The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Due to the fires in CA we are in smoke and keep our windows/doors closed.  Air quality is terrible.
 Wonder if anyone suggest a good air purifier for home/office with approx 1000sq ft space.

Thanks in advance!!
4 signs you’re cut out for a cybersecurity career
4 signs you’re cut out for a cybersecurity career

It’s one of the most in-demand fields in technology and in the job market as a whole. It’s crucial to our individual and national security. And it may be your path to a future filled with success and job satisfaction—if these four traits sound like you.

NIST, HIPAA and CFR Title 21 standards.

We are a MSP, we recently picked up a few clients that need to become compliant in the near future.
We have become fairly educated in NIST, for the most part all standards look verify similar.
My question is “What did or do you do to be NIST, HIPAA or CRF Title 21” compliant?
All sites are Windows 2012R2 Domains, GPOs, AD user accounts and Data security is in place.
We are using existing documentation as Templates.  

If you can give us a few ideas, thoughts or resources to look at that would be very helpful.  The standards are rather ambiguous.  We understand there is no certain way to do most of it.  Do you use any software packages? Certain GPOs, is there Templates you know about?  We would like to become more verse in these standards.
Please only positive replies, I think we can all live without negative remarks.

Thanks for your help
In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'.  This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem.  We have a few mobile apps that use AD authentication.  When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card...  What is the work around?  The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO?  Even then I don't think it will work for AD is looking for a Smart Card.
I am looking for recommendations: the goal is to select a service provider to provide HIPAA compliant access to internal files from outside my network.  The files are on a Windows file server, but I am wiling to move them elsewhere if needed.  They are MS office files (mainly Excel).

Thank you for any help you can provide!
I am working in a new HIPPA compliant network. I have noticed that we are blocking attempted spammers on our outbound mail filter, in some cases, on a bad day, as many as 50 different IP addresses. While the email filter will bock any sender that is not authenticated I am under the impression that if your Exchange (2016) environment is properly configured we should see zero attempted relays. Am I incorrect in this assumption?
Aesthetic software and EMR system.   Need advice on the best system if you can combine both aesthetic (plastic surgery, botox, spa, etc)  retail industry with a HIPAA compliance EMR system.  So far Booker we see that Booker is really good for retail side and Kereo is good for the EMR side but we like to combine the two.  We were told Aesthetic Pro is pretty good.  Patient Now sounds better but it is remote desktop based.  The practice just defected from Centricity  RDP system.  It's way too convoluted for their setup and not the least bit user friendly.

Key retail aspects:
  • Spa and aesthetic
  • Merchant account
  • Scheduling
  • Inventory management

Key EMR aspect
  • Document Management
  • Patient Notes
  • HIPAA compliant (obviously)
  • Fax prescriptions
  • Scanning - Easily upload documents w  $1500 Fujisut network scanner
  • Bonus Labs integration

I'm not sure if you can sync the two systems like contacts and document management.... primarily consent forms.  Even better is a one size fits all solution that is not clunky like Centricity.
Specific to healthcare and the privacy issues associated with it, I am looking for an app that can notify a therapist that a patient has arrived for an appointment, has canceled or will be delayed.  Ideally, there would be a smartphone app for therapists and a web front end for the receptionist to use to send out pre-set messages like "Patient has arrived."  No protected health information will be transmitted, just generic notifications for "patient."  I want to avoid using SMS if I can.  Does anyone have experience with any notification systems like this?  I am just dealing with a single receptionist and a group of 6 therapists.  Any inexpensive and proven solution is welcome.
My company is looking into adopting 'OneDrive for Business' and 'Sharepoint online' as cloud storage solutions and while I can find info on other standards like HIPAA on Microsoft's website, information on PCI is conflicting.

My question to you: can documents that fall under the PCI compliance umbrella be stored in ODfB and Sharepoint?

Thank you for your help!
Hello, I am trying to find a software or vendor that can assist me. I need to be able to have a audit summery of harddrive folder and files with drive serial numbers, ect and certified that i was destroyed for record keeping. I have tried WinDirStat , Book Nuke, no luck. Does anyone have any experience working in IT of lawyer offices, government, fiance, ect that know a way to produce this type of custom report ?
10 Tips to Protect Your Business from Ransomware
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

1. Customer: Health Care Industry (Hospice) - so we need HIPPA Compliance
2. 7 Locations throughout 2 States.
3. About 70 email users.

1. Customer wants secure end-to-end email encryption
2. All email stored and accessible from central control panel -- even if the USER decides to delete their "copy."

1. A single account for each of the seven locations that would be their end-to-end encrypted email
       -- I thought of www.ProtonMail.com   - any comments on this?

2. All other accounts are with GoDaddy Email Hosting -- maybe just make sure they are sending / receiving through SSL / TLS, and that they understand NOT TO SEND patient data using that email address?
       -- Was going to ask GoDaddy about a central "copy" service.
       -- ...or do I need to just configure a machine here at the central office to download everything each day or so?

- Dasher
I am looking for a Sample Internet Usage Policy for a Dentist Office so it needs Hippa Verbiage

any Samples would be great.

Patients in clinic need to be able to type their name and chief complaint into a spreadsheet or database at a kiosk, but they can't see any data that has been entered previously, for HIPAA reasons (can't see another patient's name or complaint).  All the data needs to be viewable by the registrar so they will know who is in the waiting room.  I've done excel spreadsheet which uses a macro to move the data from the registration spreadsheet into another spreadsheet, which is what I want.  However, I don't know how to make it so the spreadsheet is not accessible by the person standing at the kiosk.
Hello Experts,

This is probably a dumb question, but I have never worked with a text matching tool before (other that find and replace) and need guidance.

I need to complete a data discovery on sensitive information - mainly PII and/or PHI (flat files, NAS shares, endpoints).

The software that I have looked at, dtSearch and FileLocator Pro both say they can find this data. I only see the option to type in a word or a phrase at a time.

Can you please tell my how to set up products like these to  search for any PII or PHI? Are there dictionaries to purchase separately or something?

Thank you,
Steph M
A blue line appears on the screen when viewing documents scanned in from a Dell 3465dn printer.  This happens intermittently and I am unable to reproduce the issue with any regularity.  Checked 9 documents, all scanned within a few hours before I found one with the line on it.  This printer is B&W only and I have received no complaints of the line appearing on prints but the main document scanned is rarely printed out.  I wish I could post an example, but I work for a medical company and doing so would be a clear violation of HIPPA regulations.  Just wondering if anyone has any ideas on what could be causing this.  The scanner bed is clean and there are no scratches.
Dear experts,

I am supporting a few small dental offices that host the dental application server in house.

Some of this clients  do not have a way to fire up the server that they depend on once there is a hardware failure.

Today a power supply went bad and they are without their application until wednesday.

In other locations you can restore a virtual machine server from a  backup job  from storage.

No such thing here. What is the best solution in case they need a loaner or a image restore program?

Thanks, M
I have a client who wants a HIPAA security audit done for her very small medical practice. I've downloaded the toolkit, and understand what needs to get done. But I've no idea how to charge for it. Her practice is really small - just her (the practitioner) and a secretary. Not a whole lot of money. I need to set this up such that it's worth my time, but she can also afford it. Any suggestions on pricing models for this?
I need to calculate exact age from today.  It must be in T-SQL I can not create a store procedure or function.  Another twist is the date as stored in a Varchar(255) type.   It has a format like  YYYY-mm-dd  ex 1971-02-12.  The database is SQL 2005.

Thank You
We are discussing a potential partnership around a project that would involve patients taking photos with a smart phone app.  Photos would be shared with a central data repository and analysed by a team of researchers and I have concerns about data security.  I'm worried about how data is protected, how they handle private info and private images, etc...  do you know how we may go about reviewing their systems to be comfortable that they are okay? Is it possible to hire an auditor for HIPAA compliance? Are there any other concerns that need to be brought up?

thank you so much!
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!


Are there any best practices out there when it comes to granting a vendor an 'admin level' domain user login in a HIPAA environment, that will either have it expire, not require a change in password, or other features?

We have a client who needs to be HIPAA compliant, however their recently built website by an outside agency includes form submissions with fields requesting personal information. We have expressed concerns regarding HIPAA in regards to their newly built Wordpress site and have requested that the forms be taken down until a compliant solution is found.

The client is adamant that they need to have such submissions for their business, however what is being gathered in the forms include social security numbers, etc... The advertising agency that built the site also has no concerns regarding HIPAA - nor would they be expected to.

Is there a recommended solution to work with Wordpress that will satisfy HIPAA compiance?


We have a client who needs to be HIPAA compliant, but wants to start using Skype for Business. While we can't always control what may or may not be in the background while an end user is having a Skype conversation, we'd like to inquire if there are any security concerns with the platform itself in regards to security and HIPAA compliance.

Any input or suggestions will be most appreciated.


We are managing an environment that has 52 laptops running Windows 7 Professional. All of the laptops have been encrypted using TrueCrypt in an attempt to be HIPAA compliant. The problem with this solution is that each time the system is rebooted the end user needs to enter the encryption password before the system will boot. In consideration of patch management and the occasional application install this makes the process more time consuming.

Is there a way that we can still have drive encryption in place but still be able to reboot and connect to the affected system? We are remotely managing these systems using Continuum's patch management and monitoring solution. Unfortunately I do not see an encryption option with their package. From what I have been reading some users who also need to be HIPAA compliant have reported that TrueCrypt doesn't always pass an audit because there's no reporting.

At this point we are more interested in making sure security updates can be applied and maintenance can be run, but also need an encryption solution that will still allow us to reconnect after reboot.

Any suggestions will be most appreciated.

Hello folks,

The problem: Imagine an insecure website (is not https), that collects new customer information via electronic forms which will contain HIPAA protected data by the time 'Submit' is clicked. I have been tasked with helping a customer modify their practices, at least in the narrow capacity I just detailed, to become HIPAA compliant.

Gsuite or Wordpress plug-ins have been mentioned as possible avenues, but I'm still at the 'I don't know enough to ask intelligent questions' stage. HIPAA is such a broad and complex topic, search results are overwhelming. I also believe that securing the collection of information is just the tip of the iceberg.

I'm surely not the first person to encounter this. Any suggestions on a coherent and focused approach to this problem would be greatly appreciated.

Thank you in advance!
I recently picked-up a small medical clinic as a new client.  I'm looking for a HIPAA compliant access point that I can recommend to them to replace their current (very non-compliant) one.  They have about 10 users. They've been running just about everything on WiFi for quite some time, but I'll be running cable to get their primary PCs off wireless.  So, probably 4 laptops and a few phones will need WiFi access once all is said and done.  

Thanks for any suggestions.



The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Top Experts In