Login 

Call Us Now:

Weston Technology Solutions Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Archives
    Archives Contains a list of blog posts that were created previously.
Subscribe to this list via RSS Blog posts tagged in HIPAA

New Breach Notification Laws May Affect You

Posted by on in Security

hipaaThe State of Oregon (where our main office is based, though we do serve Anchorage and Spokane, as well) has updated its data breach notification laws. If you live in Oregon and your personal information is exposed in a data breach (defined as “an unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal information that a person maintains”), notifications now have to be done with 45 days instead of the 60-days required by the federal government in the HIPAA Breach Notification Rules.

Tagged in: Compliance HIPAA

Get a HIPAA BAA from Microsoft for Office 365

Posted by on in How To

Years ago we posted a tip on how to get your business associate agreement (BAA) from Microsoft if you used their Office 365 services. The process has changed a bit now, so we decide to revisit that topic in a new article: Here’s how you get your BAA for Microsoft’s online services.

New Malware Detection At Record High

Posted by on in Security

hipaaIn headlines that shouldn’t surprise anybody, HIPAA Journal reports that malware detections in 2017 were at a record high, but healthcare is the most target industry:

Throughout 2017, the volume of new malware samples detected by McAfee Labs has been steadily rising each quarter, reaching a record high in Q3 when 57.6 million new malware samples were detected. On average, in Q3 a new malware sample was detected every quarter of a second.

In the United States, the healthcare industry continues to be the most targeted vertical, which along with the public sector accounted for more than 40% of total security incidents in Q3. In Q3, account hijacking was the main attack vector, followed by leaks, malware, DDoS, and other targeted attacks.

There were similar findings from the recent HIMSS Analytics/Mimecast survey which showed email related phishing attacks were the greatest cause of concern among healthcare IT professionals, with email the leading attack vector.

If you’re a CompleteCare client, you are about as well-protected as you can get from Malware and other security threats. Contact us today to learn more about our CompleteCare program and how it can protect your company from the latest threats to your business and your bottom line. 

hipaaAnother story that is becoming all-too-common. From HIPAA Journal: “Lost Laptop Sees PHI of 3,725 Veterans Exposed.”

What is the moral of this story for your health clinic?

  1. Properly Decommission Computers: Any device, when it’s taken out of production and had any sort of access to PHI needs to be completely wiped and properly decommissioned. That means doing a thorough scrubbing or destruction of the data on the hard drive of the computer. Refer to 45 CFR 164.310(d)(2)(i) and 45 CFR 164.310(d)(2)(ii) for more information.
  2. Encrypt All laptops: The data on all laptops should be encrypted at all times as it’s your Get Out Of Jail Free card. If a laptop is lost with properly documented fully encrypted data, there is no way for it to be recovered and it does not have to be reported as a breach.

Need help with your technology and HIPAA? Call us today to learn about our HIPAA services including disk encryption and annual risk assessments

Remember the Basics to Prevent Data Breaches

Posted by on in Security

seccompModern technologies are certainly making it easier for an organization to minimize risk and detect and prevent security breaches when they occur. Between intrusion detection systems, next generation firewall systems, threat management solutions, data encryption solutions, there are a lot of ways to help your organization. However, the basics of security are just as important. If you look at the HIPAA data breach portal, you’ll find a pile of examples of breaches caused by simple errors and security mistakes.

While the FTC doesn’t cover enforcement of HIPAA-covered entities, their latest blog post for business is a must read for your business, no matter if you’re HIPAA-regulated or not. Start with Security: A Guide for Business covers the following aspects of data security in an easy-to-follow format:

  1. Start with security.
  2. Control access to data sensibly.
  3. Require secure passwords and authentication.
  4. Store sensitive personal information securely and protect it during transmission.
  5. Segment your network and monitor who’s trying to get in and out.
  6. Secure remote access to your network.
  7. Apply sound security practices when developing new products.
  8. Make sure your service providers implement reasonable security measures.
  9. Put procedures in place to keep your security current and address vulnerabilities that may arise.
  10. Secure paper, physical media, and devices.

While this is an especially important issue to regulated industries, the advice is good for any business to follow.

Mobile? Grab this Article!

QR-Code