HIPAA

Many healthcare practitioners are only partially HIPAA compliant, often due to lack of resources or knowledge. While there are plenty of statistics on breaches and fines, the key takeaway is that incomplete compliance is costly. Proper compliance improves productivity and capabilities, such as paperless offices and modern software. For those starting their journey, the first steps toward full compliance can be straightforward and impactful.
Contact us

HIPAA low-hanging fruit

Don’t share accounts or passwords

HIPAA requires individual accountability and audit trails for access to digital PHI. It can be extremely convenient, and sometimes even seem necessary, for staff to share an account, but there’s almost always an equally functional option that doesn’t violate this most basic requirement.While we’re on the subject of accounts and passwords, this is a great time to mention multi-factor authentication. Whether it’s handled via text messages, authenticator apps, push notifications, or physical security keys, MFA is a great way to defend against both account sharing and account compromise, and help ensure a one-to-one relationship between people and accounts.
Ensure PHI is encrypted

In motion:
This requirement causes many headaches in medicine and keeps faxes relevant today. Email often fails HIPAA compliance because it can revert to insecure delivery. Simple tools can ensure encrypted, compliant email. However, many healthcare offices still use faxes. A digital office can maintain fax capabilities without a machine, as most internet providers offer secure fax services and can sign a BAA for PHI.

And at rest:
It's important to remember that patient information must always be encrypted when in a covered entity's possession. Unlike the past, where encryption required special software and long boot times, modern computers have built-in encryption. BitLocker on Windows (Professional editions and above) and FileVault on Mac OS provide seamless, free solutions to meet this requirement.
Know your vendors

Ensure your vendors understand your requirements. Every covered entity must verify that any party handling their information complies with encryption standards (both in motion and at rest) and signs a Business Associate Agreement (BAA). These agreements clarify privacy obligations during and after the contract. Many HIPAA-compliant vendors have ready-made BAAs, but if you need one, the Department of Health and Human Services offers a free example BAA for download.

Our HIPAA Toolbox

Deploying HIPAA-compliant email is one of the most impactful changes for a practice. Paubox simplifies communication by encrypting all outbound emails, eliminating the need for special apps or subject lines, and ensuring seamless integration, even on mobile.

Paubox works by enforcing encryption with the recipient’s server, unlike Google Workspace or Microsoft 365, which don’t guarantee encrypted delivery. If encryption isn’t supported, Paubox invites the recipient to a secure portal, preventing violations.

Paubox is HITRUST certified and offers scalable options. Their Email Security Plus and Premium tiers add advanced features like inbound email protection, executive impersonation defense, and marketing tools for compliant patient outreach.
Seamless HIPAA Compliance: Paubox provides a straightforward, seamless solution for HIPAA-compliant email, ensuring encrypted communication without the need for extra applications, subject lines, or manual intervention.
Encryption Guarantee: Unlike other platforms, Paubox guarantees encrypted delivery of emails by acting as a middleman, ensuring compliance even when the recipient's email server supports encryption. If encryption fails, Paubox sends a secure messaging portal invitation.
Scalable Solutions with Added Features: Paubox is HITRUST certified and offers scalable tiers with advanced features like inbound email security, executive impersonation protection, and compliant marketing tools, making it a suitable choice for growing practices.

Broadvoice

It’s near impossible to run a business without making and receiving at least the occasional phone call, and that’s even truer in healthcare. Comparing phone service providers is far beyond the scope of this article, but we wholeheartedly recommend Broadvoice’s b-hive platform. The pricing is extremely competitive, the phone system and call handling are almost infinitely customizable, and unlike many other cloud communications providers, they will sign a BAA without limiting or disabling features.

Bitdefender

Security software is key for HIPAA compliance because it ensures data is encrypted at rest, as required for computers storing PHI. While Windows and Mac OS offer free encryption, managing these policies manually is challenging. Bitdefender’s Full Disk Encryption add-on provides centralized management and reporting of encryption status across an organization. It also includes antivirus and ransomware protection within the same software agent.

Additionally, review any insurance policies, such as general, professional, errors and omissions, or cyber liability. Many offer discounts or require documented antivirus protection, potentially offsetting costs.
Click here to learn more about our Bitdefender services.

Latest Blogs

No items found.