Yesterday’s Massive DDoS Attack Shouldn’t Have Been a Surprise. Here’s Why

An excerpt from my interview with host Jim Blasingame on The Small Business Advocate radio show earlier this month.

Tagged with: , , , , ,
Posted in Network Security

Cybersecurity 101: What Healthcare Providers Need to Know

By Stephanie J. Rodin, Esq.

Cybersecurity 101 What Healthcare Providers Need to Know By Stephanie J. Rodin, Esq.From a legal perspective, cybersecurity means that all confidential information, including patient health information (PHI), in a healthcare provider’s database or server is protected, confidential, and completely compliant with the Health Insurance Portability and Accountability Act (HIPAA).

In order to do so, healthcare providers should:

  1. Conduct a risk assessment of their data;
  2. Develop and institute data security policies; and
  3. Test the effectiveness of those policies to make sure that they are running correctly.

In the first part of the risk assessment, the healthcare provider should identify sensitive data, including names, Social Security numbers, facial photographs, email addresses, health information, and anything that’s considered confidential and protected pursuant to the law. All PHI should also be encrypted, as mandated by HIPAA.

The next step is to assess the risk of exposure. For example, what’s the risk of data being exposed through a security breach or because someone inappropriately obtains access to private and protected information? Is there a technical risk? Is there a risk for human error? Is there a physical security risk, such as the place where the sensitive data resides in the office or storage unit? Or perhaps there is a virtual security risk from the network access controls or password protocols being utilized by the practice?
Read more ›

Tagged with: , , , , , , , ,
Posted in Guest Posts, Privacy Issues

Websites, Social Media and HIPAA — Do You Know the Requirements?

By Stephanie J. Rodin, Esq.

Websites, Social Media and HIPAA — Do You Know the Requirements by Stephanie J. Rodin, Esq.In this article, I will discuss the requirements for websites & social media to be HIPAA-compliant.

As healthcare practitioners already know, the goal of the Health Insurance Portability & Accountability Act of 1996 (HIPAA) is to protect the privacy and security of Protected Health Information (PHI). One thing many do not realize is that HIPAA has some very specific rules about how to protect PHI on the Internet.

First, it is important to understand the terminology.

Covered entity: the health care practitioner

Covered service: the type of treatment that can be received from the covered entity

Covered benefits: why patients will be better if they receive treatment from the covered entity

If you, a covered entity, have a website which provides information about your covered service or benefits, your notice of privacy practices must be blatantly posted on the website, with a link to download the notice. If a complaint is made against you regarding a potential breach of HIPAA, one of the first things an investigator will do is look at your website, so it is very important to make sure the notice is conspicuous.
Read more ›

Tagged with: , , , , , ,
Posted in Guest Posts, Privacy Issues

Tune In Tomorrow: Legal Ethics & the Risk of Mishandling Electronic Evidence

My new program for Lawline, Legal Ethics & the Risk of Mishandling Electronic Evidence, will be broadcast live at 12:30pm EDT on August 18, 2016 (and available on demand shortly thereafter). It will offer a comprehensive look at legal ethics and the risks associated with mishandling electronic evidence. Please feel free to tune in.

Here is the course description from the Lawline site:
Read more ›

Tagged with: , , , , , , , , ,
Posted in Laptops & Desktops, Smartphones & Tablets

Understanding HIPAA: Is Your Practice a Covered Entity?

Understanding HIPAA: Is Your Practice a Covered Entity? by Stephanie J. Rodin, Esq.

By Stephanie J. Rodin, Esq.

Many healthcare providers are subject to the Health Insurance Portability and Accountability Act (HIPAA); however, these laws do not apply to everyone. HIPAA relates to covered entities or business associates acting on behalf of a covered entity, and the law is very particular on what falls into these categories.

A covered entity is any healthcare provider that transmits any Protected Health Information (PHI) in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services has adopted a standard. A healthcare provider includes any doctors, psychologists, clinics, dentists, chiropractors, nursing homes or pharmacies. In today’s age of technology, there is an increased chance that a healthcare provider will be transmitting this type information electronically, especially to third party insurance carriers, and thus is covered under the act.

However, a self-pay practice that operates without any insurance – i.e., the patient is providing payment by credit card, check or cash – may not be considered a covered entity pursuant to HIPAA.

It is imperative that every healthcare practitioner understand whether HIPAA applies to their practice and to then ensure that they are compliant with the rules and regulations.
Read more ›

Tagged with: , , ,
Posted in Guest Posts, Privacy Issues