Introduction I’ve put together a brief list of reported HIPAA violations through 2017. Key points are listed below: Encrypt and password-protect any portable hard drives, laptops, cell phones, digital cameras, and any removable piece of medical equipment. Don’t upset the HIPAA Gods. You have 60 days from breach to when a customer receivers a […]
HIPAA
HIPAA: Product Sunsets
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
HIPAA: Ransomware IS a Breach
Effective June 11, 2016, HHS issued new rulings regarding Ransomware. Previously, since breach of PHI could not be ascertained in Ransomware infections, reporting was not necessary. With the new rule changes, Ransomware reporting is mandatory. The HHS findings can be found here: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf Methodology on Report Filing can can be found here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf The […]
HIPAA, MPLS, and Encryption
Recently, I was asked a question. “If I use MPLS, do I need to do encryption to be HIPAA compliant?” Multi-Protocol Label Switching (MPLS) is different things to different people, depending upon the networks involved. In this context, it was a Metropolitan Ethernet (Metro-E) network being provided by a local cable company. So, the answer […]
Meaningful Use vs. Actual Use
This is a Healthcare graphic I created 2-1/2 years ago. It might be old, but it’s still good. Share this with your favorite doc.