[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Share tech news, updates, or what's on your mind.

Sign up to Post

We like to delegate the HIPAA (or similar mandates) Security Officer role of monitoring logs, current authorized users, analyze traffic, etc to the HR, Nurse, IT point person, etc in an under 20 maybe even an 100 employee environment .   They will review logs to identify users that may still have access to ePHI but are either no longer with the organization or have a business relationship requiring access. Determine if generic accounts are used which do not support logging individual’s access to ePHI.  The reality after reading the "Information System Activity Review" policy and procedure listed below is this task is incredibly arduous task for an individual to take on even for a small network.  I researched Netwrix Auditor, Managed Engine, NetCrunch a few but need feedback on the best system for delegating the task and hand off to a small business.  I'm considering going away from Sonicwalls because Watchguard's log interface apppears to be better.   Alternatively, is there any specific RMM agent that incorporates what we are looking in this policy/procedure featured below.   Regardless, we need easy deployment, elegant interface, and it just works.  It's easy to work with whether or not we hand this off to the client or we decide to incorporate in our …
Cloud as a Security Delivery Platform for MSSPs
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

Due to the fires in CA we are in smoke and keep our windows/doors closed.  Air quality is terrible.
 Wonder if anyone suggest a good air purifier for home/office with approx 1000sq ft space.

Thanks in advance!!
NIST, HIPAA and CFR Title 21 standards.

We are a MSP, we recently picked up a few clients that need to become compliant in the near future.
We have become fairly educated in NIST, for the most part all standards look verify similar.
My question is “What did or do you do to be NIST, HIPAA or CRF Title 21” compliant?
All sites are Windows 2012R2 Domains, GPOs, AD user accounts and Data security is in place.
We are using existing documentation as Templates.  

If you can give us a few ideas, thoughts or resources to look at that would be very helpful.  The standards are rather ambiguous.  We understand there is no certain way to do most of it.  Do you use any software packages? Certain GPOs, is there Templates you know about?  We would like to become more verse in these standards.
Please only positive replies, I think we can all live without negative remarks.

Thanks for your help
In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'.  This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem.  We have a few mobile apps that use AD authentication.  When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card...  What is the work around?  The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO?  Even then I don't think it will work for AD is looking for a Smart Card.
HI , i am new to Blockchain technology,
and rightnow i need to start it as soon as possible,
am Stuck at problem Which Platform environment to chose for creating Healthcare Level
Ethereum Blockchian
I want to say is Which one is batter,?
Or i can choose multiple also as per my Need
I am seeking a script that will do the following:

Take a file folder and rename it to a common standard across the entire organization.
Take each file within a folder and rename it to a common standard using the existing file name.

I actually have the file folder portion completed, as the powershell

Get-ChildItem -Filter "*current*" -Recurse | Rename-Item -NewName {$_.name -replace 'current','old' }

However, the issue is that the file names used are all over the board.  Examples, amongst a horde of others:

Christopher, Jack 4.2014
Christopher, Jack 042014
Christopher Jack 04-02-2014
Jack Christopher April 2014

What I would like to do is implement a standard of:

JChristopher 042014

So the script should look at the entire file name and then rename it accordingly.

Yes.  There are subfolders sometimes 4 layers deep in some instances, and I can address that separately.

However, there are literally 8K files (not file size), but files that need to meet this new standard.

It's a non-profit who were erroneously informed that they did NOT have to meet HIPPA requirements even though they work with PHI of SP adults.

I know this should be simple, with everything else that is going on, I figured it wouldn't hurt to just ask.  Perhaps someone has already encountered something similar?

Server 2012R2, workstations all running W10Pro.


I am looking for recommendations: the goal is to select a service provider to provide HIPAA compliant access to internal files from outside my network.  The files are on a Windows file server, but I am wiling to move them elsewhere if needed.  They are MS office files (mainly Excel).

Thank you for any help you can provide!
I am working in a new HIPPA compliant network. I have noticed that we are blocking attempted spammers on our outbound mail filter, in some cases, on a bad day, as many as 50 different IP addresses. While the email filter will bock any sender that is not authenticated I am under the impression that if your Exchange (2016) environment is properly configured we should see zero attempted relays. Am I incorrect in this assumption?
Aesthetic software and EMR system.   Need advice on the best system if you can combine both aesthetic (plastic surgery, botox, spa, etc)  retail industry with a HIPAA compliance EMR system.  So far Booker we see that Booker is really good for retail side and Kereo is good for the EMR side but we like to combine the two.  We were told Aesthetic Pro is pretty good.  Patient Now sounds better but it is remote desktop based.  The practice just defected from Centricity  RDP system.  It's way too convoluted for their setup and not the least bit user friendly.

Key retail aspects:
  • Spa and aesthetic
  • Merchant account
  • Scheduling
  • Inventory management

Key EMR aspect
  • Document Management
  • Patient Notes
  • HIPAA compliant (obviously)
  • Fax prescriptions
  • Scanning - Easily upload documents w  $1500 Fujisut network scanner
  • Bonus Labs integration

I'm not sure if you can sync the two systems like contacts and document management.... primarily consent forms.  Even better is a one size fits all solution that is not clunky like Centricity.
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Specific to healthcare and the privacy issues associated with it, I am looking for an app that can notify a therapist that a patient has arrived for an appointment, has canceled or will be delayed.  Ideally, there would be a smartphone app for therapists and a web front end for the receptionist to use to send out pre-set messages like "Patient has arrived."  No protected health information will be transmitted, just generic notifications for "patient."  I want to avoid using SMS if I can.  Does anyone have experience with any notification systems like this?  I am just dealing with a single receptionist and a group of 6 therapists.  Any inexpensive and proven solution is welcome.
My company is looking into adopting 'OneDrive for Business' and 'Sharepoint online' as cloud storage solutions and while I can find info on other standards like HIPAA on Microsoft's website, information on PCI is conflicting.

My question to you: can documents that fall under the PCI compliance umbrella be stored in ODfB and Sharepoint?

Thank you for your help!
HIPAA matter to mhealth apps more than ever, why?

mHealth apps have come to service doctors and patients. The matter is now of life and death. +
Without HIPAA compliance acting as a safeguard, neither the patients nor the doctors will trust mHealth apps.

Hello, I am trying to find a software or vendor that can assist me. I need to be able to have a audit summery of harddrive folder and files with drive serial numbers, ect and certified that i was destroyed for record keeping. I have tried WinDirStat , Book Nuke, no luck. Does anyone have any experience working in IT of lawyer offices, government, fiance, ect that know a way to produce this type of custom report ?
our company is required to have HIPAA hosting and network. I understood we can consult with HIPAA consultant but we first want to learn what a company should do if the company wants to be HIPAA.

Our company has small office with just 10 employees. Only PC. no server. Physically, it is very simple.
We have only one website as well. and of  course hope to get HIPAA protected as well.

If you have been in this situation, share with me what/how should get start will definitely help.
1. Customer: Health Care Industry (Hospice) - so we need HIPPA Compliance
2. 7 Locations throughout 2 States.
3. About 70 email users.

1. Customer wants secure end-to-end email encryption
2. All email stored and accessible from central control panel -- even if the USER decides to delete their "copy."

1. A single account for each of the seven locations that would be their end-to-end encrypted email
       -- I thought of www.ProtonMail.com   - any comments on this?

2. All other accounts are with GoDaddy Email Hosting -- maybe just make sure they are sending / receiving through SSL / TLS, and that they understand NOT TO SEND patient data using that email address?
       -- Was going to ask GoDaddy about a central "copy" service.
       -- ...or do I need to just configure a machine here at the central office to download everything each day or so?

- Dasher
I am looking for a Sample Internet Usage Policy for a Dentist Office so it needs Hippa Verbiage

any Samples would be great.

Hello - we need to send some encrypted emails for only a few users for HIPAA requirements. What do you recommend?
Which site do you recommend the easiest way to get HIPPA certified.

site that gives you a the training and exam.
Virus Depot: Cyber Crime Becomes Big Business
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

Patients in clinic need to be able to type their name and chief complaint into a spreadsheet or database at a kiosk, but they can't see any data that has been entered previously, for HIPAA reasons (can't see another patient's name or complaint).  All the data needs to be viewable by the registrar so they will know who is in the waiting room.  I've done excel spreadsheet which uses a macro to move the data from the registration spreadsheet into another spreadsheet, which is what I want.  However, I don't know how to make it so the spreadsheet is not accessible by the person standing at the kiosk.
Hello Experts,

This is probably a dumb question, but I have never worked with a text matching tool before (other that find and replace) and need guidance.

I need to complete a data discovery on sensitive information - mainly PII and/or PHI (flat files, NAS shares, endpoints).

The software that I have looked at, dtSearch and FileLocator Pro both say they can find this data. I only see the option to type in a word or a phrase at a time.

Can you please tell my how to set up products like these to  search for any PII or PHI? Are there dictionaries to purchase separately or something?

Thank you,
Steph M
A blue line appears on the screen when viewing documents scanned in from a Dell 3465dn printer.  This happens intermittently and I am unable to reproduce the issue with any regularity.  Checked 9 documents, all scanned within a few hours before I found one with the line on it.  This printer is B&W only and I have received no complaints of the line appearing on prints but the main document scanned is rarely printed out.  I wish I could post an example, but I work for a medical company and doing so would be a clear violation of HIPPA regulations.  Just wondering if anyone has any ideas on what could be causing this.  The scanner bed is clean and there are no scratches.
Currently looking for suggestion on a video conferencing unit that would be used in a health care environment, it needs to be in compliance with HIPPA and Unit has to be a standalone unit with no subscription cost.
Dear experts,

I am supporting a few small dental offices that host the dental application server in house.

Some of this clients  do not have a way to fire up the server that they depend on once there is a hardware failure.

Today a power supply went bad and they are without their application until wednesday.

In other locations you can restore a virtual machine server from a  backup job  from storage.

No such thing here. What is the best solution in case they need a loaner or a image restore program?

Thanks, M


The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Top Experts In