Spent college summers supervising the production of ice cream (no really). A real dynamo when it comes to working excel. Interested in all things cyber.
Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by studyblxg and here's what we found interesting.
Average Info
Notes Per Post
5
Likes Per Post
5
Reblog Per Post
0
Reply Per Post
0
Time Between Posts
2 days
Number of Posts By Type
Text
17
Last Seen Tumblr Blogs
Fun Fact
In February 2021, Tumblr had 518.6 million blog accounts.
Text
HIPAA Email API for Admission, Discharge, and Transfer Alerts
Table of Contents:
Admission, Discharge, and Transfer (ADT) Alerts
Protected Health Information (PHI)
Transactional Email
HIPAA Compliant Transactional Email
HIPAA Compliant Email for ADT Alerts
We spoke to a prospect down in Melbourne Beach, Florida earlier this week about our HIPAA Compliant Email API. They were keenly interested in integrating it with their Admission, Discharge, and Transfer (ADT) Alert workflow platform.
Admission, Discharge, and Transfer (ADT) Alerts
The Admission, Discharge, and Transfer (ADT) system supports core administrative functions in healthcare.
These are:
Registering a patient
Discharging a patient
Transferring a patient
Merging patient files to avoid duplication
ADT is part of the HL7 standard and is considered a cornerstone to improving patient care coordination.
Protected Health Information (PHI)
According to the HIPAA Privacy Rule, Protected Health Information (PHI) is defined by HHS as individually identifiable health information held or transmitted by a Covered Entity or its Business Associate.
PHI can be in any form or media:
Electronic (email, text, patient portal, etc)
Paper
Oral
In a nutshell, any information that can reasonably be used to identify an individual and is used during the course of care is considered PHI.
In the case of ADT alerts, we clearly see that PHI is being constantly transmitted.
Read full article: What is Protected Health Information (PHI)?
Transactional Email
Transactional Email is a type of email sent to assist an agreed-upon interaction between a sender and recipient. In US Healthcare, this is often between a provider and a patient.
Transactional Emails may also be called “triggered” emails because they can include any email that is generated by a patient’s interaction with a patient portal, a smartphone app, or in this case, ADT alerts.
HIPAA Compliant Transactional Email
Transactional email for most businesses often doesn’t have sensitive information and can be sent without worry of encryption. But because a transactional email for ADT alerts will have protected health information (PHI), it requires email providers to be HIPAA compliant.
Because there are limited options when it comes to HIPAA compliant transactional email providers, most providers, and as a result consumers, are left out in the cold.
But by using HIPAA compliant transactional email to securely deliver ADT alert information to a patient’s inbox, healthcare providers can meaningfully increase patient engagement.
Read full article: What is HIPAA Compliant Transactional Email?
HIPAA Compliant Email for ADT Alerts
In the case of the prospect we spoke to, they were eager to integrate our HIPAA Email API into their ADT alert workflow.
We are looking forward to working with them.
Try Paubox Secure Email API for FREE and make your transactional email HIPAA compliant today.
Start Your Free Trial
The post HIPAA Email API for Admission, Discharge, and Transfer Alerts appeared first on Paubox.
Source: https://www.paubox.com/blog/hipaa-email-api-adt-alerts
1 note
·
View note
Text
Does Infusionsoft offer HIPAA Compliant Email Service?
Table of Contents:
Infusionsoft by Keap
What is a Business Associate?
Business Associate Agreement provisions
InfusionSoft by Keap and the Business Associate Agreement
HIPAA Compliant Email and Infusionsoft by Keap
Does Infusionsoft by Keap offer HIPAA Compliant Email Service?
A customer recently asked us about whether they were able to use Infusionsoft by Keap as a HIPAA compliant email service. We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
Today, we will determine if Infusionsoft by Keap offers HIPAA compliant email service or not.
Infusionsoft by Keap
Infusionsoft by Keap offers a subscription-based, all-in-one sales and marketing SaaS product for small businesses with fewer than 25 employees.
The private company is based in Chandler, Arizona
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.
In the case of Infusionsoft by Keap, it would certainly qualify as a Business Associate if it provides services to Covered Entities.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement must be in place.
A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Infusionsoft and the Business Associate Agreement
We checked the Infusionsoft by Keap site for mention of their ability to sign a Business Associate Agreement.
We found the answer we were looking for on a page called Keap HIPAA Compliance.
“Keap is pleased to announce that our flagship CRM and marketing automation platform may now be used by HIPAA covered entities and business associates to lawfully store, transmit, and otherwise process protected health information (also known as “PHI”).
To satisfy our growing community of healthcare users, Keap offers customers the opportunity to execute our standard Business Associate Agreement (or “BAA”) that satisfies the applicable subcontracting requirements under HIPAA and the HITECH Act.”
HIPAA Compliant Email and Infusionsoft by Keap
Covered Entities are required to take reasonable steps to protect PHI sent from email all the way to the recipient’s inbox. As such, HIPAA compliant email must be transmitted in-motion over the internet with encryption.
It should be noted however, the scope of the Keap Business Associate Agreement protects and encrypts data only at-rest in their platform. In other words, any email sent from their platform is not covered by the Keap BAA.
Read full article: HIPAA Compliant Email
Does Infusionsoft by Keap offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn that a BAA is offered by Keap.
If you are going to send email from their platform that contains PHI however, the Keap BAA does not include coverage for that. You must either find a HIPAA compliant email API provider that integrates with Infusionsoft by Keap or not include PHI in the emails.
Learn more: Sending HIPAA Compliant Email with Infusionsoft
Not sure what to do next? Try Paubox for FREE and make your email HIPAA compliant today.
Start Your Free Trial
The post Does Infusionsoft offer HIPAA Compliant Email Service? appeared first on Paubox.
Source: https://www.paubox.com/blog/infusionsoft-keap-hipaa-compliant-email
2 notes
·
View notes
Text
HIPAA Breach Report for April 2019
The Paubox Breach Report analyzed HIPAA breach reporting submitted to the U.S. Department of Health & Human Services (HHS) in March to analyze the types of breaches of unsecured protected health information (PHI) affecting 500 or more people.
HIPAA Breaches Ranked by People Affected
Top Three Breach Types
Email breaches ranked in first place with 473,114 people’s PHI affected.
Network Server breaches ranked second with PHI of 352,895 people breached.
Other breaches came in third with 28,216 people having their PHI breached.
Bottom Three Breach Types
Electronic Medical Record ranked as the lowest number of people’s PHI being breached in March with 2,200 breaches.
Laptop was the second lowest type of breach as ranked by people affected with 2,739.
Paper/Films was the third lowest type of breach as ranked by people affected with 5,843.
HIPAA Breaches Ranked by Occurrence
The Most Common
Email took the top spot as the most common breach type in March with an 12 reported breaches. Email has taken the top spot in this category for 11 of the past 13 months.
Network Server came in second 7 breaches.
Other and Paper/Films came in tied third with 3 reported breaches each in March.
Takeaways
Email regained the top spot in both categories for this month’s HIPAA Breach report.
Much as it was in 2018, the data clearly shows Email remains the most vulnerable attack vector for HIPAA breaches.
Full Data
Click here to view the raw data (Google Sheets).
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame in March 2019.
Minimize the risk of email getting you on the list with Paubox Encrypted Email.
Start Your Free Trial
The post HIPAA Breach Report for April 2019 appeared first on Paubox.
Source: https://www.paubox.com/blog/hipaa-breach-report-april-2019
2 notes
·
View notes
Text
Is HubSpot HIPAA Compliant?
Table of Contents:
HubSpot
What is a Business Associate?
Business Associate Agreement provisions
HubSpot and the Business Associate Agreement
Does HubSpot offer HIPAA Compliant Service?
A customer recently asked us about whether they were able to use HubSpot in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
Today, we will determine if HubSpot offers HIPAA compliant service or not.
HubSpot
HubSpot is a developer and marketer of software products for inbound marketing and sales. It was founded by Brian Halligan and Dharmesh Shah in 2006.
Its products and services aim to provide tools for social media marketing, content management, web analytics and search engine optimization.
See also: Inbound Marketing (Revised and Updated): Our Takeaways
See also: HubSpot and AWS Meetup: Partnerships, Startups, and HubSpot Ventures
See also: Our Takeaways from The Sales Acceleration Formula
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.
In the case of HubSpot, it would certainly qualify as a Business Associate if it provides services to Covered Entities.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement must be in place.
A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
HubSpot and the Business Associate Agreement
We checked the HubSpot site for mention of their ability to sign a Business Associate Agreement.
We found the answer we were looking for on HubSpot’s Terms of Service page.
The Subscription Service is not designed to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or the Federal Information Security Management Act (FISMA), so you may not use the Subscription Service where your communications would be subject to such laws.
Does HubSpot offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Thanks to their Terms of Service page, we clearly see HubSpot is not in the business of providing HIPAA compliant service.
Not sure what to do next? Try Paubox for FREE and make your email HIPAA compliant today.
Start Your Free Trial
The post Is HubSpot HIPAA Compliant? appeared first on Paubox.
Source: https://www.paubox.com/blog/hubspot-hipaa-compliant
0 notes
Text
Can I use Salesforce Marketing Cloud and be HIPAA Compliant?
Table of Contents:
Salesforce Marketing Cloud
What is a Business Associate?
Business Associate Agreement provisions
Salesforce and the Business Associate Agreement
HIPAA Compliant Email and Salesforce
Does Salesforce Marketing Cloud offer HIPAA Compliant Service?
A customer recently asked us about whether they were able to use Salesforce Marketing Cloud in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
Today, we will determine if Salesforce Marketing Cloud offers HIPAA compliant service or not.
Salesforce Marketing Cloud
Salesforce Marketing Cloud a provider of digital marketing automation and analytics software. It was founded in 2000 under the name ExactTarget.
The company filed for an IPO in 2007, but withdrew its filing two years later and raised $145 million in funding instead. Before it was acquired by Salesforce in 2013, it acquired CoTweet, Pardot, iGoDigital, and Keymail Marketing.
ExactTarget was renamed to Salesforce Marketing Cloud in 2014 after the acquisition.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.
In the case of Salesforce Marketing Cloud, it would certainly qualify as a Business Associate if it provides services to Covered Entities.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement must be in place.
A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Salesforce and the Business Associate Agreement
We checked the Salesforce site for mention of a Business Associate Agreement for their Marketing Cloud solution.
We found the answer we were looking for on the Salesforce HIPAA Compliance page.
We see that Marketing Cloud, along with the following Salesforce solutions, are HIPAA compliant:
Community Cloud
Health Cloud
Heroku
Marketing Cloud – ExactTarget
MuleSoft
Other Lightning Platform Services
Sales Cloud
Service Cloud
HIPAA Compliant Email and Salesforce
Covered Entities are required to take reasonable steps to protect PHI sent from email all the way to the recipient’s inbox. As such, HIPAA compliant email must be transmitted in-motion over the internet with encryption.
It should be noted however, the scope of the Salesforce Marketing Cloud Business Associate Agreement protects and encrypts data only at-rest. In other words, any email sent from their Marketing Cloud is not covered by the Salesforce BAA.
Read full article: HIPAA Compliant Email
Does Salesforce Marketing Cloud offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn that a BAA is offered by Salesforce for Marketing Cloud.
If you are going to send email via Marketing Cloud that contains PHI however, the Salesforce BAA does not include coverage for that. You must either find a HIPAA compliant email API provider that integrates with Salesforce Marketing Cloud or not include PHI in the emails.
Not sure what to do next? Try Paubox for FREE and make your email HIPAA compliant today.
Start Your Free Trial
The post Can I use Salesforce Marketing Cloud and be HIPAA Compliant? appeared first on Paubox.
Source: https://www.paubox.com/blog/salesforce-marketing-cloud-hipaa-compliant
0 notes
Text
Sending HIPAA Compliant Email with InfusionSoft
Last Friday, we got an email from one our customers that began with:
Is there a way to use Paubox and email marketing automation? Hello,
We use Paubox to secure our emails with patients that discuss PHI, and we’re working to automate some of the email communications that we have with patients. We’ve found that solutions like Salesforce and Infusionsoft will sign BAAs and secure PHI that is on the platform, but they have no way of securing the emails that are triggered by the automation campaigns.
Since their office was nearby in San Francisco, I arranged to meet the CEO for coffee later that day.
Email Marketing for Clinical Trials
Here’s what I learned as I got to know the CEO and his startup over coffee:
They are focused in the clinical trials space
They are looking to do complex email marketing campaigns that contain protected health information
Only a few email marketing automation vendors will sign a Business Associate Agreement. InfusionSoft and Salesforce Marketing Cloud are among them.
None of the email marketing vendors that will sign a BAA actually include support for sending HIPAA compliant email
Email Marketing Automation
Put simply, Marketing Automation refers to software that automates marketing actions.
When it comes to Email Marketing Automation, it refers to software and tactics that allow organizations to nurture prospects with highly personalized, useful, timely, email content that helps convert them to customers.
Patient Engagement
In a nutshell, patient engagement is any activity or tool a medical professional can use to engage people and get them involved in their own health care.
In the case of U.S. Healthcare, Email Marketing Automation is nearly non-existent.
Here’s why I think this is so:
Highly personalized, useful content more than likely means protected health information (PHI) is involved
If an email contains PHI, it falls under HIPAA compliance regulations
To open and read a HIPAA compliant email, secure email vendors nearly always introduce an incredible amount of friction (e.g., portals, app downloads, plugins, PGP keys, etc)
Email Marketing is not designed to allow friction. Even the slightest introduction of it will result in the message not even getting opened, let alone read
HIPAA Compliant Email Marketing Automation
With this context in mind, our customer asked me to see if we could figure out how to integrate Paubox with either InfusionSoft or Salesforce Marketing Cloud.
During our Monday staff meeting this week, I learned we recently helped a new customer, Boost Bariatrics, integrate Paubox Secure Email API with InfusionSoft.
Infusionsoft, now known as Keap, offers a subscription-based, all-in-one sales and marketing SaaS product for small businesses with fewer than 25 employees.
Integrating InfusionSoft with Paubox
Based in Texas, Boost Bariatrics helps grow bariatric programs with marketing automation. The reason Boost Bariatrics chose InfusionSoft was because of its ability to create powerful automations and campaigns. They were unable however, to use Infusionsoft to send encrypted, HIPAA compliant emails. Keep in mind, that’s precisely the issue our Clinical Trials customer is facing.
To get Paubox Secure Email API working with InfusionSoft, Boost Bariatrics found an intermediary service called WeDeliver. WeDeliver specializes in allowing InfusionSoft users to send email via third party email services like Paubox.
After signing up for WeDeliver and following their documentation, we worked together with Boost Bariatrics to successfully integrate Paubox SMTP Server API with InfusionSoft, with WeDeliver sitting in the middle of the data exchange.
Try Paubox Secure Email API for FREE and make your transactional email HIPAA compliant today.
Start Your Free Trial
The post Sending HIPAA Compliant Email with InfusionSoft appeared first on Paubox.
Source: https://www.paubox.com/blog/send-hipaa-compliant-email-infusionsoft
0 notes
Text
What are the 3 categories of Covered Entities?
Table of Contents:
What is a Covered Entity?
Who must comply with HIPAA privacy standards?
What is a Business Associate?
What is a Business Associate Agreement?
Is an Employer a Covered Entity under HIPAA?
Is a Pharmacy a Covered Entity?
Is a TPA a Covered Entity?
Are Health Insurance companies Covered Entities?
Are you a Covered Entity?
What is a Covered Entity?
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, covers both individuals and organizations. Those who must comply with HIPAA are referred to as Covered Entities. The 3 categories of HIPAA Covered Entities are:
Health Plans: Health Insurance companies; HMOs (Health Maintenance Organizations); Employer-sponsored health plans; and Government programs that pay for healthcare (Medicare, Medicaid, and military and veterans’ health programs)
Healthcare Clearinghouses: Organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.
Certain Healthcare Providers: Providers who submit HIPAA transactions, like electronic claims. Common examples are Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing homes, and Pharmacies
As you can see from the above, Covered Entities can be institutions, organizations, or persons.
Learn more: Covered Entities [HHS]
Who must comply with HIPAA privacy standards?
By law, the HIPAA Privacy Rule applies only to Covered Entities.
Most Covered Entities however, do not carry out all of their health care activities and functions by themselves. Instead, they often use the services of a variety of other organizations.
If these services involve the use of protected health information, it means that organization is a Business Associate.
In summary, HIPAA compliance regulations apply to both Covered Entities and the Business Associates that serve them.
What is a Business Associate?
A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.
Read full article: What does it mean to be a Business Associate?
What is a Business Associate Agreement?
A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a Business Associate Agreement (BAA).
If you are a covered entity entrusting protected health information to a third party, then a Business Associate Agreement is required by law.
Read full article: Business Associate Agreement Provisions
Is an Employer a Covered Entity under HIPAA?
If an employer provides any of the following to their employees, they are considered a Covered Entity:
Self-funded or self-administered health insurance benefits to their employees
Certain wellness programs
Employee assistance programs
Medical reimbursement accounts
On-site clinics (if operated by the employer)
Here’s another important distinction: If an employer receives protected health information while performing services for a Covered Entity or Business Associate, the employer is then itself considered a Business Associate.
Is a Pharmacy a Covered Entity?
Yes, pharmacies are classified as Healthcare providers under HIPAA.
Healthcare providers are one of the three categories of Covered Entities.
Is a TPA a Covered Entity?
A TPA, or Third Party Administrator, is typically a company that processes insurance claims and employee benefit plans for a separate entity.
According to HHS, the answer is no, TPAs are not considered Covered Entities. A TPA may however, be classified as a business associate instead.
As a caveat, if a TPA also provides other services like group health insurance, it then meets the definition of a Covered Entity.
Are Health Insurance companies Covered Entities?
Yes, Health Insurance companies are classified as Health Plans under HIPAA.
Health Plans are one of the three categories of Covered Entities.
Are you a Covered Entity?
Not sure if you’re a Covered Entity? The Center for Medicare and Medicaid Services (CMS) put out a useful pdf flowchart called the Covered Entity Guidance tool.
To determine if a person, business, or government agency is a Covered Entity, answer the questions in the guidance tool. If you are uncertain about which set of questions applies, answer all of them.
The post What are the 3 categories of Covered Entities? appeared first on Paubox.
Source: https://www.paubox.com/blog/3-categories-covered-entities-hipaa
0 notes
Text
How to Ensure Your Employees Aren’t a Threat to HIPAA Compliance
Written by Adnan Raja, Vice President of Marketing for Atlantic.Net
HIPAA compliance entered the public eye in 1996 when the Health Insurance Portability and Accountability Act was passed. For organizations dealing with any facet of healthcare, it revolves around the protection of private information of patients. Any health information stored, accessed, or transmitted electronically falls under this protection. Penalties for violating HIPAA compliance come in many shapes. Monetary fines start as low as $100 for each violation and reaching as high as $1.5 million.
The punishment does not stop at a company’s pocketbook, however. More severe violations can result in jail time up to five years. Since HIPAA violations are made public record, failing to comply will cost your organization dearly in brand trust and the ability to land future clients as well as quality employees.
When HIPAA non-compliance occurs, it is often because of mistakes or a lack of knowledge of company employees and is done accidentally, without malice. Regardless of how it occurs, organizations must install the proper protocol to get violations down to a rate of zero. The best way to do this is to combine best practices with recurring training to ensure employees not only understand what needs to happen to ensure HIPAA compliance but also grasp the importance of it, to the organization and most importantly the patients.
Getting employees to value these higher concepts takes leadership, time, and training. A combination of educational guidance and technological mandates is the key to keeping your employees on the right side of the HIPAA compliance line.
Educating Employees on HIPAA
Every employee at every company has gone through some sort of education course prior to beginning work. But HIPAA compliance goes far beyond a one-time onboarding training package. It’s not something you pick up in a three-hour module spread out over the course of your first week on the job.
Experts will tell you that the real flaw in HIPAA training is a lack of passion from the course instructors. If the leaders of an organization, or a third party they hire to train staff in HIPAA compliance, cannot connect with employees and get them fundamentally connected to the task at hand, retention rates are bound to suffer.
A key is to make training sessions more interactive and present employees with real-life scenarios rather than written quizzes. While people learn in different ways, having employees engage in role play guarantees a level of interaction that can be more specifically remembered than words on a screen.
Of equal importance is the timing of the HIPAA compliance training. Once a year is not nearly frequent enough to meet the challenges of keeping compliance rules fresh in one’s mind. Training needs to happen at least once per quarter or when new rules and regulations come online, whichever happens in a shorter time period.
Ultimately, HIPAA compliance education is a true test of an organization’s leadership. Great leadership does not eliminate the possibility of non-compliance, but poor leadership will invariably lead to it at some point down the line.
HIPAA Technology Concerns
The exponential growth of technology is both a blessing and a curse to those working in the medical industry. New innovations are connecting doctors and research like never before, and breakthroughs are happening in real-time. But the advance of technology also exposes more gaps for patient information to be mishandled, exposed or stolen. Constant vigilance and adherence to set policies are imperative to maintain HIPAA compliance in the digital era. There are five basic tenets of this stance that require guiding policies and procedures to ensure they do not become leaks in an organization’s HIPAA security system.
Author and maintain a strict policy on work-issued mobile devices. The convenience of laptops, tablets, and smartphones is tempered by them being a bit too convenient in instances when they are lost or not shut down properly. Leadership must establish precise boundaries for where the devices can be taken, who can use them, what the procedure is when leaving them unattended, and more.
Enforce company policy about social media. The average employee seldom has restrictions on posting information or photos from their office. The opposite must be enforced for businesses practicing HIPAA compliance. No information should ever be posted to social media or blogs, and photos are risky because most can be enlarged to show background elements such as files, paper, or screens.
Never use personal email or IM accounts to transmit information that is work-related. All transmissions of protected documents should be through wire-to-wire encryption. Imagine your doctor telling you that he tried to send your test results through or SnapChat. Impress on employees how important the right channels are. Anything that’s not 100% approved should be traded as a major violation.
No sharing of credentials for access-controlled systems including cloud-based work environments. As prior attacks have shown us, the cloud is not always as safe as its proponents would have you believe. Every individual must have his or her own entry point into the system to ensure they are using the system precisely as they are intended to. Independent audits are a great way to ensure everything is proceeding as it should.
Beware of using screens to highlight patient information as they can be viewed by other patients, non-authorized staff, etc. The devil is in the details sometimes. Big display monitors might make your doctors and nurses’ jobs a lot easier, but if they’re making patient data visible to untrained staff members and other patients, you’re going to fall out of compliance. Patient privacy must supersede everything.
Conclusion
Technology has had a transcendent effect on healthcare in recent years but has also increased the number of ways that HIPAA compliance can be threatened. Healthcare industry leaders must be cognizant at all times of how technology is being used by their employees to ensure no violations are taking place. HIPAA compliance education is also vital to keep organizations from being cited for violations. Planned, passionate training sessions should be considered best practices.
The post How to Ensure Your Employees Aren’t a Threat to HIPAA Compliance appeared first on Paubox.
Source: https://www.paubox.com/blog/how-to-ensure-your-employees-arent-a-threat-to-hipaa-compliance
0 notes
Text
What does it mean to be a Business Associate?
Table of Contents:
What is a Business Associate?
Role of a Business Associate
Are employees of a Covered Entity considered Business Associates?
Is it possible to be both a Covered Entity and a Business Associate?
Purpose of a Business Associate Agreement
Do Business Associate Agreements expire?
What is a Business Associate?
Simply put, a Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity. By law, the HIPAA Privacy Rule applies only to Covered Entities. Covered Entities are typically health plans, health care clearinghouses, and certain health care providers.
Most Covered Entities however, do not carry out all of their health care activities and functions by themselves. Instead, they often use the services of a variety of other organizations.
If these services involve the use of protected health information, that means that organization is a Business Associate.
Learn more: Business Associates [HHS]
What is the Role of a Business Associate?
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.
Here are some examples of services provided by Business Associates:
Claims processing or administration
Data analysis, processing or administration
Utilization review
Quality assurance
Billing
Email security
Benefit management
Practice management
Repricing
Are employees of a Covered Entity considered Business Associates?
No. Employees of a Covered Entity are not considered Business Associates.
Is it possible to be both a Covered Entity and a Business Associate?
Yes, it is possible to be classified as both a Covered Entity and a Business Associate.
For example, a covered entity such as a health care provider, health plan, or health care clearinghouse can also be a business associate of another covered entity.
What is the purpose of a Business Associate Agreement?
A Business Associate Agreement is a written contract between a covered entity and a Business Associate. It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a Business Associate Agreement (BAA).
Read full article: Business Associate Agreement Provisions
If you are a covered entity entrusting protected health information to a third party, then a Business Associate Agreement is required by law.
Do Business Associate Agreements expire?
A Business Associate Agreement (BAA) is required to be in place for the entire duration of services provided by a Business Associate to a Covered Entity.
If a BAA has an expiration date in it, that’s a red flag and is the same as not having one at all.
The post What does it mean to be a Business Associate? appeared first on Paubox.
Source: https://www.paubox.com/blog/what-does-business-associate-mean
0 notes
Text
Integrating Secure Email with Adobe Experience Manager (AEM) Forms
A prospect reached out to us this week regarding the possibility of integrating our Secure Email API with Adobe Experience Manager (AEM) Forms.
This post is about how to integrate Paubox Secure Email API with AEM Forms.
SEE ALSO: Integrating Adobe Campaign Classic with Paubox Email API
Adobe Experience Cloud (AEC)
The Adobe Experience Cloud (AEC) is a collection of integrated online marketing and web analytics products. Adobe’s aim is to create a single integrated solution for Customer Experience Management (CXM).
AEC was previously known as the Adobe Marketing Cloud (AMC).
Adobe Experience Cloud includes the following eight solutions:
Adobe Analytics
Adobe Audience Manager
Adobe Experience Manager
Adobe Campaign
Adobe Advertising
Adobe Target
Adobe Commerce Cloud
Marketo Engage
Adobe Experience Manager (AEM) Forms
Adobe Experience Manager Forms, or AEM Forms, is itself a component of Adobe Experience Manager.
AEM Forms is marketed as an easy-to-use solution to create, manage, publish, and update complex digital forms while integrating with back-end processes, business rules, and data.
Integrating Secure Email with AEM Forms
In the case of the prospect we spoke to, they had a special business requirement for AEM Forms: They needed to have the form data sent via secure email.
Due to the fact they are affiliated with the healthcare industry, the form data will contain protected health information (PHI). As we’ve discussed at length, the presence of PHI in an email means that message must be HIPAA compliant.
After some research, we found a way to integrate Paubox Secure Email API with Adobe Experience Manager 6.4 Forms, which appears to be an on-premise solution.
As of this writing, it is assumed the same configuration options are available with AEM Forms, which is a cloud-based service. We were not able to access a demo version of AEM Forms, nor were we able to find any configuration options for it.
Here’s how to do it:
Part I: Sign up for Paubox Email API
The recommended solution for configuring AEM Forms with the Paubox Secure Email API is to use the SMTP Server option.
Click here to get started
Part II: Configure Adobe Experience Manager Forms
Once you have your Paubox Secure Email API credentials in place, you will next configure AEM Forms to send secure email via Paubox.
This is accomplished by configuring the Day CQ Mail Service. This can be done by pointing your browser to Felix Configuration Manager (this link points to localhost).
Using the above screenshot as guidance, adjust the following settings:
SMTP server host name: api.paubox.com
SMTP server port: 25
SMTP user: [yourusername]@api.paubox.com
SMTP password: [assigned to you upon signing up for Paubox]
SMTP use SSL: [this box must be checked]
To complete the configuration, click Save.
Congratulations! You are now ready to send secure email from Adobe Experience Manager Forms via the Paubox Secure Email API.
Try Paubox Secure Email API for FREE and make your transactional email HIPAA compliant today.
Start Your Free Trial
The post Integrating Secure Email with Adobe Experience Manager (AEM) Forms appeared first on Paubox.
Source: https://www.paubox.com/blog/secure-email-adobe-experience-manager-forms
0 notes
Text
Balancing Mobility With End User Security | Paubox SECURE 2019
Last Friday we held Paubox SECURE 2019 in San Francisco
The 2nd Annual SECURE was a half day conference at Bespoke Events
The third panel was, “Balancing Mobility With End User Security” (moderated by Paubox CMO, Rick Kuwahara)
SEE ALSO: Free Spam Musubi for the First 100 Attendees – Paubox SECURE
Its panelists were:
Deborah Muro, CIO | El Camino Hospital As the CIO Leader for El Camino Hospital, Deborah Muro has a passion for transforming and improving patient care through the realization of innovative capabilities. With more than 25 years of combined nursing, clinical, healthcare and technology experience, Deborah has held various healthcare IT management positions focused on technology solutions and best practices.
Prior to joining El Camino Hospital, she served in Executive level positions for multiple health care organizations leading large enterprise-wide technology implementations. In her current role at El Camino, she is responsible for leading the technology strategy and re-defining the delivery of technology services and products to meet today’s unique healthcare environment.
Deborah holds a Bachelor in Science in Nursing Degree from Baylor University and a Master of Science Degree in Human Relations and Business from Amber University. In 2012, Deborah was nominated as a Finalist for the Iowa Technology Association “Women of Innovation Award.” Deborah was identified by Becker’s Healthcare as one of the “100 Community Hospital CIOs to Know” for both 2017 and 2018.
Ramki Pillai, Director, Healthcare Risk Assurance | Coalfire Ramki has over 15 years of experience in information security consulting with the past 6 years focused on healthcare IT and medical device security. He has handled technical and leadership roles at Cisco’s security consulting team and later healthcare consulting team supporting global clients. He specializes in security assessment framework, risk analysis and enterprise risk management.
Ramki now leads Coalfire’s Healthcare Risk practice, supporting healthcare clients managing their security risk. His team offers security program development, risk assessments, HITRUST certification, HIPAA compliance, SOC and Pen Testing services to covered entities and their business associates. Ramki is also a member of multiple tasks groups under Healthcare and Public Health Sector Coordinating Council.
When not working or spending time with family, Ramki spends time extending his business skills at University of Illinois at Urbana Champaign.
Insightful Tweets
#DeborahMuro from @elcaminohosp says the driving force for adopting technology in healthcare is to reduce costs and increase efficiency. But the true north is the patient expereince. #PauboxSECURE
#DeborahMuro from @elcaminohosp says the driving force for adopting technology in healthcare is to reduce costs and increase efficiency. But the true north is the patient expereince. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“At what point is it creepy? When all I want to know is the wait times at the ER.” – Attendee asking a question to #DeborahMuro of @elcaminohosp on apps, the need to login, data gathering. In context of the patient journey. #PauboxSECURE
"At what point is it creepy? When all I want to know is the wait times at the ER." – Attendee asking a question to #DeborahMuro of @elcaminohosp on apps, the need to login, data gathering. In context of the patient journey. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
@BeyondllcCEO sharing her thoughts on healthcare IT Security #PauboxSECURE
@BeyondllcCEO sharing her thoughts on healthcare IT Security #PauboxSECURE pic.twitter.com/0rVc7eORoY
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#DeborahMuro of @elcaminohosp says that the future is having a “genius bar” just like the @Apple Store integrated into the healthcare setting to wrap technology around the patient experience. One hospital already has that. #PauboxSECURE
#DeborahMuro of @elcaminohosp says that the future is having a "genius bar" just like the @Apple Store integrated into the healthcare setting to wrap technology around the patient experience. One hospital already has that. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“Physicans want things easy. So the ‘why’ is always important.” – #DeborahMuro of @elcaminohosp on how to build a security culture in healthcare. #PauboxSECURE
"Physicans want things easy. So the 'why' is always important." – #DeborahMuro of @elcaminohosp on how to build a security culture in healthcare. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
MFA has helped keep us out of trouble – Deb Muro, @elcaminohosp #PauboxSECURE
MFA has helped keep us out of trouble – Deb Muro, @elcaminohosp #PauboxSECURE pic.twitter.com/vz9NPLODvU
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
“Patient treatment is at the front. Security training is way at the back.” – @RamkiCMC of @CoalfireSys emphasizes the importance of end users understanding the security implications of their actions, and building the security culture in the healthcare setting. #PauboxSECURE
"Patient treatment is at the front. Security training is way at the back." – @RamkiCMC of @CoalfireSys emphasizes the importance of end users understanding the security implications of their actions, and building the security culture in the healthcare setting. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
#DeborahMuro of @elcaminohosp says that the 2 things that have helped the most are the cloud, and 2-factor authentication. #PauboxSECURE
#DeborahMuro of @elcaminohosp says that the 2 things that have helped the most are the cloud, and 2-factor authentication. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“It’s ‘Bring Your Own Screen’, not ‘Bring Your Own Device.’” – @RamkiCMC of @CoalfireSys. #PauboxSECURE
"It's 'Bring Your Own Screen', not 'Bring Your Own Device.'" – @RamkiCMC of @CoalfireSys. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
#DeborahMuro of @elcaminohosp says that a current risk right now is staff checking their personal email on devices and the need to protect private information and manage the risk. #BYOD #PauboxSECURE
#DeborahMuro of @elcaminohosp says that a current risk right now is staff checking their personal email on devices and the need to protect private information and manage the risk. #BYOD #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“If you don’t make it easy for your user, they will do it anyway.” – @RamkiCMC of @CoalfireSys on tech security and risk in #healthcare. #PauboxSECURE
"If you don't make it easy for your user, they will do it anyway." – @RamkiCMC of @CoalfireSys on tech security and risk in #healthcare. #PauboxSECURE https://t.co/VMyYPYRRJD
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
I have a whole host of issues with BYOD – Deb Muro #PauboxSECURE
I have a whole host of issues with BYOD – Deb Muro #PauboxSECURE pic.twitter.com/OGohDd1fqc
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
Losing an unencrypted laptop is one of the key areas of recent breaches – Ramki Pillai #PauboxSECURE
Losing an unencrypted laptop is one of the key areas of recent breaches – Ramki Pillai #PauboxSECURE pic.twitter.com/u4Nm099Gkv
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
The post Balancing Mobility With End User Security | Paubox SECURE 2019 appeared first on Paubox.
Source: https://www.paubox.com/blog/balancing-mobility-end-user-security
0 notes
Text
Vetting Your Vendors: Certifications & HIPAA Compliance | Paubox SECURE 2019
Last Friday we held Paubox SECURE 2019 in San Francisco
The 2nd Annual SECURE was a half day conference at Bespoke Events
The second panel was called, “Vetting Your Vendors: Certifications & HIPAA Compliance” (moderated by Paubox CMO, Rick Kuwahara)
SEE ALSO: Free Spam Musubi for the First 100 Attendees – Paubox SECURE
Its panelists were: Michael Parisi, Vice President – Assurance Strategy & Community Development | HITRUST Michael Parisi has led over 500 controls-related engagements primarily in the healthcare and financial services industries. He has extensive experience with third-party assurance reporting including HITRUST readiness, HITRUST certification, SOC 1, SOC 2, SOC 3, Agreed Upon Procedure and customized AT-101 engagements.
He also has several years’ experience implementing large Oracle ERP systems specializing in the General Ledger and Governance Risk and Compliance modules. He has extensive knowledge of financial reporting and regulatory standards through his external audit and consulting experience, including Sarbanes Oxley, HIPAA, NIST, CMS and state specific standards.
Michael holds a Bachelor of Science in Accounting, a Bachelor of Science in Computer Information Systems and an MBA from Quinnipiac University. He is an active member of ISACA and IAPP.
Nick John, Data Privacy Officer | Redox Nick started his 14 year digital health career working at Epic as the Director for Interface Implementation. After eleven years, he made the move to working for digital health startups. His first startup role was leading the Customer Success Team at Bright.md, a clinic visit automation company.
Nick now serves as the Data Privacy Officer at Redox, a healthcare data integration platform. Nick has built Redox’s security program from the ground up, and has led the company through both HITRUST and SOC2 audits.
When not at the office, you’ll find Nick climbing mountains, swimming in the river, or on stage with his performance company Tempos Contemporary Circus.
Insightful Tweets
It goes back to the adage: “Trust, but verify.” – #MichaelParisi @HITRUST #PauboxSECURE
It goes back to the adage: "Trust, but verify." – #MichaelParisi @HITRUST #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“We’re all in this together.” – Nick John of @redox on Healthcare IT Security #PauboxSECURE
“We’re all in this together.” – Nick John of @redox on Healthcare IT Security #PauboxSECURE pic.twitter.com/OwuCouwvJe
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
“We’re all fighting the same enemy. So it behooves us to have transparency.” – #NickJohn @Redox. #PauboxSECURE
"We're all fighting the same enemy. So it behooves us to have transparency." – #NickJohn @Redox. #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“I think it’s important to understand the level of integrity behind a certification.” Mike Parisi @HITRUST #PauboxSECURE
“I think it’s important to understand the level of integrity behind a certification.” Mike Parisi @HITRUST #PauboxSECURE pic.twitter.com/pC1aIfxCSd
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
“One of my initiatives is to be data-driven around risk management.” Nick John @Redox #PauboxSECURE
“One of my initiatives is to be data-driven around risk management.” Nick John @Redox #PauboxSECURE pic.twitter.com/LLgqVUNsTs
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#MichaelParisi of @HITRUST says that soon the question to ask when selecting doctors will be “Are they secure?” instead of “Are they in-network?”. #PauboxSECURE
#MichaelParisi of @HITRUST says that soon the question to ask when selecting doctors will be "Are they secure?" instead of "Are they in-network?". #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
We take preference to vendors with SOC II and HITRUST- Nick John @Redox #pauboxsecure
We take preference to vendors with SOC II and HITRUST- Nick John @Redox #pauboxsecure pic.twitter.com/RS3nfrkhNZ
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#MichaelParisi @HITRUST introduces the philosophical approach to trust and presents a key question: “If I trust them, will they harm me?” #PauboxSECURE
#MichaelParisi @HITRUST introduces the philosophical approach to trust and presents a key question: "If I trust them, will they harm me?" #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
75% of breaches are linked back to a third party – Mike Parisi @HITRUST #pauboxsecure
75% of breaches are linked back to a third party – Mike Parisi @HITRUST #pauboxsecure pic.twitter.com/s7DIfLs7A0
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
Evaluating risk comes down transparency – Mike Parisi @HITRUST #pauboxsecure
Evaluating risk comes down transparency – Mike Parisi @HITRUST #pauboxsecure pic.twitter.com/YcD63mNGJg
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#NickJohn of @Redox recommends combining 2 methods to evaluate a vendor: seeing their recent tests + their certifications. #PauboxSECURE
#NickJohn of @Redox recommends combining 2 methods to evaluate a vendor: seeing their recent tests + their certifications. #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
Here at #PauboxSECURE, #MichaelParisi of @HITRUST has just talked about his good friend @sean_martin and @ITSPmagazine and their focus on “the intersection of technology and society.”!
Here at #PauboxSECURE, #MichaelParisi of @HITRUST has just talked about his good friend @sean_martin and @ITSPmagazine and their focus on "the intersection of technology and society."! https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
On evaluating a vendor: “It all starts with trust.” – #NickJohn @Redox #PauboxSECURE
On evaluating a vendor: "It all starts with trust." – #NickJohn @Redox #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
The post Vetting Your Vendors: Certifications & HIPAA Compliance | Paubox SECURE 2019 appeared first on Paubox.
Source: https://www.paubox.com/blog/vetting-vendors-certifications-hipaa-compliance
0 notes
Text
Vetting Your Vendors: Certifications & HIPAA Compliance | Paubox SECURE 2019
Last Friday we held Paubox SECURE 2019 in San Francisco
The 2nd Annual SECURE was a half day conference at Bespoke Events
The second panel was called, “Vetting Your Vendors: Certifications & HIPAA Compliance” (moderated by Paubox CMO, Rick Kuwahara)
SEE ALSO: Free Spam Musubi for the First 100 Attendees – Paubox SECURE
Its panelists were: Michael Parisi, Vice President – Assurance Strategy & Community Development | HITRUST Michael Parisi has led over 500 controls-related engagements primarily in the healthcare and financial services industries. He has extensive experience with third-party assurance reporting including HITRUST readiness, HITRUST certification, SOC 1, SOC 2, SOC 3, Agreed Upon Procedure and customized AT-101 engagements.
He also has several years’ experience implementing large Oracle ERP systems specializing in the General Ledger and Governance Risk and Compliance modules. He has extensive knowledge of financial reporting and regulatory standards through his external audit and consulting experience, including Sarbanes Oxley, HIPAA, NIST, CMS and state specific standards.
Michael holds a Bachelor of Science in Accounting, a Bachelor of Science in Computer Information Systems and an MBA from Quinnipiac University. He is an active member of ISACA and IAPP.
Nick John, Data Privacy Officer | Redox Nick started his 14 year digital health career working at Epic as the Director for Interface Implementation. After eleven years, he made the move to working for digital health startups. His first startup role was leading the Customer Success Team at Bright.md, a clinic visit automation company.
Nick now serves as the Data Privacy Officer at Redox, a healthcare data integration platform. Nick has built Redox’s security program from the ground up, and has led the company through both HITRUST and SOC2 audits.
When not at the office, you’ll find Nick climbing mountains, swimming in the river, or on stage with his performance company Tempos Contemporary Circus.
Insightful Tweets
It goes back to the adage: “Trust, but verify.” – #MichaelParisi @HITRUST #PauboxSECURE
It goes back to the adage: "Trust, but verify." – #MichaelParisi @HITRUST #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“We’re all in this together.” – Nick John of @redox on Healthcare IT Security #PauboxSECURE
“We’re all in this together.” – Nick John of @redox on Healthcare IT Security #PauboxSECURE pic.twitter.com/OwuCouwvJe
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
“We’re all fighting the same enemy. So it behooves us to have transparency.” – #NickJohn @Redox. #PauboxSECURE
"We're all fighting the same enemy. So it behooves us to have transparency." – #NickJohn @Redox. #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“I think it’s important to understand the level of integrity behind a certification.” Mike Parisi @HITRUST #PauboxSECURE
“I think it’s important to understand the level of integrity behind a certification.” Mike Parisi @HITRUST #PauboxSECURE pic.twitter.com/pC1aIfxCSd
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
“One of my initiatives is to be data-driven around risk management.” Nick John @Redox #PauboxSECURE
“One of my initiatives is to be data-driven around risk management.” Nick John @Redox #PauboxSECURE pic.twitter.com/LLgqVUNsTs
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#MichaelParisi of @HITRUST says that soon the question to ask when selecting doctors will be “Are they secure?” instead of “Are they in-network?”. #PauboxSECURE
#MichaelParisi of @HITRUST says that soon the question to ask when selecting doctors will be "Are they secure?" instead of "Are they in-network?". #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
We take preference to vendors with SOC II and HITRUST- Nick John @Redox #pauboxsecure
We take preference to vendors with SOC II and HITRUST- Nick John @Redox #pauboxsecure pic.twitter.com/RS3nfrkhNZ
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#MichaelParisi @HITRUST introduces the philosophical approach to trust and presents a key question: “If I trust them, will they harm me?” #PauboxSECURE
#MichaelParisi @HITRUST introduces the philosophical approach to trust and presents a key question: "If I trust them, will they harm me?" #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
75% of breaches are linked back to a third party – Mike Parisi @HITRUST #pauboxsecure
75% of breaches are linked back to a third party – Mike Parisi @HITRUST #pauboxsecure pic.twitter.com/s7DIfLs7A0
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
Evaluating risk comes down transparency – Mike Parisi @HITRUST #pauboxsecure
Evaluating risk comes down transparency – Mike Parisi @HITRUST #pauboxsecure pic.twitter.com/YcD63mNGJg
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#NickJohn of @Redox recommends combining 2 methods to evaluate a vendor: seeing their recent tests + their certifications. #PauboxSECURE
#NickJohn of @Redox recommends combining 2 methods to evaluate a vendor: seeing their recent tests + their certifications. #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
Here at #PauboxSECURE, #MichaelParisi of @HITRUST has just talked about his good friend @sean_martin and @ITSPmagazine and their focus on “the intersection of technology and society.”!
Here at #PauboxSECURE, #MichaelParisi of @HITRUST has just talked about his good friend @sean_martin and @ITSPmagazine and their focus on "the intersection of technology and society."! https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
On evaluating a vendor: “It all starts with trust.” – #NickJohn @Redox #PauboxSECURE
On evaluating a vendor: "It all starts with trust." – #NickJohn @Redox #PauboxSECURE https://t.co/8qBj9eYMwf
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
The post Vetting Your Vendors: Certifications & HIPAA Compliance | Paubox SECURE 2019 appeared first on Paubox.
Source: https://www.paubox.com/blog/vetting-vendors-certifications-hipaa-compliance
0 notes
Text
Creating The Perfect Healthcare IT Security Stack: Paubox SECURE 2019
Last Friday we held Paubox SECURE 2019 in San Francisco
The 2nd Annual SECURE was a half day conference at Bespoke Events
The first panel was called, “Creating The Perfect Healthcare IT Security Stack” (moderated by Paubox CMO, Rick Kuwahara)
SEE ALSO: Free Spam Musubi for the First 100 Attendees – Paubox SECURE
Its panelists were: Christine Sublett, President & Principal Consultant | Sublett Consulting Christine is a security and cyber protection professional with over 25 years in the healthcare technology industry. Proficient in providing technical consultancy and advisory services to digital health and medical device startup organizations, Christine delivers comprehensive advice on the implementation and development of security and information protection programs and initiatives, and works with Boards and Executive teams to define cost efficient and practical security and privacy strategy.
As President & Consultant, she holds board cybersecurity advisory roles with several leading digital health companies, El Camino Hospital Board of Director’s Privacy, Compliance & Audit Committee, and has had several companies she advised acquired by companies such as Apple, Salesforce, Intuit and Kareo.
Prior to establishing her own company, Christine served in a variety of senior executive Security, Privacy, and Technology roles with healthcare entities including Lucile Packard Children’s Hospital/Stanford Children’s Hospital. She was also selected in 2016 to participate on the HHS Healthcare Industry Cybersecurity Task Force to provide recommendations to Congress on healthcare cybersecurity.
Raj Tiwari, Chief Architect | Health Fidelity Raj is an entrepreneur CTO who advises companies on technology architecture and strategy. Through his team at WebShar Raj has helped multiple startups seed and grow their technology teams. Raj was the founding engineer at Health Fidelity. At Health Fidelity Raj had the opportunity to work with cutting-edge technology that has a meaningful impact on healthcare. Raj oversaw the technical strategy and direction for Health Fidelity while applying clinical Natural Language Processing and Machine learning on modern web-scale data architectures to solve the toughest challenges of health data.
Raj has an extensive background in delivering safe, reliable and highly available SaaS products as part of his leadership roles at UPEK Inc. (now part of Apple) and Nuance Communications.
He has an MS from Oregon Health & Science University and a BS from Indian Institute of Technology, Bombay in Electrical Engineering.
Insightful Tweets
“There is no perfect security.” – #RajTiwari #PauboxSECURE
"There is no perfect security." – #RajTiwari #PauboxSECURE https://t.co/IURWaHOq5T
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“The stage of a company does not equate to the maturity of the company.” – @sublettconsult #PauboxSECURE
"The stage of a company does not equate to the maturity of the company." – @sublettconsult #PauboxSECURE https://t.co/IURWaHOq5T
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
“Agile is not incompatible with strategic planning.” Raj Tiwari #pauboxsecure
“Agile is not incompatible with strategic planning.” Raj Tiwari #pauboxsecure pic.twitter.com/Y1DihHBLG9
— Hoala Greevy (@HoalaGreevy) March 29, 2019
https://platform.twitter.com/widgets.js
#RajTiwari says that startups begin with the #HierarchyOfNeeds, and security is not often at the top. #PauboxSECURE.
#RajTiwari says that startups begin with the #HierarchyOfNeeds, and security is not often at the top. #PauboxSECURE. https://t.co/IURWaHOq5T
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
@sublettconsult encourages everyone to review the @DHSgov document published in January of this year on #healthcare and #medicaldevice #cybersecurity. Familiarize yourself with the questions you should be asking before embarking on any technology in healthcare. #PauboxSECURE
.@sublettconsult encourages everyone to review the @DHSgov document published in January of this year on #healthcare and #medicaldevice #cybersecurity. Familiarize yourself with the questions you should be asking before embarking on any technology in healthcare. #PauboxSECURE https://t.co/IURWaHOq5T
— Ryan K. Louie, MD, PhD (@ryanlouie) March 29, 2019
https://platform.twitter.com/widgets.js
The post Creating The Perfect Healthcare IT Security Stack: Paubox SECURE 2019 appeared first on Paubox.
Source: https://www.paubox.com/blog/perfect-healthcare-security-stack
0 notes
Text
Serving 481 Meals at GLIDE Church
Eight of us walked over to GLIDE Church after work to help serve dinner to San Francisco’s needy
We helped serve 481 meals
Community Service is a part of our 2019 V2MOM
On Thursday, eight of us walked a few blocks to GLIDE Church to serve dinner to San Francisco’s needy. Our first community service event of 2019 was organized by Peter Kirsheman, our Director of Customer Success.
We hadn’t done a community service event since we passed out 1,000 spam musubi on Market Street for Christmas. It felt like we were overdue to do something for the community.
I figured doing an event the day before our 2nd Annual Paubox SECURE conference would be great timing.
It was my first time volunteering at GLIDE, I had a lot of fun, and I’m looking forward to our next one there.
Enjoy the pics!
GLIDE Church is about a 10 minute walk from our office
Getting ready to serve: Gloves, aprons, and hairnets
Evan Fitzgerald pretending to know what he’s doing around a garbage compactor
Hoff about to get dialed in
Getting a picture with John and the GLIDE logo
GLIDE Church
GLIDE is a social justice movement, social service provider and spiritual community dedicated to strengthening communities and transforming lives.
Located in San Francisco’s culturally vibrant but poverty-stricken Tenderloin neighborhood, GLIDE addresses the needs of, and advocates for, the most vulnerable and marginalized individuals and families.
Their Daily Free Meal program provides three nutritious meals a day, 364 days a year, to the city’s poor, homeless and hungry.
The post Serving 481 Meals at GLIDE Church appeared first on Paubox.
Source: https://www.paubox.com/blog/serving-meals-glide-church
0 notes
Text
Announcing the Paubox Kahikina Scholarship
As part of our 2nd Annual Paubox SECURE conference today, we are proud to announce the creation of the Paubox Kahikina Scholarship.
The Kahikina Scholarship was developed to encourage more Native Hawaiians to be involved in computer science and technology.
I was awarded a similar scholarship when I was in college and have always appreciated how that helped me on my journey. Although that scholarship program (Native Hawaiian Higher Education Program) has since dissolved, I’m honored to be able to pass on the giving to the next generation of tech leaders.
The scholarship program awards the recipient:
$1,000 per academic year from Paubox, Inc.
The scholarship is recurring up to five (5) years. In other words, the $1,000 award will be available to the recipient each year until they graduate.
The recipient is free to spend the funds as they wish.
Winners are selected based on:
Native Hawaiian preference.
An interest in computer science or technology.
Enrolled in an accredited college or university.
At Paubox, we believe it’s our job as industry leaders to give back and I’m so happy to be able to do that with the Kahikina Scholarship.
I’m also pleased to announce our inaugural winner – Nick Wong, originally from Nuuanu, Oahu and currently a freshman studying computer science at UC Berkeley.
“I decided to attend school in The Bay to one day become CEO of a technology company,” said Nick. “Working at the intersection of my native culture and cutting-edge technology, I dream of being able to uplift the communities that have uplifted me while solving the world’s largest problems.
With this scholarship, Paubox has invested in the next generation of value-centric entrepreneurs, and has allowed me to remain at Cal for the duration of my undergraduate studies.”
Origin of the Name
Mothers Day 2007, Kaimana Beach Hotel
The Kahikina Scholarship is named after my tutu, Mabel Kahikina Mansfield (Pohina).
She did not have the opportunity to go to university and I was her first grandchild to graduate with a college degree. As my mom reminded me last week, I was the apple of her eye.
In addition, there is considerable mana, or power, behind the name Kahikina. I encourage all Kahikina Scholarship recipients to discover this on their own, as part of their college journey.
Guidance, Feedback, and Support
Uncle Danny Kahikina Akaka, myself, and U.S. Senator Daniel Kahikina Akaka – 4 September 2012
Mahalo to the following for their guidance, feedback, and support:
My mom
Uncle Bobby (Unx)
Aunty Pam Hirabara
Uncle Danny and Aunty Anna Akaka
Kaleihikina Akaka
Kyle Chock
Nani Espinda
Chenoa Farnsworth
Jackie Funasaki
Forest Frizzell
Hawaii Chamber of Commerce of Northern California
Daryl Higashi
Hilopa’a Family to Family Inc.
Siana Austin Hunt
Blaine Kahoonei
Robert Kay
Donavan Kealoha
Lisa Lerud
Dean Levitt
Dee Jay Mailer
Eric Nakagawa
Ryan Ozawa
Mike Parisi
Leolinda Parlin
Ikaika Sheehan
Drew Sechrist
Miki Tomita
Traven Watase
Nick Wong
Congratulations, Nick!
@nickwongio @Activitr @rechung swag picked up pic.twitter.com/qFHinfZjF0
— Hoala Greevy (@HoalaGreevy) November 16, 2018
https://platform.twitter.com/widgets.js
The post Announcing the Paubox Kahikina Scholarship appeared first on Paubox.
Source: https://www.paubox.com/blog/announcing-paubox-kahikina-scholarship
0 notes
Text
Paubox SECURE preview: Fireside Chat with Ari Tulla
When I last sat down for a chat with Ari Tulla, it was a year ago in the BetterDoctor office in San Francisco. We talked about his thoughts on use of the word “pilot,” tips on proper strategy execution, and even The Mix Tape of Happiness.
A lot has changed since then.
For starters, BetterDoctor was acquired by Quest Analytics last June and Ari was named CEO of the resulting company.
How was the merger? What’s life like now? I’m curious myself to know these things.
In addition, when we did a prep call with Ari last week, he mentioned interest in discussing:
If the future is indeed here and it is in fact not evenly distributed, what’s holding it back in healthcare?
Ari’s prediction for the state of the automobile
Ari’s predictions for healthcare vs. travel industry by 2029
What is the impact of a smartphone for society overall?
Quest Analytics
Quest Analytics is a leading provider of network access and adequacy services to health plans and insurance regulatory agencies.
With its acquisition of BetterDoctor, the combined companies aim to provide the first comprehensive platform that enables health plans to optimize member experiences while complying with federal and state regulations for network adequacy and accuracy.
Paubox SECURE 2019
Paubox SECURE is a digital health security conference, bringing together leaders in healthcare, cybersecurity and innovation in a unique event to drive learning and discussion around the challenges of IT security in healthcare.
Unlike other conferences, Paubox SECURE is focused on generating relevant and meaningful content, discussions and networking – not giving you a sales pitch.
The agenda this year includes discussion on:
Creating The Perfect Healthcare IT Security Stack
Vetting Your Vendors: Certifications & HIPAA Compliance
Balancing Mobility With End User Security
Fostering innovation in Healthcare
100 spam musubi to the first 100 people through the door, concluded by a riveting fireside chat with Ari Tulla. What’s not to like?
Get your tickets today to Paubox SECURE 2019
The post Paubox SECURE preview: Fireside Chat with Ari Tulla appeared first on Paubox.
Source: https://www.paubox.com/blog/paubox-secure-preview-ari-tulla
0 notes