Blog

The HIPAA, or Health Insurance Portability and Accountability Act, was put into place in 1996 to protect sensitive patient data. It’s standards preserve medical health records and other personal health information so that people can continue to hold health insurance coverage, as well as their privacy. Still, HIPAA standards are not just devoted to the health industry. So, who should be HIPAA-compliant?

Generally, if a business handles protected health information, they need to be HIPAA-compliant. Protected health information can include anything from billing information, discussions between a patient and a doctor, and any medical data on file. HIPAA law describes these businesses as covered entities or business associates.

Covered entities includes U.S. health plans, health care clearinghouses (generally billing and data collection), and health care providers, but these trickle down even further. For instance, if your employer submits any personal health information to their health plan for you, they need to be compliant.

Business associates covers vendors of any of the above organizations who have access to the personal health information of patients. A couple of examples of business associates affected by the Health Insurance Portability and Accountability Act would be medical transcription companies, independent accountants, and data storage companies like WHOA.com.

WHOA.com has been verified as HIPAA compliant by an independent auditor. Its cloud-based infrastructure is apt to handle any and all patient information with the utmost in security and privacy.

Contact WHOA.com today to see how they can help your firm customize and configure your own private cloud environment.

PCI compliance or payment-card industry compliance involves adhering to a set of specific security standards. It is required by all card brands and applies to all companies (no matter the size) that accept credit card payments. These standards were developed in order to protect card information for a financial transaction during and after it. To follow PCI, involves six direct requirements.

1. They must protect cardholder data. Protecting this data usually involves encrypting transmissions of cardholder data across public networks and taking initiative to protect any stored data for customers.

2. Building and maintaining a secure network is a vital requirement for PCI. To do this a business must install and maintain a firewall configuration. This protects customer data. They must also attend to smaller security details such as not using the default passwords for systems and changing their passwords often.

3. Another PCI requirement is to sustain a vulnerability management program. There are many options available for anti-virus software and a variety of choices for secure applications. A business must actively work to keep these elements in check.

4. Maintaining an information security policy will help a business keep their security in check. They should always hold themselves against this policy and it’s standards.

5. A company should always be regularly monitoring and testing its networks. This involves not only the networks themselves, but the security systems and processes involved as well.  Access to cardholder data should always be closely watched.

6. Implementing strong access and control measures is an important facet of PCI. Cardholder information should be held on a need-to-know basis, the less people that have access the better. Each person with access should have a unique ID.

WHOA.com has a cloud-based infrastructure and is able to consult and help you handle PCI requirements with ease. Contact them today to find out more.

There’s only one thing worse than a serious HIPAA breach: having one and not providing the required notifications.

Entities covered by HIPAA, as well as their business associates, may need to report breaches. If an event compromises the privacy or security of protected health information which a covered entity holds, that constitutes a breach. The presumption is that an improper disclosure or use of PHI constitutes a breach, unless a risk assessment shows that the likelihood of compromised information is low. For instance, if printed records sent out for secure disposal fall off the truck, that counts as a breach unless all the records are recovered before anyone else can get to them.

If a breach does occur, a covered entity has to provide notifications without unreasonable delay (60 days at most) to:

  • The Secretary of Health and Human Services. A reporting form for this purpose is available online.
  • Individuals affected by the breach. The notice can go out by regular mail, or by email if the people affected have agreed to receive notices that way. If it isn’t possible to reach all affected people by mail or email, a public notice is required.
  • The news media, if the breach affects more than 500 residents of a state or jurisdiction.

It’s a legal requirement to document all notifications sent out. If an event falls short of being a breach, the assessment supporting that conclusion has to be documented.

It’s embarrassing to let people know that their confidential medical data may have gotten into the wrong hands, but it gives them a chance to protect themselves from identity theft, and embarrassment is better than the penalties the Office of Civil Rights can assess.

Best of all, of course, is not to have a breach in the first place. The secure cloud service from WHOA.com provides strong security, complying with all HIPAA and HITECH requirements. Contact us to learn more about our service.

Many IT professionals and executives hold a common misconception that dedicated infrastructure, hosted within a business’ own walls, is always more secure than a cloud solutions offering. This understanding fails to recognize the myriad complexities that exist within managing computing services in-house.

While a dedicated server seems attractive, it comes with the added responsibilities of hiring additional trusted staff, navigating vendor solutions and contracts, and even the basic cost of added facilities and equipment management. Maintaining your own dedicated servers also limits your flexibility in accommodating additional resources and implementing ever-changing regulatory frameworks. From a liability perspective, dedicated servers leave your business open to litigation and regulatory actions should you fail to properly implement the latest security protocols and standards.

Many businesses are relieving themselves of these potentially catastrophic burdens by transitioning to cloud-based computing solutions. Much as how these businesses don’t manage their own bank vaults, professional cloud computing solutions are being used to safeguard the data and computing of both firms and their clients.

The very term “cloud” suggests a monolithic entity, incapable of customization and inflexible to the individual demands every business has. To the contrary, modern cloud infrastructure is much like clouds themselves: flexible, scalable, and multi-faceted. Even businesses requiring complex computing solutions that must meet privacy and security standards like HIPAA can use cloud solutions.

WHOA.com’s Private Cloud service provides individualized computing services on private servers, combining the benefits of a dedicated server with the flexibility, security, and uptime of a top-tier cloud platform provider.

Please contact us for details about our personalized cloud computing solutions.

© 2018 WHOA.com All rights reserved.