The HIPAA workforce definition is critical to understanding which entities a covered entity must enter into business associate agreements with. The HIPAA workforce definition is discussed below. The HIPAA Workforce Definition: What is it? The HIPAA workforce definition, if properly understood, will make it easier for covered entities to determine whom they need to enter into business associate agreements with. The “workforce” [...]
A managed service provider (MSP) is an entity that remotely manages a covered entity’s IT infrastructure and/or end-user systems. IT Infrastructure is defined by ITIL (formerly known as the Information Technology Infrastructure Library) as “the sum of an organization’s IT related hardware, software, data telecommunication facilities, procedures, and documentation.” End-users are the people that a software program or hardware device are designed for - the [...]
HIPAA compliant cloud storage is contingent on several aspects. To use a cloud storage and be HIPAA compliant, it is important to ensure that the cloud service provider (CSP) has sufficient safeguards to secure the protected health information (PHI) that is transmitted, stored, or maintained on behalf of their covered entity (CE) client. Additionally, they must be willing to sign a HIPAA business associate agreement (BAA). Security Measures [...]
There is a lot of opportunity for MSPs looking to enter the healthcare vertical. More organizations are relying on MSP compliance solutions, as they do not have the budget to hire a full-time healthcare IT staff; a recent study, by Black Book Market Research, surveyed 2,876 security professionals across 733 provider organizations, finding that 84% of hospitals don’t have full-time cybersecurity employees. As staffing shortages have increased by [...]
Under HIPAA, covered entities are defined as individuals or entities that transmit protected health information for certain transactions. These transactions generally include include transmission of healthcare claims, payment and remittance advice, healthcare status, coordination of benefits, enrollment and disenrollment, eligibility checks, healthcare electronic fund transfers, and referral certification and authorization. Covered entities are defined in the HIPAA rules as (1) health plans, (2) healthcare clearinghouses, [...]
Under the HIPAA Security Rule, covered entities must implement safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. To this end, the HIPAA Security Rule requires covered entities to perform a security risk analysis (also known as security risk assessment), which the Security [...]
Complete Technology Solutions (CTS) is a managed service provider located in Colorado. It provides services to over 100 dental practices. On November 25, 2019, CTW suffered a MSP ransomware attack. The cyberattackers issued a ransomware demand of $700,000 to provide decryption keys. CTS decided not to pay the ransom. The details of this latest MSP ransomware attack are discussed below. How did this MSP Ransomware [...]
Salesforce.com is a cloud-based software company. Most of its revenue comes from its customer relationship management (CRM) service. Salesforce also sells enterprise-wide applications for customer service, analytics, app development, and marketing automation (through the Salesforce “marketing cloud”). Salesforce offers companies an interface for case and task management. Using salesforce, users can also route and escalate events (i.e., control workflow). Other features of salesforce include analytical tools, email alerts, [...]
HIPAA Role-Based Access is a key concept of the HIPAA Security Rule. Under the Security Rule, healthcare organizations are required to implement access controls. Role-based access controls are a security technique that restrict access to an organization’s network to those individuals for whom access is required. What is HIPAA Role-Based Access? Under the technical safeguards provision of the HIPAA Security Rule, covered [...]
Cloud service providers (CSP) are businesses that provide network services, business applications, or infrastructure, in the cloud. The services are hosted in a remote data center that can be accessed through a company network connection. Cloud service providers that create, receive, maintain, or transmit electronic protected health information (ePHI) on behalf of a covered entity or business associate, are considered HIPAA business associates. HIPAA cloud service providers must [...]
