Posts Tagged "HIPAA"

There is a reason why cyber criminals prefer medical health information to many other types of data, including credit card and bank account data. Medical health patient information such as social security numbers, personal identities, and health histories don’t change. On the other hand, pass-codes can be quickly changed and credit accounts frozen when a breach is discovered. Banks will react fast. People are more likely to notice unexplained bank account withdrawals and credit charges than unexplained health insurance claims and charges to Medicare. This is because health record exploitation isn’t on their radar. In short, compared to medical records, bank data has a brief shelf life for felonious use.

Medical records also contain much more information that can be put to many uses. Phony passports and other ID cards can be fabricated and sold for profit. The personal health problems along with names and phone numbers of people can be sold to telemarketers who then attempt to sell related equipment and supplies to the victims. Medical records can contain enough information, including place of employment, for criminals to file fake tax returns. Valuable medical items can be charged by criminals to Medicare and to health insurance accounts and sold for profit.

With stolen medical health information being the digital gold that it is, it’s more important than ever to use an HIPAA compliant cloud service for hosting personal health information. HIPAA compliance is not only the smart thing to do, it’s the law. Noncompliance can result in being served with civil and criminal penalties and with fines up to a maximum of $1.5 million per year. Not only will a data breach harm your business, it can also harm your customers/patients. They can be victimized with identity theft, lose their health insurance, face higher health insurance premiums, and depending on how their information was abused, suffer many other difficulties. offers HIPAA compliant cloud services and is ISO 27001-certified. To learn more about how we protect our client’s data, contact us.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule was created to ensure that doctors and other covered entities have implemented the appropriate safeguards to protect the confidentiality, integrity and availability of Electronic Protected Health Information (EPHI). As more and more covered entities exchange EPHI via electronic mediums, there’s a growing need for the Security Rule’s standards. But if you’re a covered entity, you may have some questions about the Security Rule’s physical safeguards.

The Security Rule requires covered entities to implement technical, administrative and physical safeguards to protect EPHI from unauthorized use and access. Technical safeguards consist of digital measures to protect the confidentiality of EPHI, including the use of strong passwords, unique user identifications, firewalls, encryption, network monitoring service, etc. Administrative safeguards, on the other hand, consist of policies and procedures which are intended to protect the confidentiality of EPHI.

Now that you know the basic definitions of technical safeguards and administrative safeguards, you might be wondering about physical safeguards. The Department of Health and Human Services (HHS) further explains on its website, saying that physical safeguards are “...physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.”

It’s easy to overlook the implementation of physical safeguards, simply because the Security Rule pertains strictly to EPHI. But even EPHI should be protected with the appropriate physical safeguards. Failure to include them in your practice places patients’ personal information at risk of disclosure while also placing your practice at risk for HIPAA fines and corrective action.

The standards listed in the HIPAA Security Rule’s physical safeguards consist of facility access controls, workstation use, workstation security, and device and media controls.

Common examples of physical safeguards include the following:

  • Locked doors
  • Perimeter gates
  • Video surveillance
  • Patient identification verification
  • Documentation of changes, removals and repairs to the device housing your EPHI

To recap, physical safeguards are an element of the HIPAA Security Rule that involves the use of tangible measures to prevent the unauthorized use or disclosure of EPHI. While the Privacy Rule covers all forms of Protected Health Information (PHI), the Security Rule focuses strictly on EPHI. It was created as a result of the growing use of electronic platforms on which covered entities use to store and transmit EPHI.

To learn more HIPAA compliance, contact us today. offers secure cloud computing services for covered entities big and small.

© 2018 All rights reserved.