A HIPAA compliant client portal must secure patient information – which is why a custom HIPAA compliant portal can be an especially delicate prospect. Below, we explore a recent request our sales team received for such a portal, and how to go about meeting the requirements for a HIPAA compliant client portal.
Can Drupal Websites Be HIPAA-Compliant?
Any companies using Drupal, especially those that are within regulated industries such as healthcare, have to be diligent and proactive about installing any patches in order to maintain security. By using HIPAA-compliant managed services through a host with a strong healthcare background, you will be able to benefit from infrastructure that is engineered to guard against any security incidents and HIPAA violations; you will also be able to have someone pay attention to security updates when they are released so that your site is patched right away. Improving the password needs of the system and encrypting the web forms that are submitted by users are steps you can take yourself to ensure there is full HIPAA compliance within the software layer.
Do Healthcare Surveys Need to Be HIPAA Compliant Too?
One of the biggest challenges for doctors, hospitals, insurance carriers, and any other organizations handling patient data is HIPAA compliance. Compliance with HIPAA, short for the Health Insurance Portability and Accountability Act, can get particularly tricky for these organizations when it comes to communicating with patients and gathering feedback. For instance, these organizations must use HIPAA-compliant email, messaging, and patient reviews, which must be compliant but are often a source of violations.
HIPAA Compliant Hosting for a Web Application: 8 Questions to Ask
The Health Insurance Portability & Accountability Act is the first consideration for any conscientious healthcare organization when considering infrastructure for a web application. After all, they need to know that any protected health information (PHI) – that is, health information of individuals that is protected by the US government through the Department of Health and Human Services (HHS) – is secured when it is stored, processed, or transmitted through the hosting service. HIPAA rules relate to data handling regardless of the party performing the handling; nonetheless, there are questions that you will specifically want to ask when you set up hosting for a web app, or for anything else.
Can MongoDB Be HIPAA-Compliant?
When you consider a HIPAA compliant database for storing protected health information (PHI), you may wonder if a NoSQL solution such as MongoDB is a strong choice. If using MongoDB, you can take steps to make sure your database stays compliant with the Health Insurance Portability and Accountability Act (HIPAA) – both in choosing the right flavor of MongoDB and understanding its security features.
Seismic-Compliant Data Center Requirements
A Long Beach hospital that nearly reached 100 years in operation had to shut its doors because it was built on an active earthquake fault and is incapable of meeting state-mandatory seismic safety law. The hospital, Community Medical Center Long Beach, sent the city notice to end the lease in four months at the beginning of March, taking effect on July 1st. Earthquake research performed in November discovered an active fault beneath the 200-bed hospital.
Hospital Recycling Audit Reveals PHI Disposal Often Incorrect (Study)
A recent study demonstrated how problematic health record disposal is. The Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA) make it clear how to properly get rid of health records while maintaining the confidentiality of patients and protecting their rights. The study indicates that poor disposal of records occurs frequently and is a strong area to target if you want to bolster your defenses against HIPAA violations. Along with a concern with paper PHI in an era when it can get overlooked, it is crucial to have strong protections for the increasing volume of electronic records as well.
Office 365 or Google Docs for HIPAA Compliance
Organizations that handle healthcare data, whether they are covered entities (healthcare providers, plans, or data clearinghouses) or their business associates, must meet the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA and HITECH (the Health Information for Economic and Clinical Health Act of 2009) are US federal laws that created regulations related to how sensitive personal health data is used and disclosed (essentially in an effort to protect it and make it accessible to patients). It is necessary for doctors, hospitals, health insurers, and other healthcare organizations to meet the stipulations within these laws and to have the responsibilities within the relationship defined by a business associate agreement (BAA). The BAA contract is important because it clarifies all aspects of data creation, storage, receipt, and transmission so that accountability is possible for all privacy and security concerns.
Multi-Cloud Strategy is Great, But Who Will Manage It?
Multi-cloud server infrastructure arises almost inevitably in enterprises, as indicated by David Gewirtz. Since that is the case, enterprises should consider their management strategy for the multi-cloud environment.
This article looks at what multi-cloud is, why it is adopted, its distinction from hybrid cloud, and ways to properly manage it. Finally, it addresses the issue of responsibility for management – whether you should take the DIY route or use an expert third party.
Orangeworm: Need-to-Know Information for Healthcare IT
A security report released on April 23, 2018 found that there was a growing threat presented by Orangeworm, a cybercrime alliance that was going after organizations within healthcare and similar fields using a backdoor known as Kwampirs.
Kwampirs is a Trojan horse, as indicated by the NJ Cybersecurity & Communications Integration Cell. When attackers deploy this malware, they are able to remotely access the devices that are infected with it. Once the attackers access the machines and execute the Trojan, it begins to decrypt and extract a copy of its primary dynamic link library (DLL) payload. (What is DLL injection? DLL injection is a technique that is often used for Trojans. The pen-testing industry blog Penetration Testing Lab noted that DLL injection enables an intruder to run whatever script they want within another process’s address space. In the event that the process involved has heightened privileges, the nefarious party might be able to run sinister code within a DLL file that would further increase their privileges and, in turn, allow them to inflict widespread damage.)
