Monthly Archive:: August 2014

Is Your Cloud Service Provider HIPAA compliant?

I Think So.

To be honest, if that is your answer, you better make sure straight away that they are a HIPAA complaint cloud storage supplier. If you are found to be in breach of the HIPAA requirements and the Security Rule and Privacy Rule, the penalties for that breach range from $100 up to $250,000 plus 10 years imprisonment, plus a place on the Department of Health and Human Services Wall off Shame. To lay yourself open to these potential penalties all because you did not check properly is a great risk. The provider saying that they are is not accepted as an excuse.

What do I need to Check For to Ensure They Are?

Firstly if your provider is a HIPAA cloud storage company they will not be a “HIPAA Certified” cloud storage company. There is no recognized board of certification for HIPAA cloud storage providers. Any reputable cloud service provider will be independently audited every year. This will be carried out in accordance with the HIPAA Audit Protocols for both their method of operation and their infrastructure.

Ideally this should be measured against the Office of Civil Rights laid down criteria. They HIPAA cloud storage provider will expect and be willing to sign a business associate’s agreement (BAA). This must be a written agreement between you and the HIPAA compliant cloud storage provider. The agreement lays down what your cloud storages provider will do for you. It also confirms that it will work within the requirements of HIPAA requirements.

Anything Else?

Yes, now that you’ve satisfied yourself with the above, you still need to carry out and document your due diligence. Due diligence requires that you ask of the HIPAA compliant cloud storage company some detailed questions. Among the questions you may wish to ask could be;

• Who is it within the cloud service provider is responsible for ensuring that the provider is HIPAA compliant?

• What procedures does the cloud service provider have in place to ensure business continuity in the event of a failure of service?

• What training program and ongoing awareness programs do they have in place for all their employees to ensure that the security requirements of HIPAA are adhered to?

• Does the cloud service provider have a track record in dealing with, and fully complying with the requirements of HIPAA?

• Are you able to confirm the standards by which their company has their security audit carried out and can you see the results?

There are no doubt more questions that you will need to ask specific to your requirements. These questions are only general and intended as just some possible suggestions.visit the original source for more information.

cloud server provider

OK, Done All That is That it?

You have done carried out the checks on the HIPAA compliant cloud service provider and satisfied yourself that they are complying with the Security Rule and the Privacy Rule, is that all you need to do? To put it simplistic terms, no. You have to carry out these check regularly. Remember the onus is on you.

Which Cloud Storage Services are HIPAA Compliant?

As a First Step

Before one even starts to find out which are the HIPAA compliant cloud storage services you need to acquaint yourself with what is necessary for them to be able to make this claim. If you are looking for HIPAA compliant storage you are probably aware that you have a need for it and, as such, will have a basic understanding of what HIPAA requires from you when storing data. In simple terms a HIPAA compliant clouds storage provider has to follow the same regulations.

Looking for HIPAA Compliant Storage Providers.

There are two ways to find a HIPAA compliant cloud storage provider. You could as a trusted friend of colleague or search the internet. In either way the obligation is on you to carry out due diligence before entrusting your data to your chosen company. Any company that claims to be HIPAA “HIPAA Certified” is one to stay clear of. They may actually comply with HIPAA requirements but, as there is no such thing as an approved certification system, they are misleading you from the start. If they are not truthful on that what else are they misleading you on? Remember the obligation is on you to ensure that you electronic patient health information (ePHI) is secure.

What to Look For.

Any reputable cloud service provider will be independently audited every year. This will be carried out in accordance with the HIPAA Audit Protocols for both their method of operation and their infrastructure. Ideally this will be measured against the Office of Civil Rights laid down criteria. They HIPAA cloud storage provider will expect and be willing to sign a business associate’s agreement (BAA). This must be a written agreement between you and the HIPAA compliant cloud storage provider. The agreement lays down what your cloud storages provider will do for you. It also confirms that it will work within the requirements of HIPAA requirements.

Questions you May Wish to Ask During your Due Diligence.

• Review their annual security audit and check the standard on which is judged by.

• Does the company have a past track record in dealing with all the HIPAA requirements?

• Do they have procedures in place to ensure business continuity and what are they?

• Is there a program in place to make sure that all employees are trained and aware of security as applied to HIPAA? visit for more updated information.

• Who is it within the organization that has the responsibility to ensure that it is HIPAA compliant?

cloud storage

Once all these questions can be answered to your satisfaction you can be reasonably sure that the cloud service provider you have chosen will be able to provide you with HIPAA compliant cloud storage. The penalties for failing to ensure that your provider is fully HIPAA compliant can be severe. In the worst cases a fine of up to $250,000 and up to 10 years imprisonment are able to be applied. Even in the smaller breaches there is, in addition to a fine a place on the Department of Health and Human Services’ (HHS) Wall of Shame.

HIPAA Compliant Cloud Storage That is Affordable and Easy to Use.

Which is the Most Important?

In an ideal world you will find the cheapest and easiest to use HIPAA compliant cloud storage service provider straight off and with minimal effort on your part. In reality you will have to weigh the cost of the service versus the cost involved. And ask yourself which is the most important?

Is Affordability Your Main Criteria?

Is cost is an important factor in making you decision on which HIPAA compliant cloud storage company you use? Firstly in reaching your decision you need to look at all the costs, not just the headline price.

You cannot compare the cost of HIPAA compliant storage with standard storage, you should expect to pay more. The cost to the service provider is much more than that of a standard service provider. They need an employee who is responsible for compliance, all employees need to be trained in complying with HIPAA and they will have to sign a business associate agreement (BAA) with you.

These additional costs to be able to provide a HIPAA compliant service to you add costs to them. Added to that there is simply the law of supply and demand. There are far fewer companies, due to the stringent requirements placed on them, providing a HIPAA compliant service that those providing a standard latest news at

What About Ease of Use?

With some HIPAA compliant cloud storage service providers they provide and automatic encryption and encryption service so that anything sent to the cloud for storage is secure. Others just guarantee to keep the files you have sent secure. So before you send out a document to the cloud for storage it needs to be manually encrypted.

When you retrieve it, the document needs to be manually decrypted.

Not only is that not an easy method of storing you files it is time consuming and adds a cost to your business. Looking at some hypothetical figures, say one service, Company A, costs $100 per month and a second one, Company B, costs $200 per month, a difference of $100. The service provided by Company A needs you to manually encrypt and decrypt every file you send and receive. If you then look at the number of files you send and receive each month and multiply that by the cost of the person who is doing the encryption and decryption. With Company B you just need to click on the file you are going to send and it automatically is encrypted and sent. When you retrieve a file the same thing happens in reverse. The $100 difference is perhaps a little different than appears at first sight.this website helps you a lot of informative information.

HIPAA compliant solutions

Another Point to Remember.

The penalties for breaching HIPAA Security and Privacy Rules range from $100 up to $250,000 plus 10 years imprisonment, plus a place on the Department of Health and Human Services Wall off Shame. To lay yourself open to these potential penalties all because someone forgot to encrypt some files puts the $100 difference in perspective.

How to Send HIPAA Compliant Email.

Why do we need to send HIPAA Compliant Emails?

It is a common misconception that all emails are secure and therefor all the mail we send out are HIPAA compliant emails.If you use an email service provided by you internet provider or a free email service such as Yahoo or Gmail, these are not secure and do not meet the requirements of HIPAA. You need to use a service that is HIPAA approved. Using an unsecure service will open the possibility of you and your company being laid open to sanctions.

How Does Secure Emails Systems Work?

There are a variety of ways in which you can ensure that you send HIPAA compliant emails. Firstly you have to sign up for a service which offers a specifically HIPAA compliant service. There services that offer encrypted emails but not of the standard that is required for HIPAA compliance. Some HIPAA complaint services offer an email service that secures your emails once they reach their servers, others that encrypt the email before it leaves your computer. Some will offer a service that can only be used between tow computers that are attached to the service providers system. There are a multitude of providers and systems.

Which is the Best?

There are pros and cons with whichever system you choose. The answer to that is what do you really need to operate in such a way that suits your business the best? With the systems that encrypt at your computer before the email is sent, you will need to either send to customers of the same service or to give the recipients a secure email box that uses your domain name. If you are sending secure emails to a limited number of recipients outside your organization this may work well.more updated information at

HIPAA compliant

Does Every Email I Send have to be Encrypted?

The short answer to that is no, not every email you send has to be a HIPAA compliant email. Your emails only have to be encrypted if they contain electronic patient’s health information (ePHI). There is an exception to that rule as well. If a patient requests that you send them some ePHI via email, and you are sending information directly to a patient. You need to make that patient aware that the information you are sending them is not encrypted, if that patient agrees and still wants the information, you may send it unencrypted. You need to make a note that you have given the patient this warning and that they agreed.check their latest comment for more detailed information.

What if I Don’t Encrypt my Emails?

If you are caught not sending HIPAA compliant emails there are various sanctions that can be taken against you. There are fines ranging from $100 for the most minor of breaches ranging up to $250,000 plus up to 10 years imprisonment for the most serious and flagrant breaches. All this can be avoided by taking a little time to make sure that all you emails are encrypted.

Privacy rules under HIPAA

The privacy rules, which come under HIPAA, are not something, which is completely new for any person. Many people would have gone through the experience of signing the HIPAA form when they went for a visit to the doctor and this form will be stored along with the medical records of the patient. People who have had to undergo any kind of medical tests or those who have been hospitalized before would have to sign a HIPAA form along with many other consent forms.

In 1996, the US Congress passed the health insurance portability and accountability act, which will help in providing more protection for people with regard to insurance and the privacy of their medical information. These rules were also designed to help in improving the security measures with regard to the electronic exchange of data. The privacy rules of HIPAA were enforced in 2003, and these were designed to provide protection for the medical information of all patients like the status of their health, payment for the required health care etc. These rules regarding privacy will ensure that medical records of the patient and the details regarding the payment for the medical facilities are well guarded and protected.

The privacy rules which come under HIPAA state that any person or individual can ask for any kind of incorrect information to be completely removed from their medical records. Every individual also has the right to ensure that the privacy of his or her personal information has been maintained. Personal information pertains to personal contact details like the address, telephone number, social security number etc.

If a person does not want any of his personal information to be revealed, then the authorities should respect this right. This law also gives people the right to procure a copy of their medical records whenever they want and this copy should be delivered within thirty days of the request being submitted. If any person feels that the security of his or her personal information has been compromised in any manner, then they can file a complaint with the office of civil rights, which comes under the department of Health and Human Services.


All the health care agencies, which come under HIPAA, should ensure that all the medical records of the patient are kept extremely private and confidential. The payment records of the patients also come under this. Just as how there are exceptions to every rule, this rule does not apply when there is a case of child abuse being investigated and the required information will have to be revealed to the concerned authorities.more news at

If someone has placed a request for personal information, then all the required authorization forms should be signed by the concerned individual before any kind of personal medical information or contact information has been released to the concerned authorities. Only the necessary amount of information should be released and nothing more than that should be revealed. An official should be posted in order to ensure that the privacy of the information has been preserved as much as possible.follow her latest news and updates.

Need for adherence to HIPAA regulations

Farah Fawcett who is well known all over the world for the famous roles, which she has portrayed on television as well as films, was recently on the news headlines when confidential medical information about her health problems had been leaked to all the tabloids and newspapers.

Though many people have made statements about letting film stars and celebrities having some privacy, the act of publicizing the medical details of Ms Fawcett is a violation of a federal law. The Health insurance portability and accountability act of 1996 was created in order to ensure that the medical records of every person are stored and maintained in a confidential manner and no person will be allowed to access this information without the right kind of authorization.

Companies, which are involved in the collection of health, related information from people will be known as covered entities under HIPAA. All these entities will have to abide by all the rules and regulations, which come under HIPAA. All kinds of hospitals, clinics, health insurance companies which deal in medical policies, private practices which are being conducted by general practitioners, specialists, dentists, chiropractors, psychiatrists, psychologists and all kinds of medical billing centers and collection agencies are some of the covered entities which come under HIPAA. It is very essential to safeguard the information pertaining to every patient regardless of how many employees there are in an organization.

Patients who are coming to a clinic or a hospital for medical attention should be rest assured that all their details will be kept full information at

All the employees of the organization should make sure that the privacy of the information with regard to the patient has not been compromised in any manner. All the medical information which come under the purview of these medical laws are details of the prescription, records of the past medical history of the patient, record of all the appointments, messages which have been delivered either over the phone or through voice mail, forms with regard to medical insurance as well as insurance claims and any kind of information with regard to billing.


When the information, which has been stored regarding the patient, becomes outdated, it should be destroyed in such a manner that no traces are left and the privacy of the patient is also protected. All companies and organizations, which have been classified, as covered entities under HIPAA should make adequate arrangements to ensure that all the relevant documents have been destroyed in a proper manner. Every single bit of paper or printout should be eliminated in the right manner.

Simply throwing the papers in the garbage dump does not mean that the right measures have been resorted to. It is possible for anyone to find a stray piece of paper inside a garbage dump and this can give them access to a lot of information like credit card numbers as well as addresses. It is always better to make use of professional services in order to make sure that all stale medical records have been shredded and disposed in the right manner.

Complete HIPAA Guide

HIPAA is the abbreviation for the health insurance portability and accountability act, which was initially enforced in 1996, but all the rules and regulations, which come under this act, became fully operational only in the year 2003. The main purpose behind the enforcement of HIPAA was that when people will continue to have access to their medical insurance when they are shifting their jobs or even when they are looking for a job.

Initially it was a very difficult task to get the medical insurance company changed without paying very heavy premiums. Another benefit of the implementation of HIPAA is that it helps in protecting the medical records and other medical information of patients and this has also created a proper standard or benchmark for the management of the personal medical information of all patients.check more at

Portability is something, which many people have not yet understood. Previously whenever a person quit his job or got fired from his current job, his medical insurance would immediately expire on termination of services from the company. When he applied for medical insurance once again with his new employer his medical state of health would be classified under the tag of pre-existing conditions.

Due to this clause, the insurance company was not under any obligation to reimburse the amount, which was being spent in order to cure such a medical condition. When a person has been taking medicines regularly for high blood pressure, the medical insurance company did not have to reimburse the amount spent on these medicines since this is already a pre-existing medical condition.

Under the rules and regulations of HIPAA, no conditions could be laid down by the insurance companies regarding pre-existing conditions, the new employers would have to renew the existing insurance policy and they were also not allowed to charge high premiums. Apart from all these, they have also stated that health insurance should be made portable between companies. This is extremely useful for people who are shifting jobs. They will not have to worry about gaining coverage for their medical insurance and having to pay huge medical bills.

According to HIPAA, accountability means the standards and benchmarks which need to be followed regarding the exchange of private medical information between insurance companies, health care providers, pharmacies, patients and all other covered entities. With the advent of technology and electronic mail, violating the privacy of the medical information of a patient has become much easier.

HIPAA training

HIPAA has given the department of Health and Human Services the right to create rules regarding the transfer as well as the management of information, which is sensitive and private. They have also established codes, which will help in the process of identifying medical expenses as well as administrative expenses.visit their website for more updates.

A system of creating national Ids for all health care providers as well as insurance companies has also been established by the department of Health and Human Services. All the required policies and procedures should be implemented to make sure that the private medical information of all patients is secured and protected.