Weston Technology Solutions Blog
Blog posts tagged in Encryption
Another story that is becoming all-too-common. From HIPAA Journal: “Lost Laptop Sees PHI of 3,725 Veterans Exposed.”
What is the moral of this story for your health clinic?
- Properly Decommission Computers: Any device, when it’s taken out of production and had any sort of access to PHI needs to be completely wiped and properly decommissioned. That means doing a thorough scrubbing or destruction of the data on the hard drive of the computer. Refer to 45 CFR 164.310(d)(2)(i) and 45 CFR 164.310(d)(2)(ii) for more information.
- Encrypt All laptops: The data on all laptops should be encrypted at all times as it’s your Get Out Of Jail Free card. If a laptop is lost with properly documented fully encrypted data, there is no way for it to be recovered and it does not have to be reported as a breach.
Need help with your technology and HIPAA? Call us today to learn about our HIPAA services including disk encryption and annual risk assessments.
Oregon Health & Science University (OHSU) had a data breach in 2013 that resulted in a recently-assessed $2.7 million HIPAA violation settlement. The sad thing was, they knew they had these problem (as they had run several risk analyses that showed issues), but didn’t take measures to fix them. While OHSU is a large teaching hospital, the lessons learned here are lessons that apply to any business of any size – medical or otherwise -- that has access to electronic protected health information (ePHI). Read on for a few things that OHSU could have done to help prevent this from happening.
The system that powers our popular spam-blocking and email continuity service WestonBlock is going to be changing. WestonBlock is powered by software called MX Logic from McAfee. McAfee was recently purchased by Intel. Intel decided to close their support for MX Logic and similar cloud-based services.
What does that mean for you, if you use WestonBlock? Nothing, at the moment. They’ve agreed to leave everything alone for the rest of the year for existing accounts. However, we are being proactive about it and making sure our clients are aware there is a change coming.
We’ve mentioned before, but we know a thing or two about HIPAA and provide many HIPAA-friendly services. We have been asked why we insist on doing things a certain way, and we generally will refer back to HIPAA guidelines. Specifically, here are some of the laws and HIPAA security-rule guidelines that we refer to in the way we recommend your business does things.
We’ve been an increasing number of attacks on PPTP VPN connections. PPTP VPN connections are the most common method for users to use a VPN connection to connect to their server back at the office. Recent attacks on a few of our clients have made us recommend (in some cases) an alternative VPN option to protect your server from these types of attacks. Read on for how you can help protect your server with a Sonicwall VPN connection and Intrusion protection.