HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a client for HIPAA reasons needs to store Active Directory logs for 6 years. Is anyone familiar with a product that they can suggest to use?
0
Why Diversity in Tech Matters
LVL 13
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

I need to keep networked 2 medical devices (Zeiss eye scanners) that run Win XP embedded. However HIPPA does not like XP. To upgrade to the latest would cost many thousands MANY.

The devices just need to send a PDF to a network share.

I am looking for the best way to segment out the XP machines and still satisfy HIPPA requirements.

One thing I cant do is just unplug the network and use a usb drive because the devices are used many times a day and would hamper workflow.

I have considered removing the gateway on the XP pcs and also adding strict firewall rules (sonicwall)

Also thought of using a win 10 pc with 2 nics for 2 different subnets to act as a go between

Any thoughts?

Thanks
0
We like to delegate the HIPAA (or similar mandates) Security Officer role of monitoring logs, current authorized users, analyze traffic, etc to the HR, Nurse, IT point person, etc in an under 20 maybe even an 100 employee environment .   They will review logs to identify users that may still have access to ePHI but are either no longer with the organization or have a business relationship requiring access. Determine if generic accounts are used which do not support logging individual’s access to ePHI.  The reality after reading the "Information System Activity Review" policy and procedure listed below is this task is incredibly arduous task for an individual to take on even for a small network.  I researched Netwrix Auditor, Managed Engine, NetCrunch a few but need feedback on the best system for delegating the task and hand off to a small business.  I'm considering going away from Sonicwalls because Watchguard's log interface apppears to be better.   Alternatively, is there any specific RMM agent that incorporates what we are looking in this policy/procedure featured below.   Regardless, we need easy deployment, elegant interface, and it just works.  It's easy to work with whether or not we hand this off to the client or we decide to incorporate in our …
0
Due to the fires in CA we are in smoke and keep our windows/doors closed.  Air quality is terrible.
 Wonder if anyone suggest a good air purifier for home/office with approx 1000sq ft space.

Thanks in advance!!
0
NIST, HIPAA and CFR Title 21 standards.

We are a MSP, we recently picked up a few clients that need to become compliant in the near future.
We have become fairly educated in NIST, for the most part all standards look verify similar.
My question is “What did or do you do to be NIST, HIPAA or CRF Title 21” compliant?
All sites are Windows 2012R2 Domains, GPOs, AD user accounts and Data security is in place.
We are using existing documentation as Templates.  

If you can give us a few ideas, thoughts or resources to look at that would be very helpful.  The standards are rather ambiguous.  We understand there is no certain way to do most of it.  Do you use any software packages? Certain GPOs, is there Templates you know about?  We would like to become more verse in these standards.
 
Please only positive replies, I think we can all live without negative remarks.

Thanks for your help
0
In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'.  This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem.  We have a few mobile apps that use AD authentication.  When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card...  What is the work around?  The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO?  Even then I don't think it will work for AD is looking for a Smart Card.
0
HIPAA
0
I am looking for recommendations: the goal is to select a service provider to provide HIPAA compliant access to internal files from outside my network.  The files are on a Windows file server, but I am wiling to move them elsewhere if needed.  They are MS office files (mainly Excel).

Thank you for any help you can provide!
0
I am working in a new HIPPA compliant network. I have noticed that we are blocking attempted spammers on our outbound mail filter, in some cases, on a bad day, as many as 50 different IP addresses. While the email filter will bock any sender that is not authenticated I am under the impression that if your Exchange (2016) environment is properly configured we should see zero attempted relays. Am I incorrect in this assumption?
0
Aesthetic software and EMR system.   Need advice on the best system if you can combine both aesthetic (plastic surgery, botox, spa, etc)  retail industry with a HIPAA compliance EMR system.  So far Booker we see that Booker is really good for retail side and Kereo is good for the EMR side but we like to combine the two.  We were told Aesthetic Pro is pretty good.  Patient Now sounds better but it is remote desktop based.  The practice just defected from Centricity  RDP system.  It's way too convoluted for their setup and not the least bit user friendly.

Key retail aspects:
  • Spa and aesthetic
  • Merchant account
  • Scheduling
  • Inventory management

Key EMR aspect
  • Document Management
  • Patient Notes
  • HIPAA compliant (obviously)
  • Fax prescriptions
  • Scanning - Easily upload documents w  $1500 Fujisut network scanner
  • Bonus Labs integration


I'm not sure if you can sync the two systems like contacts and document management.... primarily consent forms.  Even better is a one size fits all solution that is not clunky like Centricity.
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Specific to healthcare and the privacy issues associated with it, I am looking for an app that can notify a therapist that a patient has arrived for an appointment, has canceled or will be delayed.  Ideally, there would be a smartphone app for therapists and a web front end for the receptionist to use to send out pre-set messages like "Patient has arrived."  No protected health information will be transmitted, just generic notifications for "patient."  I want to avoid using SMS if I can.  Does anyone have experience with any notification systems like this?  I am just dealing with a single receptionist and a group of 6 therapists.  Any inexpensive and proven solution is welcome.
0
My company is looking into adopting 'OneDrive for Business' and 'Sharepoint online' as cloud storage solutions and while I can find info on other standards like HIPAA on Microsoft's website, information on PCI is conflicting.

My question to you: can documents that fall under the PCI compliance umbrella be stored in ODfB and Sharepoint?


Thank you for your help!
0
Hello, I am trying to find a software or vendor that can assist me. I need to be able to have a audit summery of harddrive folder and files with drive serial numbers, ect and certified that i was destroyed for record keeping. I have tried WinDirStat , Book Nuke, no luck. Does anyone have any experience working in IT of lawyer offices, government, fiance, ect that know a way to produce this type of custom report ?
0
our company is required to have HIPAA hosting and network. I understood we can consult with HIPAA consultant but we first want to learn what a company should do if the company wants to be HIPAA.

Our company has small office with just 10 employees. Only PC. no server. Physically, it is very simple.
We have only one website as well. and of  course hope to get HIPAA protected as well.

If you have been in this situation, share with me what/how should get start will definitely help.
0
Hi!
1. Customer: Health Care Industry (Hospice) - so we need HIPPA Compliance
2. 7 Locations throughout 2 States.
3. About 70 email users.

CUSTOMER WANTS
1. Customer wants secure end-to-end email encryption
2. All email stored and accessible from central control panel -- even if the USER decides to delete their "copy."

POSSIBLE IDEA I HAD:
1. A single account for each of the seven locations that would be their end-to-end encrypted email
       -- I thought of www.ProtonMail.com   - any comments on this?

2. All other accounts are with GoDaddy Email Hosting -- maybe just make sure they are sending / receiving through SSL / TLS, and that they understand NOT TO SEND patient data using that email address?
       -- Was going to ask GoDaddy about a central "copy" service.
       -- ...or do I need to just configure a machine here at the central office to download everything each day or so?

Thanks!
- Dasher
0
I am looking for a Sample Internet Usage Policy for a Dentist Office so it needs Hippa Verbiage

any Samples would be great.

Cjoego
0
Patients in clinic need to be able to type their name and chief complaint into a spreadsheet or database at a kiosk, but they can't see any data that has been entered previously, for HIPAA reasons (can't see another patient's name or complaint).  All the data needs to be viewable by the registrar so they will know who is in the waiting room.  I've done excel spreadsheet which uses a macro to move the data from the registration spreadsheet into another spreadsheet, which is what I want.  However, I don't know how to make it so the spreadsheet is not accessible by the person standing at the kiosk.
0
Hello Experts,

This is probably a dumb question, but I have never worked with a text matching tool before (other that find and replace) and need guidance.

I need to complete a data discovery on sensitive information - mainly PII and/or PHI (flat files, NAS shares, endpoints).

The software that I have looked at, dtSearch and FileLocator Pro both say they can find this data. I only see the option to type in a word or a phrase at a time.

Can you please tell my how to set up products like these to  search for any PII or PHI? Are there dictionaries to purchase separately or something?

Thank you,
Steph M
0
A blue line appears on the screen when viewing documents scanned in from a Dell 3465dn printer.  This happens intermittently and I am unable to reproduce the issue with any regularity.  Checked 9 documents, all scanned within a few hours before I found one with the line on it.  This printer is B&W only and I have received no complaints of the line appearing on prints but the main document scanned is rarely printed out.  I wish I could post an example, but I work for a medical company and doing so would be a clear violation of HIPPA regulations.  Just wondering if anyone has any ideas on what could be causing this.  The scanner bed is clean and there are no scratches.
0
Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Dear experts,

I am supporting a few small dental offices that host the dental application server in house.

Some of this clients  do not have a way to fire up the server that they depend on once there is a hardware failure.

Today a power supply went bad and they are without their application until wednesday.

In other locations you can restore a virtual machine server from a  backup job  from storage.

No such thing here. What is the best solution in case they need a loaner or a image restore program?

Thanks, M
0
I have a client who wants a HIPAA security audit done for her very small medical practice. I've downloaded the toolkit, and understand what needs to get done. But I've no idea how to charge for it. Her practice is really small - just her (the practitioner) and a secretary. Not a whole lot of money. I need to set this up such that it's worth my time, but she can also afford it. Any suggestions on pricing models for this?
0
I need to calculate exact age from today.  It must be in T-SQL I can not create a store procedure or function.  Another twist is the date as stored in a Varchar(255) type.   It has a format like  YYYY-mm-dd  ex 1971-02-12.  The database is SQL 2005.

Thank You
0
We are discussing a potential partnership around a project that would involve patients taking photos with a smart phone app.  Photos would be shared with a central data repository and analysed by a team of researchers and I have concerns about data security.  I'm worried about how data is protected, how they handle private info and private images, etc...  do you know how we may go about reviewing their systems to be comfortable that they are okay? Is it possible to hire an auditor for HIPAA compliance? Are there any other concerns that need to be brought up?

thank you so much!
0
Hello,

Are there any best practices out there when it comes to granting a vendor an 'admin level' domain user login in a HIPAA environment, that will either have it expire, not require a change in password, or other features?
0
Greetings.

We have a client who needs to be HIPAA compliant, however their recently built website by an outside agency includes form submissions with fields requesting personal information. We have expressed concerns regarding HIPAA in regards to their newly built Wordpress site and have requested that the forms be taken down until a compliant solution is found.

The client is adamant that they need to have such submissions for their business, however what is being gathered in the forms include social security numbers, etc... The advertising agency that built the site also has no concerns regarding HIPAA - nor would they be expected to.

Is there a recommended solution to work with Wordpress that will satisfy HIPAA compiance?

Thanks
0

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Top Experts In
HIPAA
<
Monthly
>