Is Zoom HIPAA Compliant?

Zoom provides remote video and web conferencing services for businesses and individuals. Zoom allows employees from different locations to participate in online meetings, in which employees can communicate and share information. Many healthcare providers use Zoom. Providers use Zoom to perform telehealth services, including communicating with other providers, and communicating with patients. Providers using Zoom must make Zoom HIPAA compliant. This means that providers must take a series of [...]

2020-03-23T16:49:04-04:00March 17th, 2020|

MSP Security Incident Response Procedures

A managed service provider (MSP) is an entity that remotely manages a covered entity’s IT infrastructure and/or end-user systems. IT Infrastructure is defined by ITIL (formerly known as the Information Technology Infrastructure Library) as “the sum of an organization’s IT related hardware, software, data telecommunication facilities, procedures, and documentation.” End-users are the people that a software program or hardware device are designed for - the “people sitting at the [...]

2020-03-12T13:36:49-04:00March 17th, 2020|

HIPAA Data Backup Plan and Disaster Recovery Plan

The requirements of a HIPAA data backup plan and disaster recovery plans are discussed below. What are the Requirements of a HIPAA Data Backup Plan? A HIPAA data backup plan is a component of the administrative safeguards that must be implemented under the HIPAA Security Rule. The data backup plan, which is part of the administrative safeguard requirement to have a contingency plan, consists of establishing and implementing procedures [...]

2020-03-12T13:15:26-04:00March 16th, 2020|

HIPAA and Surprise Medical Bills

Surprise medical bills can take a variety of forms. Roger Severino, Director of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) recently experienced, first-hand, a case of medical sticker shock. The experience has prompted him to contemplate whether the Office for Civil Rights can “leverage” HIPAA to enable patients to receive information they can use to protect themselves from surprise medical bills.  Does HIPAA [...]

2020-03-10T14:53:14-04:00March 13th, 2020|

Vendor Vetting Can Save You Millions

In a recent study conducted by the Ponemon Institute, it was determined that 54% of healthcare vendors had experienced at least one data breach affecting protected health information (PHI). However, healthcare providers are continually neglecting their obligation to adequately vet vendors they are working with. It was found that although many healthcare providers somewhat address their vendor vetting obligation by sending risk assessment questionnaires, 41% continue to work with [...]

2020-03-12T12:48:43-04:00March 12th, 2020|

HIPAA Compliant Cloud Storage

HIPAA compliant cloud storage is contingent on several aspects. To use a cloud storage and be HIPAA compliant, it is important to ensure that the cloud service provider (CSP) has sufficient safeguards to secure the protected health information (PHI) that is transmitted, stored, or maintained on behalf of their covered entity (CE) client. Additionally, they must be willing to sign a HIPAA business associate agreement (BAA). Security Measures for [...]

2020-03-07T13:27:53-05:00March 11th, 2020|

MSP Compliance Solutions

There is a lot of opportunity for MSPs looking to enter the healthcare vertical. More organizations are relying on MSP compliance solutions, as they do not have the budget to hire a full-time healthcare IT staff; a recent study, by Black Book Market Research, surveyed 2,876 security professionals across 733 provider organizations, finding that 84% of hospitals don’t have full-time cybersecurity employees.  As staffing shortages have increased by 40% [...]

2020-03-19T18:21:42-04:00March 10th, 2020|

What is a Designated Record Set Under HIPAA?

The HIPAA Privacy Rule generally requires HIPAA covered entities (health plans and most healthcare providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in a designated record set (or sets) maintained by or for the covered entity.  What is PHI? PHI is defined as individually identifiable information relating to the past, present, or future health status of an individual that is created, [...]

2020-03-06T15:26:38-05:00March 9th, 2020|

What is a Compliance Manager?

A compliance manager doesn’t necessarily need to have a background in HIPAA compliance. However, the compliance manager is responsible for managing their organization’s compliance program. Generally, this role is filled by an employee with other job responsibilities such as an office or practice manager. What are the Responsibilities of a Compliance Manager? A compliance manager must ensure that their organization has an effective HIPAA compliance program. This includes: Self-audits: [...]

2020-03-23T16:48:29-04:00March 6th, 2020|

Compliancy Group HIPAA Quiz

Compliancy Group created a HIPAA quiz, available for free, for covered entities (CEs) and business associates (BAs) to assess their HIPAA compliance. We have analyzed the results from 352 respondents to determine trends in HIPAA compliance. The findings from the HIPAA quiz are discussed below.  Take our HIPAA quiz to see where your organization stands!  HIPAA Quiz: Scores The HIPAA quiz scores organization’s overall HIPAA compliance. We found that [...]

2020-03-05T09:46:06-05:00March 4th, 2020|