Dedicated to providing the latest
HIPAA compliance news

What Covered Entities Should Know About Cloud Computing and HIPAA Compliance
Feb19

What Covered Entities Should Know About Cloud Computing and HIPAA Compliance

Healthcare organizations can benefit greatly from transitioning to the cloud, but it is essential to understand the requirements for cloud computing to ensure HIPAA compliance. In this post we explain some important considerations for healthcare organizations looking to take advantage of the cloud, HIPAA compliance considerations when using cloud services for storing, processing, and sharing ePHI, and we will dispel some of the myths about cloud computing and HIPAA compliance. Myths About Cloud Computing and HIPAA Compliance There are many common misconceptions about the cloud and HIPAA compliance, which in some cases prevent healthcare organizations from taking full advantage of the cloud, and in others could result in violations of HIPAA Rules. Some of the common myths about cloud computing and HIPAA compliance are detailed below: Use of a ‘HIPAA compliant’ cloud service provider will ensure HIPAA Rules are not violated False: A cloud service provider can incorporate all the necessary safeguards to ensure the service or platform can be used in a HIPAA compliant manner, but it is...

Read More
Is Zoom a HIPAA Compliant Video and Web Conferencing Platform?
Feb19

Is Zoom a HIPAA Compliant Video and Web Conferencing Platform?

Zoom is a popular video and web conferencing platform that has been adopted by more than 750,000 businesses, but is the service suitable for use by healthcare organizations for sharing PHI. Is Zoom HIPAA compliant?   What is Zoom? Zoom is a cloud-based video and web conferencing platform that allows workers across multiple locations to take part in meetings, share files, and collaborate. The platform supports webinars and includes a business IM service. Zoom has already been adopted by many healthcare organizations around the globe who use the platform to consult with other providers and communicate with patients. However, in the United States, healthcare providers must comply with HIPAA Rules. Any software solution must incorporate a host of security protections to ensure protected health information (PHI) is safeguarded. Further, cloud-based platform providers are classed as a business associates and are also required to comply with HIPAA Rules if their platforms are to be used in conjunction with PHI. Zoom and HIPAA Compliance As a business associate, Zoom would be required to...

Read More
Is WebEx HIPAA Compliant?
Feb18

Is WebEx HIPAA Compliant?

Is WebEx HIPAA compliant? Is the online meeting and web conferencing platform suitable for use by healthcare organizations or should the service be avoided? In this post we assess the security controls and features of the platform and determine whether use of WebEx could be considered a HIPAA violation. What is WebEx? WebEx is a web and video conferencing and collaboration platform that helps businesses connect with remote workers and partners as if they are in the same room. With tools such as WebEx, healthcare organizations can communicate quickly and easily with the workforce, no matter where employees are located. Regional operational meetings can be conducted, medical education can take place online, and healthcare employees can be trained on new processes and procedures. These platforms can also potentially be used for communicating with patients. However, before any collaboration tools can be used in connection with protected health information (PHI), healthcare organizations must be certain that the tools support HIPAA compliance. So how does WebEx fare in this regard? Is...

Read More
Is Amazon CloudFront HIPAA Compliant?
Feb16

Is Amazon CloudFront HIPAA Compliant?

Is Amazon CloudFront HIPAA compliant and can the web service be used by HIPAA covered entities without violating HIPAA Rules? In this post we determine whether Amazon CloudFront supports HIPAA compliance or if it should be avoided by HIPAA-covered entities. What is Amazon CloudFront? Amazon CloudFront is a web service that allows users to speed up web content delivery over the Internet. Typically, when a website is accessed, the visitor experiences some latency accessing static and dynamic content. The reason for this is visitors will not make a direct connection to the content, instead they will be routed through a path to reach the server where the content can be accessed. The path can involve many routing points, will inevitably have an impact on the speed at which content can be accessed. By using a content delivery network such as Amazon CloudFront, it is possible to reduce latency and improve reliability and availability of web content. By delivering content via a network of data centers (edge locations), users are routed to the nearest location with the least latency, thus...

Read More
Another Major Triple-S Advantage Data Breach Has Occurred: 36,000 Affected
Feb15

Another Major Triple-S Advantage Data Breach Has Occurred: 36,000 Affected

The Puerto Rico Health Plan Triple-S Advantage has experienced a privacy breach that has impacted 36,000 plan members. The breach was the result of a mailing error which saw sensitive information of plan members disclosed to incorrect individuals. The protected health information exposed as a result of the mailing was limited and did not include Social Security numbers or financial information; however, plan members’ ID numbers were impermissibly disclosed along with names, dates of service, and treatment codes. The mailing error occurred in November but was not discovered by Triple-S until December 5, 2017. An extensive investigation was launched to determine how the error occurred and action has now been taken to ensure that similar errors do not occur in future mailings to plan members and healthcare providers. Triple-S said in its substitute breach notice that its mailing processes have been changed and that those processes have now been tested. Another mailing run has been conducted and copies of the original letters have now been sent to the correct addresses. Affected plan...

Read More