Blog Archives

HIPAA and You: What It Is and Why It Matters

Adopted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was designed in part to facilitate the transfer of health insurance for citizens after leaving an employer, and to address the growing need for regulation and oversight of electronic protected health information (ePHI), also called individually identifiable health information, via the Privacy Rule. HIPAA is a substantive and often confusing piece of legislation, leading many companies to wonder if it applies to their business, what’s expected of them and how regulatory standards are enforced. Here’s a rundown of key HIPAA expectations and why they matter to your organization.

Who’s affected

First step? Determine if you’re subject to HIPAA regulations. As noted by the CDC, there are two key groups defined by the law: covered entities and business associates. Covered entities (CEs) consist of health plans, health-care clearinghouses and health-care providers. These CEs are responsible for appropriately handling ePHI by ensuring that an accurate record of all use and transmission exists, that all data is properly encrypted and that access is restricted to specific individuals such as patients, doctors or insurance providers.

The second group, business associates (BAs), are third-parties that work with CEs and occasionally handle health data. These may include lawyers, accountants, billing companies or IT developers, and are required to sign a written agreement with CEs stating that they will properly handle health data, use the information only for stated purposes and help the CE comply with certain aspects of the Privacy Rule.

Provisions

If your company is considered a CE or BA, how do you ensure HIPAA standards are being met? The Privacy Rule lays out several obligations, including:

   •     Notification of patients regarding their privacy rights and the specific use or disclosure of their ePHI.
   •     Adoption of internal privacy policies and procedures to prevent misuse.
   •     Training of employees to ensure they understand their role in using and transmitting ePHI.
   •     Creating contracts with BAs which specify their use and responsibility in safeguarding information.
   •     Establishing administrative, technical and physical safeguards—such as data access policies, data encryption and          long-term storage in secure facilities—to ensure information privacy.

Worth noting is that willful ignorance of the rule does not constitute an acceptable reason for compliance failure. For example, this means BAs using unencrypted data cannot claim that the relevant CE did not mandate this procedure—companies are expected to know and follow the rules if they handle health data.

Enforcement

HIPAA requirements are now being enforced with greater regularity and rigor by the Office of Civil Rights (OCR). Through 2016 and into 2017 the agency’s focus has centered around audits, both to evaluate the use of health documents and ensure companies can produce the necessary records to demonstrate the transmission and encryption of relevant data. Expect more in-depth audits to continue over the next few years.

The OCR has also been levying more fines for non-compliance. For example, a “Did Not Know” violation can cost between $100 and $50,000 for the first offense, while “Willful Neglect” (subsequently corrected) starts at $10,000. More worrisome are identical violations in the same calendar year: For any subsequent offense, the fine is set at $1.5 million.

Why does HIPAA matter to your business? If you’re a CE or BA under the law, you’re responsible for the security, storage and use of personal health information as described by Privacy Rule stipulations. Audits are becoming more common, and steep fines are the outcome if compliance standards are not met. Best bet? Leverage the expertise of trusted HIPAA security partners who can help you meet obligations and adapt to evolving HIPAA regulations.

Top Five Tech Gadgets for 2017…and Why I Want Them

2017 is here, and with the new year comes a new set of must-have tech gadgets that will make my life easier—or at least a lot more fun. Here’s a look at five of the most innovative and intriguing, and why I want them all.

Snapchat Spectacles

Sure, I’m just jumping on the bandwagon here, but why not—it’s nice to finally see a smart glass option that doesn’t make users look like “glassholes.” The Spectacles nail retro without feeling dated and solve the problem of “secret recording” with a light-up white circle that lets everyone around know that you’re taking video. Better still, they make it easy to send Snaps and give Snap recipients the ability to tilt the video for maximum effect. Bottom line? I already Snap. This makes it even easier.

Price: $129. Availability: Currently random

AirPods

Yeah, I tossed Apple for Android a few years ago, but it’s tempting to re-up the iPhone thanks to AirPods. The promise? No cords, 24-hour battery life and the pods are supposed to automatically sync with all my Apple devices and turn on whenever they’re in my ears. Plus, there’s voice recognition and crystal-clear sound. If it’s true it’s magic and I’m on board.

Price: $159. Availability: Apple says 100+ countries starting December 2016

SensorWake

Released near the end of 2016, the SensorWake is a clock that wakes you up using smell instead of noise. Current options include toast, mint, coffee, chocolate and freshly-cut grass to name a few, which each last for 30 “awakenings.” It’s probably not the best idea if you’ve got a must-be-there-meeting at 8 a.m., but if you’d like to skip sleeping the day away and pass on the beeping alarm clock—hey, those Spectacles aren’t going to take Snaps themselves, people!—the SensorWake sounds like a solid plan.

Price: $131.95 for clock and 6 scents. Availability: Online

Amazon Echo Dot

Amazon’s second-generation voice-controlled helper device, the Echo Dot is designed to make your life easier. Seven far-field microphones let it hear you even in a noisy room and with a few simple commands you can order pizza, call an Uber, play music or get the weather. Plus, it retails for less than $50 on Amazon and you don’t need an Echo to make the Dot work. Sounds like a fantastic time waster info hub.

Price: $49.99. Availability: Amazon

YOUMO

Want to play with the coolest tech gadgets? You need power, and the Kickstarter-funded YOUMO might just do the trick. The idea here is that you pick different power “modules,” which can be linked together to create a kind of ideal electric Frankenstein to power your tech environment. From standard power outlets to USB connections, wireless charging, LAN modules, speakers and even nightlights, there’s huge potential here. It’s not on the market yet, but all indications from Kickstarter and the company’s webpage are for a quick 2017 start.

Price: Not set. Availability: Soon

Want the best tech gadgets for 2017? You can’t go wrong with these five standouts.

IaaS vs PaaS vs Saas: Tips On the Cloud Trifecta

Cloud technology is enjoying marked success as companies move from “occasional” use to mainstream adoption. Consider the rise of soft-as-a-service (SaaS) offerings; according to IT Pro Portal, more than 1,400 new SaaS companies have emerged over the last five years and this $8 billion market should reach more than $50 billion by 2026. For many businesses, however, it’s easy to get bogged down in terminology—IaaS vs PaaS vs SaaS—and miss the technology’s potential ROI. Here’s what you need to know about the cloud computing trifecta.

Software as a service

By far the most popular and straightforward type of cloud computing, SaaS offers entry-level cloud technology access for companies of any size. The easiest way to understand this service? Think in terms of applications. Almost any app currently hosted on local servers or stored on PC hard drives can be moved the cloud. Instead of taking up valuable server space and network resources, all necessary code is stored off site. More importantly, all the “heavy lifting” of computation, analysis, and data storage are also handled by cloud servers. The result? You get high-performance, high-availability applications without the need to maintain hardware or upgrade software. Typically, you’ll pay monthly for access to the cloud itself and then a per-device or per-user fee for the software. SaaS is also the easiest cloud “entry point” for employees because many already use cloud services—such as email clients or social media sites—and are comfortable with the concept.

Infrastructure as a service

At the other end of the cloud is IaaS. Here the idea is to leverage virtual machines (VMs) in place of physical servers, meaning you’re not on the hook for big CAPEX spending or regular hardware upgrading. You’re able to put anything you want on these VMs—whatever platform, software, monitoring tools, or security solutions work best for your business—but they’re ultimately housed and maintained off site. Typically, IaaS is leveraged by companies that want total control over their virtual computing environment and have enough full-time IT staff to make the most of VM environments. While it’s possible to run IaaS in a public cloud environment, many enterprises now choose a hybrid or private model to maximize data and resource security.

Platform as a service

In the middle, you’ll find PaaS. As noted by Network World, it’s not a “finished product” like SaaS offerings, nor is it the “blank slate” of IaaS. Instead, PaaS provides a way for IT teams to develop services and applications for a specific platform. Developers and IT ops professionals get all the tools they need to build apps, social sites, mobile offerings, and websites—along with the APIs and tools needed to “hook” these offerings into the larger infrastructure of your cloud provider.

It’s worth noting that with so many as-a-service options on the market—from database to analytics to security to communications—two trends have emerged. First, the maturing cloud market has created a significant shift toward the simplicity of SaaS for even mission-critical tools and services; second, the ubiquity of cloud computing has driven down the average price of entry.

Bottom line? A little knowledge of the cloud trifecta goes a long way to selecting the ideal deployment for your business.