your existing email address to send messages via Gmail and other popular email client services. OfficeSafe also includes an emergency planning tool that helps members of your team expedite their response to unexpected situations.

The HIPAA Security Rule mandates that ransomware on your computer system or on that of a business associate must be reported to the government, as well as to the affected patients. If more than 500 records have been breached, you need to alert the media. The only caveat to this rule is if you can prove there’s a low probability that your protected health information has been compromised. Don’t let an unexpected incident cripple your business and tarnish your practice’s reputation.

Call us today at (800) 588-0254 or find out how we can work alongside your IT team to provide your business with full data protection in the event of a disaster.

Posted in: Technology

Leave a Comment (0) →

Think Your Practice Management Software Makes You HIPAA Compliant?

Think Your Practice Management Software Makes You HIPAA Compliant?

Complying with HIPAA security standards is a complex matter that demands a comprehensive solution. As a busy healthcare provider, it’s easy and convenient to trust that your practice management software satisfies the necessary HIPAA requirements to keep your electronic medical records safe. But the truth is, in most cases, it doesn’t.

A False Sense of Security

It is a common misnomer that electronic health record (EHR) systems make your practice HIPAA compliant. Companies claim they provide tools that support compliance for technical safeguards. A good thing, but technical safeguards are only one component needed to protect electronic public health information. The HIPAA Security Rule requires two other components: administrative safeguards and physical safeguards. Administrative safeguards include policies and procedures that HIPAA requires and critically important business associate agreements. Physical safeguards protect your data from breaches and unauthorized access. The platform you use to manage your practice might tout that their cloud-based system provides encryption and protection from ransomware. Great, but the question is: do they have all of the crucial aspects needed for HIPAA compliance? Read this next sentence twice. Using practice management software that purports to be HIPAA compliant does not make your practice compliant.

Unfortunately, when it comes to HIPAA compliance, a false sense of security can be dangerous. The violation fines for not following the guidelines enforced by the Department of Health and Human Services’ Office for Civil Rights are costly and can irreparably damage your practice’s reputation. In 2018 alone, HIPAA fines topped $28 million. By not properly protecting your electronic health records, you increase the likelihood of a cyberattack. Being hacked might strike you as a random, unlikely occurrence, but statistics tell a different story. According to a 2016 Lloyd’s Report, 92% of businesses experienced a data breach within a five-year period.

A Complete HIPAA Solution

PCIHIPAA is an industry leader in HIPAA compliance and data breach protection. We alleviate the angst and uncertainties associated with HIPAA compliancy with a powerful tool called OfficeSafe. Here’s how our software solution fully protects HIPAA electronic medical records:

  • Comprehensive Risk Assessment – A risk assessment is an annual audit required under the HIPAA Security Rule. Our audit of your practice’s protected health information produces a 22-page report, identifying the potential risks and vulnerabilities to your practice.
  • Easy Creation of Policies and Procedures – HIPAA regulatory standards mandate that covered entities and business associates develop policies and procedures. OfficeSafe makes regularly updating your policies and procedures easy, ensuring that your staff is informed on important issues such as governing access to electronic public health information and identifying malicious software attacks.
  • Online Employee Training – Improperly trained employees can lead to reckless handling of electronic public health information and costly HIPAA fines. We take this time-consuming task off of your plate and ensure that your staff understands exactly what is required by HIPAA law.
  • Crucial Business Associate Agreements – Every vendor and individual you share protected health information with must have a business associate agreement. OfficeSafe makes creating and securely executing these agreements simple and convenient.
  • $500,000 Cyber Insurance Coverage – Our guaranteed expense reimbursement policy for HIPAA violations covers a range of first and third party exposures, including both physical and non-physical risks. In the event of a HIPAA fine, data breach, or cyberattack, we’ll protect your practice from lost revenue and prevent an interruption to your business.
  • Email Encryption and Encrypted Cloud-Based Data Backup – At PCIHIPAA, keeping your data secure is our top priority. Our data backup solution is HIPAA compliant with 256-bit encryption and SQL database restoration capabilities. It enables you to distribute confidential protected health information without worry of ransomware or an unexpected incident.
  • Incident Response Management – Do you have a plan in place in the event of a hurricane, fire, or ransomware attack? Proper preparation—including a data backup plan, a data restoration plan, and an emergency mode operations plan—is a necessity. With OfficeSafe, once you report an incident we’ll work with your IT provider to mitigate the damage and get your business back on track.
  • PCI Certification – PCI is part of our company name for a good reason. As part of our compliance program, we help you complete the Payment Card Industry (PCI) requirements. Our PCI Compliance program also includes quarterly scans of your network.

The dark web is getting smarter. The risk of not fully and properly securing and maintain your patient’s medical records is a mistake your business can’t afford to make. The good news is peace of mind for your practice and your patients is a click away. Take a complimentary HIPAA Assessment right now, and be on your way toward total HIPAA compliance.

Posted in: HIPAA

Leave a Comment (0) →

You Lock Your Doors at Night, but Do You Lock Your Internet?

You Lock Your Doors at Night, but Do You Lock Your Internet?

Learn to digitally protect your office with a complimentary Risk Review

*There is no obligation to purchase our services; only an obligation to take the assessment and document your office’s key vulnerabilities.


Health Care Sector Leads in Cost for Data Breaches

  • For the eighth year straight, health care organizations had the highest breach-related costs of any industry at $408 per lost or stolen record — nearly three times the cross-industry average of $148.
  • For organizations trying to contain their losses in the event of a breach, having an incident response team was the number one cost saver — trimming the price tag by a minimum of  $14,000 per breach ($14 per record). Having an AI platform for cybersecurity also cut costs, by $8,000 per breach ($8 per record).
  • U.S. companies had the highest costs associated with breaches, averaging $7.91 million — much of that due to lost business. The report cites a recent IBM/Harris poll showing 75% of U.S. consumers won’t do business with a company they don’t trust to protect their personal data.

Read more>>


DIGITALLY PROTECT YOUR OFFICE

PCIHIPAA assists you a HIPAA Compliance Solution that reduces your risk of a data breach. We focus on:

  • Employee Training
  • Up-To-Date HIPAA Compliant Policies and Procedures
  • Business Associate and Privacy Agreements
  • Email and Data Encryption Services
  • PCI Compliance

In the event of a Data Breach, we continue to protect you with:

  • $250,000 Data Breach and Network Security Insurance
  • We Become Your Incident Response Team
  • Identity Restoration Services

Learn about your vulnerabilities by taking your mandatory Risk Assessment

 

Let PCIHIPAA know you are a member of the Medical Association of the State of Alabama and claim:

Complimentary 2018 HIPAA Risk Assessment Now MandatorySection 164.308(a)(1)(ii)(A)

A 23-Page Risk Analysis Report

A Free 30-Minute HIPAA Risk Consultation

1 Year of Free Identity Restoration Protection

 

PCIHIPAA  |  Products & Services  |  800-588-0254  |  pcihipaa@pcihipaa.com

PCIHIPAA takes the guesswork out of HIPAA Compliance.
We make sure HIPAA and PCI Compliance is simple and easy to manage.
We work with 1,000’s of practices like yours.
A+ rating with the BBB.

Posted in: HIPAA

Leave a Comment (0) →

Do You Know How to Easily Avoid a HIPAA Penalty?

Do You Know How to Easily Avoid a HIPAA Penalty?

DID YOU KNOW…


Individuals cannot file a lawsuit for alleged HIPAA violations
but can file a legal action under many state laws?

In situations, such as data breaches, in which individuals’ personal information is compromised, individuals can pursue lawsuits seeking relief for damages.

 

 

*There is no obligation to purchase our services. Only an obligation to take the assessment and document your office’s key vulnerabilities.

 


 

“OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations.”

Roger Severino
Director, Office for Civil Rights

 

Free HIPAA Compliance Webinar

Protect your patient’s Protected health Information

Avoid HIPAA violations and penalties

Save yourself from the headaches of HIPAA compliance

 


 

Ruling Reaffirms Individuals Cannot File HIPAA Lawsuits

A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield from public view her personal health information displayed on a computer intake station.

The ruling reaffirmed a longstanding precedent that individuals cannot file a lawsuit, known as a “private cause of action,” for alleged HIPAA violations.

Privacy attorney Iliana Peters of the law firm Polsinelli points out, however, that individuals can file legal action under many state laws.

“It’s extremely important to note that although HIPAA does not have a private right of action, many state laws require entities, both healthcare entities and others, to implement HIPAA-like protections for consumer data, and have stiff penalties,” she says.

For alleged HIPAA violation cases, the Department of Health and Human Services Office for Civil Rights and state attorneys general are the only parties that can bring legal action, Golding notes.

Read More


 

Easily Avoid Penalties for HIPAA Violations

Protect your reputation, practice and patient’s information.

Avoid willful neglect and the associated HIPAA penalties by attending your no-obligation, 30-minute Risk Review after you complete your complimentary HIPAA Risk Assessment.

PCIHIPAA will review your HIPAA risk assessment and suggest HIPAA compliant policies and procedures.

 

As a member of the Medical Association of the State of Alabama, you will receive (with no further obligation):

 

  1. Complimentary 2018 HIPAA Risk Assessment
    Now MandatorySection 164.308(a)(1)(ii)(A)
  2. A 23-Page Risk Analysis Report
  3. A Free 30-Minute HIPAA Risk Consultation
  4. 1 Year of Free Identity Restoration Protection

 

 

If you have any questions, call PCIHIPAA at (800) 588-0254. Let them know you are a member of the Medical Association of the State of Alabama.

Posted in: HIPAA

Leave a Comment (0) →

HIPAA Illiteracy Is Considered Willful Neglect

HIPAA Illiteracy Is Considered Willful Neglect

KNOWING YOUR OFFICE’S VULNERABILITIES IS NOT ENOUGH

 

Unsure of your practice’s vulnerabilities?

 

 


 

Judge Rules in Favor of OCR and Requires $4.3 Million in Penalties for HIPAA Violations

OCR’s investigation found that MD Anderson had written encryption policies and risk analyses had found that the lack of device-level encryption posed a high risk to the security of ePHI. Despite the encryption policies and high-risk findings, MD Anderson failed to encrypt its inventory of electronic devices containing ePHI.


 

Easily Avoid Penalties for HIPAA Violations

Protect your reputation, practice and patient’s information. MD Anderson knew of their vulnerabilties and high risk findings, but failed to act.

Avoid Willful Neglect and the associated HIPAA penalties starting with a Confidential Risk Assessment.

Attend your no-obligation risk analysis review and have a PCIHIPAA Senior Compliance Officer review your HIPAA risk assessment and suggest HIPAA compliant solutions to your vulnerabilities.

 

 

Not protecting the privacy and security of your patient information leads to non-compliance fines, data breaches and reputational risk.

Practices are responsible for patient’s protected health information no matter the consequences.

 

Let PCIHIPAA know you are a member of the Medical Association of the State of Alabama and claim:

  1. Complimentary 2018 HIPAA Risk Assessment Now MandatorySection 164.308(a)(1)(ii)(A)
  2. A 23-Page Risk Analysis Report
  3. A Free 30-Minute HIPAA Risk Consultation
  4. 1 Year of Free Identity Restoration Protection

 

PROTECT YOUR PRACTICE FROM PENALTIES AND FINES

Get on the path to compliance in less than 60 days

 

PCIHIPAA  |  Products & Services  |  800-588-0254  |  pcihipaa@pcihipaa.com

PCIHIPAA takes the guesswork out of HIPAA Compliance.
We make sure HIPAA and PCI Compliance is simple and easy to manage.
We work with 1,000’s of practices like yours.
A+ rating with the BBB.

Posted in: HIPAA

Leave a Comment (0) →

This is How HIPAA Compliance Can Save Your Practice in 30 Minutes…

This is How HIPAA Compliance Can Save Your Practice in 30 Minutes…

How You Can Save Your Practice in 30 Minutes

Avoid headaches and penalties from a U.S. Department of Health and Human Services investigation. Most HIPAA fines are neutralized by having a risk assessment and corrective action plan on file.

ASSESS YOUR VULNERABILITIES

 

Overlooking Risk Leads to Breach and $400,000 Settlement

OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident; however, the investigation also revealed that MCPN failed to conduct a risk analysis.


 

Five Breaches Add Up to $3.5 Million in Settlement Costs for Entity that Failed to Heed HIPAA’s Risk Analysis and Risk Management Rules

OCR’s investigation revealed a failure to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all its ePHI.


 

Abandon or Disposal of Protected Health Information Leads to $125,000 Settlement

Evidence obtained by OCR during its investigation revealed Cornell’s failure to implement any written policies and procedures as required by the HIPAA Privacy Rule. Cornell also failed to provide training on policies and procedures to its workforce as required by the Privacy Rule.

Not protecting the privacy and security of your patient information leads to non-compliance fines, data breaches and reputational risk.

Practices are responsible for patient’s protected health information no matter the consequences.

 

OfficeSafe offers a complete HIPAA Compliance Solution keeping your office up-to-date on HIPAA Compliance regulations:

  • Online Employee Training and Webinars
  • Encrypted Data Storage
  • Business Associate Agreements
  • HIPAA Policies and procedures
  • Identity Theft Protection
  • $250,000 Data Insurance Coverage
  • And more…

 

PROTECT YOUR PRACTICE FROM PENALTIES AND FINES

Get on the path to compliance in less than 60 days

 

Let PCIHIPAA know you are a member of the Medical Association of the State of Alabama and claim:

  1. Complimentary 2018 HIPAA Risk Assessment Now MandatorySection 164.308(a)(1)(ii)(A)
  2. A 23-Page Risk Analysis Report
  3. A Free 30-Minute HIPAA Risk Consultation
  4. 1 Year of Free Identity Restoration Protection

PCIHIPAA  |  Products & Services  |  800-588-0254  |  pcihipaa@pcihipaa.com

PCIHIPAA takes the guesswork out of HIPAA Compliance.
We make sure HIPAA and PCI Compliance is simple and easy to manage.
We work with 1,000’s of practices like yours.
A+ rating with the BBB.

Posted in: HIPAA

Leave a Comment (0) →

You Can Avoid a HIPAA Fine. Here’s What You Need to Know.

You Can Avoid a HIPAA Fine. Here’s What You Need to Know.

Did you know the government has strengthened its ability to enforce HIPAA law, which now includes fines reaching up to $50,000 per violation with a maximum of $1.5 million in annual penalties? With the increasing rates of cyberattacks and patient data breaches specifically targeting the health care industry, could you afford to pay a penalty if your practice was hit with one or more of these penalties? What about your patients’ records? If your practice incurred a breach, could you guarantee the safety of those medical records?

Without the proper safeguards in place, your patient information can easily fall into the wrong hands, exposing your practice to large governmental fines and risk to your reputation. The Medical Association recently partnered with PCIHIPAA to help our member physician practices take the precautions necessary to ensure their HIPAA compliance.

As a member of the Medical Association, you will receive from PCIHIPAA:

  • A complimentary 2018 HIPAA Risk Assessment, which is now mandatory under federal law. Take the assessment online at pcihipaa.com/Alabama
  • A 23-page Risk Analysis Report
  • A free 30-minute HIPAA Risk Consultation
  • One year of free Identity Restoration Protection through PCIHIPAA’s OfficeSafe program
  • A free HIPAA Checklist at http://pcihipaa.com/checklist/alabama

Following the review of your Risk Assessment, PCIHIPAA will demonstrate its comprehensive HIPAA compliance program, which includes a $250,000 data breach and network security policy.

There is no obligation to take the Risk Assessment, online review or to receive the free year of identity restoration protection. However, the Risk Assessment is mandatory by federal law, and not having one on file is a violation of HIPAA. Take the 2018 HIPAA Risk Assessment.

Want to know more about PCIHIPAA? Call (800) 588-0254 and mention you are a member of the Medical Association of the State of Alabama to receive a discounted rate.

PCIHIPAA is a preferred partner of the Medical Association. Learn more about PCIHIPAA.

Posted in: HIPAA

Leave a Comment (0) →