The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

I have a grievous situation .   One of our clients who is HIPPA has lost access to their old EMR database.   They were running Centricity CPS prior to moving over to their new EMR.   They could not fully migrate all their database data so they have stil been using their old EMR software for legacy data.   HOWEVER the centricity EMR software stopped working because the database within MS SQL 2012 had been degraded to suspect.   Not matter what I googled and tried to repair it, nothing worked.   We had backups of the actual database and I was able to retrieve the actual file, disconnect the suspect database and restore the recovered database in SQL.  

The backup database has been renamed to the database file in SQL that was suspect, and is showing as connected.   However when logging into the EMR's web interface which locally connects to the suspect database, the software can no longer connect to the recovered database.   The login is throwing an error and I am starting to panic.   Peoples jobs are on the line here.   Can anyone first before I go into severe detail lend a hand?  This is critical.
Is O365 really HIPAA Compliant.  Does it need any add-on's?  Are all versions of O365 compliant?
A Chiropractic office with 3 location wants a website patients can fill-out questionnaires, and have the answers stored in a database.  How do I find a hosting company that can provide this and is HIPAA compliant?
Has anyone ever configured an android tablet that only allows 1 application to run upon login?  

I have a client that is asking for 30 android tables to be configured.  They are going out to patients.   They want the tablet configured to only prompt for a password to login and then only allow web browser usage after logging in with no access to anything else.   Can someone explain how to do this?  I am assuming WiFi will need to be allowed as I am unsure if these tables will come built with 4G or not.  

This is in case they are stolen there is nothing they can do with them otherwise.   I may be tasked with setting up 30 of these.
I have a client for HIPAA reasons needs to store Active Directory logs for 6 years. Is anyone familiar with a product that they can suggest to use?
I need to keep networked 2 medical devices (Zeiss eye scanners) that run Win XP embedded. However HIPPA does not like XP. To upgrade to the latest would cost many thousands MANY.

The devices just need to send a PDF to a network share.

I am looking for the best way to segment out the XP machines and still satisfy HIPPA requirements.

One thing I cant do is just unplug the network and use a usb drive because the devices are used many times a day and would hamper workflow.

I have considered removing the gateway on the XP pcs and also adding strict firewall rules (sonicwall)

Also thought of using a win 10 pc with 2 nics for 2 different subnets to act as a go between

Any thoughts?

We like to delegate the HIPAA (or similar mandates) Security Officer role of monitoring logs, current authorized users, analyze traffic, etc to the HR, Nurse, IT point person, etc in an under 20 maybe even an 100 employee environment .   They will review logs to identify users that may still have access to ePHI but are either no longer with the organization or have a business relationship requiring access. Determine if generic accounts are used which do not support logging individual’s access to ePHI.  The reality after reading the "Information System Activity Review" policy and procedure listed below is this task is incredibly arduous task for an individual to take on even for a small network.  I researched Netwrix Auditor, Managed Engine, NetCrunch a few but need feedback on the best system for delegating the task and hand off to a small business.  I'm considering going away from Sonicwalls because Watchguard's log interface apppears to be better.   Alternatively, is there any specific RMM agent that incorporates what we are looking in this policy/procedure featured below.   Regardless, we need easy deployment, elegant interface, and it just works.  It's easy to work with whether or not we hand this off to the client or we decide to incorporate in our …
Due to the fires in CA we are in smoke and keep our windows/doors closed.  Air quality is terrible.
 Wonder if anyone suggest a good air purifier for home/office with approx 1000sq ft space.

Thanks in advance!!
NIST, HIPAA and CFR Title 21 standards.

We are a MSP, we recently picked up a few clients that need to become compliant in the near future.
We have become fairly educated in NIST, for the most part all standards look verify similar.
My question is “What did or do you do to be NIST, HIPAA or CRF Title 21” compliant?
All sites are Windows 2012R2 Domains, GPOs, AD user accounts and Data security is in place.
We are using existing documentation as Templates.  

If you can give us a few ideas, thoughts or resources to look at that would be very helpful.  The standards are rather ambiguous.  We understand there is no certain way to do most of it.  Do you use any software packages? Certain GPOs, is there Templates you know about?  We would like to become more verse in these standards.
Please only positive replies, I think we can all live without negative remarks.

Thanks for your help
In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'.  This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem.  We have a few mobile apps that use AD authentication.  When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card...  What is the work around?  The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO?  Even then I don't think it will work for AD is looking for a Smart Card.
I am looking for recommendations: the goal is to select a service provider to provide HIPAA compliant access to internal files from outside my network.  The files are on a Windows file server, but I am wiling to move them elsewhere if needed.  They are MS office files (mainly Excel).

Thank you for any help you can provide!
I am working in a new HIPPA compliant network. I have noticed that we are blocking attempted spammers on our outbound mail filter, in some cases, on a bad day, as many as 50 different IP addresses. While the email filter will bock any sender that is not authenticated I am under the impression that if your Exchange (2016) environment is properly configured we should see zero attempted relays. Am I incorrect in this assumption?
Aesthetic software and EMR system.   Need advice on the best system if you can combine both aesthetic (plastic surgery, botox, spa, etc)  retail industry with a HIPAA compliance EMR system.  So far Booker we see that Booker is really good for retail side and Kereo is good for the EMR side but we like to combine the two.  We were told Aesthetic Pro is pretty good.  Patient Now sounds better but it is remote desktop based.  The practice just defected from Centricity  RDP system.  It's way too convoluted for their setup and not the least bit user friendly.

Key retail aspects:
  • Spa and aesthetic
  • Merchant account
  • Scheduling
  • Inventory management

Key EMR aspect
  • Document Management
  • Patient Notes
  • HIPAA compliant (obviously)
  • Fax prescriptions
  • Scanning - Easily upload documents w  $1500 Fujisut network scanner
  • Bonus Labs integration

I'm not sure if you can sync the two systems like contacts and document management.... primarily consent forms.  Even better is a one size fits all solution that is not clunky like Centricity.
Specific to healthcare and the privacy issues associated with it, I am looking for an app that can notify a therapist that a patient has arrived for an appointment, has canceled or will be delayed.  Ideally, there would be a smartphone app for therapists and a web front end for the receptionist to use to send out pre-set messages like "Patient has arrived."  No protected health information will be transmitted, just generic notifications for "patient."  I want to avoid using SMS if I can.  Does anyone have experience with any notification systems like this?  I am just dealing with a single receptionist and a group of 6 therapists.  Any inexpensive and proven solution is welcome.
My company is looking into adopting 'OneDrive for Business' and 'Sharepoint online' as cloud storage solutions and while I can find info on other standards like HIPAA on Microsoft's website, information on PCI is conflicting.

My question to you: can documents that fall under the PCI compliance umbrella be stored in ODfB and Sharepoint?

Thank you for your help!
Hello, I am trying to find a software or vendor that can assist me. I need to be able to have a audit summery of harddrive folder and files with drive serial numbers, ect and certified that i was destroyed for record keeping. I have tried WinDirStat , Book Nuke, no luck. Does anyone have any experience working in IT of lawyer offices, government, fiance, ect that know a way to produce this type of custom report ?
our company is required to have HIPAA hosting and network. I understood we can consult with HIPAA consultant but we first want to learn what a company should do if the company wants to be HIPAA.

Our company has small office with just 10 employees. Only PC. no server. Physically, it is very simple.
We have only one website as well. and of  course hope to get HIPAA protected as well.

If you have been in this situation, share with me what/how should get start will definitely help.
1. Customer: Health Care Industry (Hospice) - so we need HIPPA Compliance
2. 7 Locations throughout 2 States.
3. About 70 email users.

1. Customer wants secure end-to-end email encryption
2. All email stored and accessible from central control panel -- even if the USER decides to delete their "copy."

1. A single account for each of the seven locations that would be their end-to-end encrypted email
       -- I thought of www.ProtonMail.com   - any comments on this?

2. All other accounts are with GoDaddy Email Hosting -- maybe just make sure they are sending / receiving through SSL / TLS, and that they understand NOT TO SEND patient data using that email address?
       -- Was going to ask GoDaddy about a central "copy" service.
       -- ...or do I need to just configure a machine here at the central office to download everything each day or so?

- Dasher
I am looking for a Sample Internet Usage Policy for a Dentist Office so it needs Hippa Verbiage

any Samples would be great.

Patients in clinic need to be able to type their name and chief complaint into a spreadsheet or database at a kiosk, but they can't see any data that has been entered previously, for HIPAA reasons (can't see another patient's name or complaint).  All the data needs to be viewable by the registrar so they will know who is in the waiting room.  I've done excel spreadsheet which uses a macro to move the data from the registration spreadsheet into another spreadsheet, which is what I want.  However, I don't know how to make it so the spreadsheet is not accessible by the person standing at the kiosk.
Hello Experts,

This is probably a dumb question, but I have never worked with a text matching tool before (other that find and replace) and need guidance.

I need to complete a data discovery on sensitive information - mainly PII and/or PHI (flat files, NAS shares, endpoints).

The software that I have looked at, dtSearch and FileLocator Pro both say they can find this data. I only see the option to type in a word or a phrase at a time.

Can you please tell my how to set up products like these to  search for any PII or PHI? Are there dictionaries to purchase separately or something?

Thank you,
Steph M
A blue line appears on the screen when viewing documents scanned in from a Dell 3465dn printer.  This happens intermittently and I am unable to reproduce the issue with any regularity.  Checked 9 documents, all scanned within a few hours before I found one with the line on it.  This printer is B&W only and I have received no complaints of the line appearing on prints but the main document scanned is rarely printed out.  I wish I could post an example, but I work for a medical company and doing so would be a clear violation of HIPPA regulations.  Just wondering if anyone has any ideas on what could be causing this.  The scanner bed is clean and there are no scratches.
Dear experts,

I am supporting a few small dental offices that host the dental application server in house.

Some of this clients  do not have a way to fire up the server that they depend on once there is a hardware failure.

Today a power supply went bad and they are without their application until wednesday.

In other locations you can restore a virtual machine server from a  backup job  from storage.

No such thing here. What is the best solution in case they need a loaner or a image restore program?

Thanks, M
I have a client who wants a HIPAA security audit done for her very small medical practice. I've downloaded the toolkit, and understand what needs to get done. But I've no idea how to charge for it. Her practice is really small - just her (the practitioner) and a secretary. Not a whole lot of money. I need to set this up such that it's worth my time, but she can also afford it. Any suggestions on pricing models for this?


The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Top Experts In