Search results

  1. petronella

    Developing Apps for Medical Purposes

    If the app is for doctors and/or patients, then there *IS* a very high potential for PHI to be involved, and at any point in time, there could be PHI exchanged. Therefore, it's best to follow and obey HIPAA guidelines to avoid costly fines. When in doubt, always follow HIPAA regulations as they...
  2. petronella


    Password policies are a mandatory requirement with HIPAA. Password managers offer a good security layer, but yes, this single layer is vulnerable to keystroke malware capturing the master password. Pairing this with a hardware token such as a Yubikey, makes this a much stronger layer. Google...
  3. petronella

    HIPAA Fines are so confusing!

    The office of civil rights (OCR) is the enforcing arm of HIPAA and determines the amount to fine in the event of a HIPAA breach. The fines are calculated based on the medical practice, size, number of patients effected, etc. and if there is willful neglect.
  4. petronella

    About those HIPAA fines…

    HIPAA security risk assessments help medical practices reveal all of the work that needs to be done to get HIPAA compliant. If a medical practice goes through a HIPAA security risk assessment and is made aware of infractions that can be resolved with HIPAA policies, procedures and/or security...
  5. petronella

    Has anyone actually been through a HIPAA audit and NOT been fined?

    I'm sure it's possible, but extremely unlikely. In a short conversation that I have with the medical office administrator or owners of a medical practices, I typically uncover at least 1 potential infraction. HIPAA is complex and confusing. There are a LOT of jobs to be done and most practice...
  6. petronella

    Be straight with me…

    I doubt the government would do that. I think the government means well, the problem is that there are not enough people that understand cybersecurity AND compliance to effectively protect an organization.
  7. petronella

    Encryption Question

    Encryption is one of many security controls and takes many different forms. There is disk encryption, keystroke encryption, secure socket layer (SSL), in transit encryption, at rest encryption, mobile device encryption and the list goes on and on. If the rule specified a certain type, it would...
  8. petronella

    If it’s practically impossible for a business to become HIPAA compliant on their own, how come the government doesn’t help more?

    I think the government means well and they do care because the government did offer grants and resources to help medical practices move from paper charts containing PHI into ePHI EMR systems. They created the National Institute of Standards and Technology (NIST) that has tons of great...
  9. petronella

    How did your company learn so much about HIPAA?

    It's an ongoing and continuous battle, but we are very determined. It's our mission to make HIPAA compliance easy and affordable for medical practices (covered entities - CEs and business associates (BAs) of all sizes, which is why we are always writing new books on HIPAA, HIPAA security risk...
  10. petronella

    Question about your notification policy…

    This is not true. All hipaa breaches must be reported. The U.S. Department of Health and Human Services (HHS) DOES REQUIRE breach notification. HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a...
  11. petronella


    Data that is stored in one central point (centralized) is far more vulnerable to being compromised, which is exactly the opposite to how blockchain technology is built, which is decentralized. By utilizing a ledger of information that is distributed across various peer to peer (P2P) networks...
  12. petronella

    I’m not sure where to put this but I have a question about Business Associates (BAs).

    Absolutely! You should always make sure business associates (BA's) can show proof of compliance with a signed Business Associate Agreement, a security risk assessment and a penetration test.
  13. petronella

    HIPAA Compliance deadline?

    Hi Kevin, Yes, the HIPAA compliance deadline was on 09/23/13. The office of civil rights is randomly auditing covered entities and business associates. The do not only audit a practice if there’s a breach. However, when there’s a breach, there are breach reporting laws that must be followed...
  14. petronella

    What is HIPAA?

  15. petronella

    What is HIPAA?

    HIPAA stands for the Health Insurance Portability and Accountability Act. It’s a law that was signed in 1996 by president Bill Clinton.
$900 Gets You HIPAA Security + 23-Point SEO Checkup - Learn More