cube hands security

Does HIPAA regulation cover your business? There are two categories of entities who are regulated by HIPAA and are required to be in full compliance.

Covered Entity – This is the main focus of the original law. Covered entities are those who, in their normal activities, create, maintain, directly access and/or transmit PHI and ePHI. Examples of these entities are healthcare providers, clearinghouses, insurance plans, and employers who self-insure. [Note: In general a specific individual is not considered a covered entity. Their employer is the covered entity. Individuals, however, still have a duty to support and ensure compliance and would likely face disciplinary action by their employer for individual behaviors that compromise compliance. Their employer would be the target of OCR fines and penalties.

Read more

watching eye

So you know you are regulated by HIPAA. But in a broad sense, what must your organization do to be in compliance? First and foremost, you need to understand what HIPAA and the HITECH Act are regulating. HIPAA and the HITECH Act are regulating and enforcing the security of an individual patient’s health information. The specific information being regulated is known as Protected Health Information (PHI), also known sometimes as Individually Identifiable Health Information (IIHI), and its subset, electronic Protected Health Information (ePHI). ePHI is simply PHI stored, maintained, etc. in digital form. These are defined as any data that can individually identify a patient. That means anything that can reasonably ID a patient. Examples include SSN, medical ID, age, vmail, URLs, driver’s license number, license plate numbers, photos, names of relatives, identified test results, telephone numbers, email and postal addresses, and medical images. As can be seen, this sweeps a large swath of data under the umbrella of protected information.
Read more

multi factor authentication

You have probably come across the term multi-factor authentication of late. It is an IT buzzword today and is fast becoming one of the best practices of cybersecurity. So, what is multi-factor authentication, exactly? Read this blog to find out.
Read more

hacker laptop

The dark web is essentially a marketplace for cyber criminals. If your data has been compromised, the dark web is the place where it is traded. It could be sold by miscreants, to miscreants, who can later hack into your system or extort money from you to prevent a data leak and so on.

Read more

Have you come across the term, dark web, recently? As a business, you might have heard that you need to keep your data safe from the dark web. So, what is the dark web anyway? Read on to find out…

Read more

checklist security

In our last blog, we discussed 2 of the 5 important IT checklists that every SMB should have. In this post, we cover the other 3, namely, IT training, Data Backup, and BYOD checklists.

Read more

4 ways to protect your data

When you look at all the ways that your data can be placed at risk, it can be pretty discouraging. As discussed in our last two blogs, data is at risk from bad actors, failed hardware, human error and external events largely beyond anyone’s control. However, there are a range of solutions, some of which can be money-saving, that can help mitigate risk. Here are four key areas on which to focus.

Read more

data risk hardware software and the threats around us

Aside from human error and the work of bad actors, our data faces others risks. In particular, the failure of your hardware and software to protect as designed, and the numerous external threats that exist, largely beyond anyone’s control.

Read more

data security from the customer perspective

We hear a lot of talk about data security because of the constant threat of cyber attacks and hacking. News of data breaches are extremely common. As a result, we are exceptionally concerned about the branding and reputation consequences of a data breach. However, there are other events which could occur that make our data inaccessible. It is important to know you are doing the best you can to protect against cyber attacks, ransomware and other forms of data theft, but data security goes beyond that. Instead, let’s look at data from a broader perspective.

Read more

ransomware and disaster recovery plans

Disaster recovery is a basic element of good business continuity planning. Business continuity planning refers to the broad range of plans created so that a business–that includes veterinary practices–can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of the lead doctor, director, or other principals in the organization, severe natural disasters that incapacitate a physical location, etc. Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

Read more