The Fundamentals of HIPAA Compliance

itgdev — Tue, 25 Jun 2019 18:30:01 +0000

Healthcare organizations are a favorite target of malware attacks and data breaches. In 2018, Verizon reported that healthcare organizations account for 24% of all data breaches. The HHS collected over $28 million in financial penalties in 2018. Thus, no matter whether you’re a seasoned in-house IT tech working at a healthcare provider, or an MSP looking to explore this large and potentially lucrative vertical, HIPAA compliance is a must-have. Let us examine some key aspects of HIPAA to understand best how to comply with it.

#1 You Are a Covered Entity

Have no illusions, if you work the healthcare vertical, you are a covered entity, and therefore are responsible for protecting any data that you manage for your clients. But you also need to work with your clients to ensure that their data is protected, and sometimes that means protected from themselves. No matter how secure your 3rd party tool or healthcare management solution is, they cannot protect you from human error on your side, malicious insiders, sync errors or hacking. Damage caused by breaches are significant, and we’re not talking about the HIPAA fine, but rather the high cost of business downtime, damage to reputation and loss of valuable customer data.

#2 Proof of Process Matters

HIPAA guidelines are often just that – guidelines, and they can be interpreted any number of different ways. However, in the event of a breach, HIPAA and other data protection laws always give good marks for trying. Performing due diligence in the form of accurate, up-to-date and end-to-end documentation can go a long way in having a fine reduced or waived. Ensure that all of your processes for securing personal health information are documented. For an internal IT team, make sure that these processes don’t just cover your team, but anybody who might have access to protected information. An internal team can set up a few IT Glue Lite accounts in order to share process documentation with non-tech users. An MSP may get more value setting up a MyGlue instance for each healthcare client, and sharing process documents that way.

#3 Defend Against the Weakest Link – People

It is often said that people are the weakest security link. In the healthcare industry, 56% of the security breaches are due to internal reasons. Both IT Glue and MyGlue also double up as powerful password management applications. With MyGlue, your clients can use strong passwords exclusively, you can control who has access, and they’ll be able to use the passwords without ever seeing them. If the alternative is sending them over email or passing sticky notes to one another, that’s a HIPAA violation, so MyGlue is going to reduce risk substantially.

#4 Have a Safety Net

HIPAA’s Security Rule mandates that backups should be frequent, encrypted, tested and stored offsite and covered entities must be able to fully “restore any loss of data.” As Matt McDermott, Principal Technical Marketing Engineer at Spanning explains, “HIPAA puts the backup and restore accountability squarely on covered entities. Spanning Backup provides automated, daily backups of your application data, and the ability to restore any lost or deleted data back into your environment from any point in time. A number of our healthcare clients have reduced the stress of data loss and damage due to HIPAA non-compliance with Spanning Backup.”

In Summary

The biggest pieces to solving the compliance puzzle are having the right processes in place, and using the right tools for the job. A violation, should it occur, is treated with less severity when you can demonstrate proof of process, and you’re using the right tools.

To learn more about how IT Glue and MyGlue can help secure passwords as part of HIPAA compliance, sign up for a demo of our platform.

Yes, sign me up for a demo!

IT Glue is an award-winning documentation platform that allows for efficient storage and retrieval of all the documentation you need to help your MSP run better. By integrating PSA and RMM data, we can help increase your efficiency, and reduce onboarding times by even more. By eliminating wasted time from your business, IT Glue gives you more time to focus on what matters – growing your business.

The post The Fundamentals of HIPAA Compliance appeared first on IT Glue.

Your Guide to HIPAA Compliance and Password Security

itgdev — Thu, 26 Oct 2017 13:43:00 +0000

If you provide IT services to clients in the healthcare industry, you’ve probably heard a lot about HIPAA compliance. While crucial to protecting sensitive data, many organizations don’t understand its importance.

Your clients put themselves at risk when they share passwords and when they don’t have a secure policy for changing passwords. These are both things that are against HIPAA rules, yet are incredibly common. When it comes to HIPAA, how well are you and your clients following the appropriate regulations?

HIPAA and MSPs

HIPAA isn’t only for the healthcare businesses. For IT providers, when you have access to a covered entities’ data (including healthcare providers, plans, businesses that deal with electronic protected health information, etc.), you are considered a business associate. This relationship means you could be liable if a security breach were to happen, so you must comply with the Health Insurance Portability and Accountability Act (HIPAA) to mitigate this risk.

HIPAA and your clients’ password management

In a study of over 100 small medical offices, over 17% of them had sensitive information on post-its – including passwords. Poor password hygiene puts businesses at risk. In 2015, 50% of small and midsized companies reported suffering at least one cyberattack in the last year. Weak passwords are one of the main causes for these breaches.

As stated in the HIPAA security rule section, password management is a part of HIPAA compliance. You and your clients must have “procedures for creating, changing, and safeguarding passwords.” This includes not sharing passwords, writing them down, or displaying them anywhere for others to see.

A password management tool is the solution

HIPAA compliance is important for both you and your clients. Your clients need strong security training that creates a workplace security culture. Creating and managing complex passwords needs to be a priority.

The most robust solution would be to offer your clients a password management tool. In this way, clients can create, manage, and store strong passwords in one simple hub. A password management platform also greatly reduces the need to share passwords because certain permissions can be set to limit access. You and your clients can rest easy knowing you’ve taken necessary precautions against cyber threats, while also complying with HIPAA.

IT Glue can help with password management. Store your clients’ team-based passwords in IT Glue, use the IT Glue mobile app, or download the Chrome Extension to provide greater access to the passwords stored in IT Glue. Or watch our demo to see the full range of features: