SOOKASA WHITEPAPER HIPAA COMPLIANCE. www.sookasa.com



Similar documents
SOOKASA WHITEPAPER SECURITY SOOKASA.COM

HIPAA compliance audit: Lessons learned apply to dental practices

Document Imaging Solutions. The secure exchange of protected health information.

The Impact of HIPAA and HITECH

Overview of the HIPAA Security Rule

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

The Must Have Tools To Address Your Compliance Challenge

HIPAA Violations Incur Multi-Million Dollar Penalties

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The CIO s Guide to HIPAA Compliant Text Messaging

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

What do you need to know?

SOOKASA WHITEPAPER CASB SECURITY OVERVIEW.

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA and HITECH Compliance for Cloud Applications

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

Managing Mobile Device Security

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives

activecho Driving Secure Enterprise File Sharing and Syncing

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 and Microsoft Dynamics CRM Online

OCR UPDATE Breach Notification Rule & Business Associates (BA)

Security Is Everyone s Concern:

Six Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Data Security Considerations for Research

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer

REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS

efolder White Paper: HIPAA Compliance

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

HIPAA Violations Incur Multi-Million Dollar Penalties

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson

Healthcare Compliance Solutions

activecho Frequently Asked Questions

The HIPAA Omnibus Final Rule

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

Business Case for Voltage Secur Mobile Edition

The Brave. New World of Healthcare Correspondence. Harnessing the Power of SaaS to Safeguard Patient Data. White paper

Regulations and compliance for enterprise mhealth applications

Kony Mobile Application Management (MAM)

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

What s New with HIPAA? Policy and Enforcement Update

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Research Information Security Guideline

Next-Era Home Health Care and Enhanced HIPAA Compliance

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, Published May An Osterman Research Executive Brief

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

When HHS Calls, Will Your Plan Be HIPAA Compliant?

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

HIPAA Privacy and Information Security Management Briefing

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

HIPAA Compliance Guide

Have you ever accessed

HIPAA Privacy & Security White Paper

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Secure File Sharing for HIPAA Compliance: Protecting PHI

Securing Health Data in a BYOD World

Welcome to Sookasa. Getting Started Guide for SafeMonk users

Secure Cloud Hosting for Healthcare Organizations

Healthcare Compliance Solutions

Egnyte Cloud File Server. White Paper

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Safeguard Protected Health Information With Citrix ShareFile

What We Do: Simplify Enterprise Mobility

What Are The Odds Of a HIPAA Audit?

Top Ten Technology Risks Facing Colleges and Universities

Key Considerations in Enterprise File Sharing Gurinder Dhillon, Sr. Director Product Management Ankur Shah, Sr. Product Manager

HIPAA ephi Security Guidance for Researchers

SureDrop Secure collaboration. Without compromise.

Security Architecture Whitepaper

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

HIPAA, PHI and . How to Ensure your and Other ephi are HIPAA Compliant.

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

The HITECH Act: Protect Patients and Your Reputation

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare

FAQ: HIPAA AND CLOUD COMPUTING (v1.0)

Five Best Practices for Secure Enterprise Content Mobility

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

HIPAA 101. March 18, 2015 Webinar

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Manual for Android 1.5

Transcription:

SOOKASA WHITEPAPER HIPAA COMPLIANCE www.sookasa.com

Demystifying HIPAA Compliance in the Cloud Healthcare s challenges There s no shortage of signals that the healthcare industry is under pressure: To do more with less, to provide higher quality care, to offer services more cheaply all while remaining HIPAA compliant. There s a stunning confluence of factors shifting healthcare s priorities, all part of a trend toward reducing costs and improving outcomes. Payments: Move away from fee-for-service models in favor of capitated contracts and / or bundled payments. Coordination: Increased focus on care coordination between different providers. Insurance: Growth in insured due to Obamacare and the rise of highdeductible plans means people are taking on more risk. Reimbursement: Paying for successful outcomes. Compliance: Greater emphasis on compliance, privacy, and fraud detection. HIPAA fines are huge, and reporting and notification is required. Consumerization: More apps mean more data and more choices. The increasingly mobile nature of medical services as well as the need for rapid, convenient, and high-volume data sharing means that healthcare professionals increasingly want to access data on-the-go. High volumes are being shared among organizations, including large images, medical bills, and scanned patient records. Pair that with the advent of mobile devices, and the demand for ubiquitous data has boomed. So, too, have cloud file sharing services, which answer the call to make information available anywhere. In recent years, market leaders such as Dropbox (400 million users), Google Drive (240 million users), and Box (41 million users) have seen dramatic growth in the number of users and devices they serve. Innovations like the cloud are supposed to address this demand for data, making it easier than ever for healthcare professionals to keep clinical data at their fingertips, coordinate care among providers, share information with patients, and pass on data to billing and insurance companies. The cloud offers a low-cost, user-friendly alternative to complex, expensive and hard-to-support legacy systems. But when it comes to dealing with patient health information, that s easier said than done, often leaving professionals forced to suffer a tradeoff between privacy and productivity. Security and HIPAA compliance are essential, and recently, file syncand-share providers like Dropbox and Google Drive took a step in the right direction by signing Business Associates Agreements that let healthcare organizations use their services to store and share PHI while maintaining HIPAA compliance. But while these providers support compliance for files on their servers as part of the BAA, users still have to hold up their end of the bargain by protecting the way they work with data.

Compliance challenges Cloud file sharing services conveniently synchronize files on any device, but they also scatter files across a large number of employees, mobile devices, and external partners. This, in turn, dramatically increases the risk of a HIPAA breach. HIPAA breaches related to cloud file-sharing services can generally be attributed to two issues: 1. Proliferation and loss of devices: The increase in the number and usage of mobile devices significantly increases the risk of loss. According to Consumer Reports, more than 5.2 million smartphones were lost or stolen in the U.S. in 2014, up from 4.5 million in 2013. File sharing applications enable each device to tap into a large number of unprotected files. The loss of a single device that contains unprotected Personal Health Information (PHI) constitutes a HIPAA breach. 2. Accidental sharing: In this way, the simplicity of sharing is actually a hindrance. With one-click features for sharing files, folders, and full directories with individuals and groups, it s easier than ever to share thousands of files and to mistakenly send this information to an unauthorized person. An analysis of all reported HIPAA breaches since 2006 revealed that more than 70 percent of all breaches resulted from the loss or theft of unencrypted storage devices. According to the Department of Health and Human Services data, there were 115 data breaches that affected more than 500 people last year, prompting many to call 2014 the year of the breach. HIPAA Breaches Affecting 500+ Records 2009-2015 Source: HHS Other Paper/Films Laptop Email Other Portable Electronic Device Network Server Desktop Computer Electronic Medical Record

Growing risks As federal agencies step up their oversight, the stakes when it comes to HIPAA compliance are higher than ever. Patient trust has always been on the line. Failing to ensure privacy and gain patients trust can erode the care providers are able to deliver. What s more, with breach notification laws and a new national standard on the way, HIPAA violation don t exist in a vacuum. Health entities who have breached HIPAA must notify patients and also have their names published on HHS Data Breach Notification website, also known as the Wall of Shame, which can have devastating effects. But under the Health Information Technology for Economic and Clinical Health Act, the financial penalties are also searing, reaching the millions of dollars depending on the level of culpability. Though small entities are also subject to audits, OCR is focused on rooting out major breaches, such as the $4.8 million settlement with New York Presbyterian Hospital and Columbia University after the healthcare system exposed 6,800 patient records. And if recent cases are any indication, it s clear that OCR is on the lookout for all types of breaches. Running unsupported and unpatched software, as Anchorage Community Mental Health Services learned the hard way this year, can constitute a breach, as can leaving boxes of medical records unattended. Fragmentation continues to rule the way healthcare entities run their businesses, meaning there are more ways than ever for non-compliance to creep in. What s more, HITECH also expands the scope of what sorts of entities can be found liable, applying to covered entities as well as their business associates, from billing and insurance companies to legal counsel. Finally, HHS Office of Civil Rights is stepping up random audits of major institutions and smaller providers to proactively bring violations to light. Every covered entity and business associate could be subject to an audit, which focuses on the following three HIPAA standards: Security Rule: Risk analysis and risk management Privacy Rule: Notice of privacy practices and access rights Breach Notification Rule Content and timeliness of breach notification For Phase 1, which focused on covered entities, OCR audited 115 covered entities. It found the smallest players struggled with compliance under all three of the HIPAA Standards. More than 60 percent of the violation findings or observations were related to security standards, with 58 of 59 audited health care provider covered entities had at least one such finding. Phase 2 of the audit program, which will encompass 400 business associates, began its preliminary surveying in 2015, with audits expected to occur in 2016.

s patented HIPAA-compliant Dropbox solution Given the importance of simplicity and synchronizing massive amounts of files across multiple devices, mainstream file-sharing providers like Dropbox and Google Drive are the preferred sync-and-share solutions for the healthcare space. In a survey conducted by The Compliancy Group, a HIPAA compliance consultancy, 55 percent of healthcare providers surveyed said they use Dropbox to store and share healthcare documents. Many cloud providers have signed Business Associates Agreements, which render them HIPAA-compliant, but proper security measures are taken on the user s side as well. is the only solution that overlays these cloud providers file sharing services with a complete set of HIPAA safeguards. facilitates HIPAA compliance for cloud file sharing services without compromising the user experience. preserves the providers native user interfaces, including mobile access, sharing, and synchronization. Once installed, automatically creates a folder called in each user s existing cloud provider s account. The folder is a safe haven for all businessrelated or sensitive files. Any file that is placed inside the folder is automatically encrypted, thereby giving the company full control over access to the file. s primary mechanisms to ensure HIPAA compliance include: Device loss / theft protection: allows encryption and decryption of electronic protected health information via its PC, Mac, ios, and Android clients as well as on its web browser interface. With s device block feature, users can remotely wipe the keys associated with certain devices and users so that it will no longer be able to decrypt sensitive information. Protection from accidental sharing: By encrypting files and granting access based on authenticated credentials, ensures only authorized people can access electronic protected health information. users define a whitelist of authorized employees and partners. also features realtime access revocation to terminated employees and business associates. Full audit trail: tracks every encrypted file across team accounts. It logs every modification, copy, access, or share operation made to encrypted files and associates each with a user. With a simple reporting tool, provides complete audit trails on all operations with encrypted files. Business Associate Agreements: signs BAAs with customers to ensure that PHI is encrypted in the cloud and on connected devices, but does not itself hold any PHI. Emergency access: allows administrative access to necessary electronic protected health information during an emergency through a centralized web-based dashboard. Automatic logoff: terminates a session after a predetermined period of inactivity, the length of which administrators can customize. Seamless encryption and decryption: allows encryption and decryption of electronic protected health information via its PC, Mac, ios, and Android clients as well as on its web browser interface. is the only solution that provides end-to-end encryption for cloud filesharing services. With s file-level encryption approach, files remain encrypted and tracked by even if they are moved outside their primary cloud applications.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information