Introduction I’ve put together a brief list of reported HIPAA violations through 2017. Key points are listed below: Encrypt and password-protect any portable hard drives, laptops, cell phones, digital cameras, and any removable piece of medical equipment. Don’t upset the HIPAA Gods. You have 60 days from breach to when a customer receivers a […]
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
Effective June 11, 2016, HHS issued new rulings regarding Ransomware. Previously, since breach of PHI could not be ascertained in Ransomware infections, reporting was not necessary. With the new rule changes, Ransomware reporting is mandatory. The HHS findings can be found here: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf Methodology on Report Filing can can be found here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf The […]
Recently, I was asked a question. “If I use MPLS, do I need to do encryption to be HIPAA compliant?” Multi-Protocol Label Switching (MPLS) is different things to different people, depending upon the networks involved. In this context, it was a Metropolitan Ethernet (Metro-E) network being provided by a local cable company. So, the answer […]
This is a Healthcare graphic I created 2-1/2 years ago. It might be old, but it’s still good. Share this with your favorite doc.