Understanding HIPAA: Is Your Practice a Covered Entity?

Understanding HIPAA: Is Your Practice a Covered Entity? by Stephanie J. Rodin, Esq.

By Stephanie J. Rodin, Esq.

Many healthcare providers are subject to the Health Insurance Portability and Accountability Act (HIPAA); however, these laws do not apply to everyone. HIPAA relates to covered entities or business associates acting on behalf of a covered entity, and the law is very particular on what falls into these categories.

A covered entity is any healthcare provider that transmits any Protected Health Information (PHI) in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services has adopted a standard. A healthcare provider includes any doctors, psychologists, clinics, dentists, chiropractors, nursing homes or pharmacies. In today’s age of technology, there is an increased chance that a healthcare provider will be transmitting this type information electronically, especially to third party insurance carriers, and thus is covered under the act.

However, a self-pay practice that operates without any insurance – i.e., the patient is providing payment by credit card, check or cash – may not be considered a covered entity pursuant to HIPAA.

It is imperative that every healthcare practitioner understand whether HIPAA applies to their practice and to then ensure that they are compliant with the rules and regulations.
Read more ›

Tagged with: , , ,
Posted in Guest Posts, Privacy Issues

Tune In Tomorrow: Legal Ethics & the Risk of Mishandling Electronic Evidence

My new program for Lawline, Legal Ethics & the Risk of Mishandling Electronic Evidence, will be broadcast live at 12:30pm EDT on August 18, 2016 (and available on demand shortly thereafter). It will offer a comprehensive look at legal ethics and the risks associated with mishandling electronic evidence. Please feel free to tune in.

Here is the course description from the Lawline site:
Read more ›

Tagged with: , , , , , , , , ,
Posted in Laptops & Desktops, Smartphones & Tablets

Coming Soon: Data Protection, Security & Legal Ethics

My new program for Lawline, Data Protection, Security & Legal Ethics, will be broadcast live at 10am EDT on August 18, 2016 (and available on demand shortly thereafter). It will offer a comprehensive look at legal ethics and information security concerns affecting law firms and businesses now. Please feel free to tune in.

Here is the course description from the Lawline site:
Read more ›

Tagged with: , , , , , ,
Posted in Laptops & Desktops, Network Security, Smartphones & Tablets

Cyber Security Explained: Baiting

Baiting involves a piece of portable electronic storage media like a CD, laptop or USB stick drive left at or close to the target’s workplace in order to tempt the curious victim into seeing what’s on it. In effect, the CD, stick drive, etc. is the worm on the fishhook. You’re the fish.

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: , , , , , , ,
Posted in Fraud & Scams, Network Security, Security Tip of the Week

“Sanitize” Your Computer Before Disposal

Image: Stephen Swintek/Stone

Image: Stephen Swintek/Stone

When the time comes to throw away, give away, sell or otherwise dispose of a computer, you should be sure to permanently erase the data on it. Otherwise, the new owner – or someone who has fished it out of the trash (yes, this actually happens) – will be able to read any financial, business, personal, or other sensitive data that was on the hard drive when you stopped using it. Often this will also include data that you may have thought was deleted but is actually still on the hard drive. Pressing “delete” doesn’t actually erase a file or program permanently and even a moderately skilled hacker will be able to retrieve it. This begs the question: how do you permanently delete the data that you don’t want lingering on the computer once you are ready to dispose of it?

The National Institute of Standards and Technology publication related to data disposal is SP 800-88 rev. 1. It details three levels of “media sanitization” – clear, purge and destroy. Data is considered cleared when it’s not readily accessible on the computer or device in question, though someone with digital forensic tools (like that moderately skilled hacker noted above) can still get at it. Purging involves removal of the data to the extent that it is “infeasible to recover” using state of the art forensic lab methods and destroying is pretty much what it sounds like. NIST SP 800-88 references a number of destructive methods relating to computer data. Here are a few common ones:
Read more ›

Tagged with: , , , , , , , , , , , , , ,
Posted in Laptops & Desktops, Network Security, Privacy Issues