Category "Compliance"

The PCI seal of approval indicates that a company is PCI compliant and its customer payment card data is adequately protected. However, the benefits of maintaining PCI compliance are far-reaching for both the customer and the organization:

“The security benefits associated with maintaining PCI compliance are vital to long-term success of all merchants who process card payments.” -Quick Service Restaurant (QSR)Magazine

In 2015 approximately 80% of companies failed their interim PCI Compliance Assessment. One expert cited inadequate operations and maintenance of the security systems as the cause and suggested that the lack of enforcement within businesses cause 99% of compliance breaches. Violation of PCI compliance standards can result in brand damage and more; even though it is not an actual law.

The PCI Security Standards Council lists 10 potential liabilities answering the question why is PCI compliance important? These liabilities include Non-Compliance Fines ranging from $5,000-$500,000 that increases the longer the company is not compliant. There can also be Breach Consequences resulting from card holder data breach. Consequences include: additional fines ($50-$90 per card holder), suspension of card processing capabilities, brand damage, law suits;loss of both public trust and customer loyalty. Companies are able to calculate their potential liability by utilizing the online Penalties Calculator.

By adhering to PCI security standards, companies can avoid the costs associated with non-compliance, which can eventually result in the business closing down. Instead by maintaining PCI compliance, they can enjoy long-lasting success driven by customer trust and loyalty.

WHOA.com is a secure cloud computing solutions provider. Please contact us for a multi-layered approach to PCI compliance security.

HIPAA compliance is critical to success in any healthcare field, regardless of the nature of the health condition being treated. It doesn’t matter if you’re working with physical problems or psychiatric medicine; compliance applies to workers in all divisions, whether it be in Cardiology, Neurology, Oncology, Occupational Therapy or Mental Health.

Any time the nature of your job involves working with patients who are receiving professional treatment, you must respect their inherent right to privacy and protection of their personal information that you hold. You have access to knowledge about the person that not everyone generally knows; this gives you power, and power should never be misused.

Compliance means respecting the rules and maintaining the confidentiality of every person whose protected health information (PHI) you have the privilege to know.

PHI includes:

1. Names
2. Addresses or other geographical identifiers
3. Birthdays and other dates directly related to the client
4. Phone and fax numbers
5. Social security numbers
6. Email addresses
7. Diagnoses
8. Prescribed medications
9. Types of treatment received

Other identifying information that should be avoided includes account numbers, health plan numbers, certificate or license numbers, license plate numbers, student or employee ID numbers, medical records, videos and photographs.

If it’s something you wouldn’t want others to have access to or know about you, you shouldn’t release it without the permission of others, either. Consent is key. You must never release PHI without getting verbal or written consent from the person the information pertains to (or, in some cases, legally belongs to).

There are some exceptions to the rule.   In certain cases, it is okay to break confidentiality and release a person’s protected health information without their consent. However, you must ensure that you are doing it only in these specified circumstances:

• If you suspect child abuse or neglect
• If you suspect the abuse of an at-risk adult or elder
• If you suspect domestic violence
• If a person is at risk or harming themselves or is a danger to themselves or others
• You are being subpoenaed by a court of law

Always make sure that you stay up to date with HIPAA regulations and the ways that you can comply. Making one small mistake could cost your job. It’s never a bad idea to educate yourself and remind yourself of what you need to do to make sure that a costly mistake like that doesn’t happen.

According to a recent article from Health IT Security, the 2016 shooting at an Orlando nightclub prompted Office for Civil Rights to release a clarification on aspects of the Patient Health Information disclosure as it relates to a patient’s loved ones. The office cited Supreme Court rulings on same-sex marriages and stated that the provisions are not limited by the sex and gender identity of a person when it comes to the determination of who is, by law, considered a family member.

The PHI disclosure in the HIPAA privacy rule allows a patient’s health status to be shared by covered entities with an individual’s family member, other relative, or close personal friend as it relates to that person’s ability to act on behalf of the patient in making decisions regarding healthcare, if that person is directly involved in the patient’s care or payment of that care. The clarification states that it left to the covered entity’s professional judgement to decide if the disclosure is proper or not, and recommends that — whenever possible — the covered entity should attempt to get verbal direction from the patient regarding PHI disclosure.

As you well know, HIPAA compliance is about more than who one can disclose patient information to. It is also about safeguarding the information about your patients or clients that you store within your data and data centers. Our Senior Solutions Consultants are ready to work with you on developing a solution that includes firewalls, encryption tools, and processes to help you prevent security risks. For more information, contact us.

The HIPAA, or Health Insurance Portability and Accountability Act, was put into place in 1996 to protect sensitive patient data. It’s standards preserve medical health records and other personal health information so that people can continue to hold health insurance coverage, as well as their privacy. Still, HIPAA standards are not just devoted to the health industry. So, who should be HIPAA-compliant?

Generally, if a business handles protected health information, they need to be HIPAA-compliant. Protected health information can include anything from billing information, discussions between a patient and a doctor, and any medical data on file. HIPAA law describes these businesses as covered entities or business associates.

Covered entities includes U.S. health plans, health care clearinghouses (generally billing and data collection), and health care providers, but these trickle down even further. For instance, if your employer submits any personal health information to their health plan for you, they need to be compliant.

Business associates covers vendors of any of the above organizations who have access to the personal health information of patients. A couple of examples of business associates affected by the Health Insurance Portability and Accountability Act would be medical transcription companies, independent accountants, and data storage companies like WHOA.com.

WHOA.com has been verified as HIPAA compliant by an independent auditor. Its cloud-based infrastructure is apt to handle any and all patient information with the utmost in security and privacy.

Contact WHOA.com today to see how they can help your firm customize and configure your own private cloud environment.