White Papers – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Sat, 16 Jul 2016 17:04:22 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 A perspective of compliance readiness of healthcare businesses https://www.aegify.com/perspective-compliance-readiness-healthcare-businesses/ Wed, 13 Jul 2016 23:36:00 +0000 https://www.aegify.com/?p=3419 Checking compliance and security, the Aegify way In 1996, the Health Information Portability and Accountability Act, most commonly known as HIPAA, was passed with one of its goals being to ensure uninterrupted coverage for patients. Health Care Organizations (HCOs) need to be able to pass patient records and other data back-and-forth. For this to happen…

The post A perspective of compliance readiness of healthcare businesses appeared first on Aegify.

]]>
Checking compliance and security, the Aegify way

In 1996, the Health Information Portability and Accountability Act, most commonly known as HIPAA, was passed with one of its goals being to ensure uninterrupted coverage for patients. Health Care Organizations (HCOs) need to be able to pass patient records and other data back-and-forth. For this to happen efficiently and reliably, healthcare records would need to become more portable (hence the ‘Portability’ in the act’s title). So the bill set forth new terminology and Electronic Data Interchange (EDI) code sets for transmitting data.

Two parts of HIPAA require attention:

  1. The Security Rule (164.306), which establishes safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (PHI).
  2. The Privacy Rule (164.502), which orders HCOs to protect PHI and defines the allowable uses and disclosures of PHI, in contrast to “de-identified” health information.

The assured portability of healthcare information plays a tremendous role in improving the safety, efficiency, and quality of healthcare.  The act seeks to assure that anyone and everyone who participates in moving PHI from place-to-place accepts accountability that, at least in part, assures privacy.

Sweeping changes were made to the HIPAA privacy and Security Rules since they were first implemented with the Omnibus Final Rule, effective September 23rd, 2013.

Protected Health Information (PHI) includes any data, including demographic information that relates to any of the following:

  • An individual’s past, present or future physical or mental health or condition.
  • The provision of healthcare to an individual.
  • The past, present, or future payment for the provision of health care to an individual that also identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
  • Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, and Social Security number).

Read more… Download the whitepaper

The post A perspective of compliance readiness of healthcare businesses appeared first on Aegify.

]]>
Why Security and Risk Analysis are a must for HIPAA Compliance and Meaningful Use Attestation? https://www.aegify.com/security-risk-analysis-must-hipaa-compliance-meaningful-use-attestation/ Wed, 13 Jul 2016 22:09:37 +0000 https://www.aegify.com/?p=3411 Security Analysis The task of managing security is complex. Over 32K security gaps are now documented as potential vulnerabilities and are growing alarmingly. The recently discovered vulnerabilities that were lying dormant for years, such as the Heart-bleed, shell shock, and poodle bugs, and the recent GHOST vulnerability have added new dimensions to the security gaps.…

The post Why Security and Risk Analysis are a must for HIPAA Compliance and Meaningful Use Attestation? appeared first on Aegify.

]]>
SRA-1

Security Analysis

The task of managing security is complex. Over 32K security gaps are now documented as potential vulnerabilities and are growing alarmingly. The recently discovered vulnerabilities that were lying dormant for years, such as the Heart-bleed, shell shock, and poodle bugs, and the recent GHOST vulnerability have added new dimensions to the security gaps.

Many of the new path breaking technology developments, may not have factored the safety and security components adequately during their development, introduction in the market and their very fast acceptance due to their appeal. The interconnectivity of these new devices is leading us to voluminous data availability and exposure via,  smartphones, Internet of Things (IoT), cloud -based – applications, authentication and storage solutions. Pieces of information picked up from these huge number of connected devices, and big data analytics could open new sources of information exploitation by the organized cyber criminals from volumes of information.

Over 92K checks must be performed to assess the status of security of your infrastructure across your physical and virtual networks, operating systems, databases, and Web applications.

With sophisticated tools, cyber-attackers unfortunately, have asymmetric advantages over businesses.

The need for security analyses stems from the regulatory requirement (45 C.F.R. §§ 164.302 – 318.) This is to help entities in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e-PHI).

All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in this process.

The penalties are severe; the second reason why organizations must do a security analysis. For instance, the end of 2014 saw Anchorage Community Mental Services (ACMHS) settlement for potential violations by paying $150,000 and adopt a corrective action plan  to correct the deficiencies in its HIPAA Compliance Program. Read more…Download the whitepaper

The post Why Security and Risk Analysis are a must for HIPAA Compliance and Meaningful Use Attestation? appeared first on Aegify.

]]>
Keep your Healthcare business Secure and Healthy! https://www.aegify.com/keep-your-healthcare-business-secure-and-healthy/ Thu, 14 Jan 2016 21:44:12 +0000 http://www.aegify.com/?p=1521 In this white paper we’ll bring you fully up to speed on exactly what the implications of HIPAA & HITECH regulations are and what it means for your business. Read Whitepaper

The post Keep your Healthcare business Secure and Healthy! appeared first on Aegify.

]]>
In this white paper we’ll bring you fully up to speed on exactly what the implications of HIPAA & HITECH regulations are and what it means for your business.

Read Whitepaper

The post Keep your Healthcare business Secure and Healthy! appeared first on Aegify.

]]>
Achieve HIPAA Omnibus Compliance in Five Easy Steps https://www.aegify.com/achieve-hipaa-omnibus-compliance-in-five-easy-steps/ Mon, 04 Jan 2016 22:57:25 +0000 http://www.aegify.com/?p=1546 In this whitepaper you will learn 5 steps to achieving HIPAA Compliance.  However, given that new vulnerabilities are discovered every day, it is imperative to conduct HIPAA assessments regularly. It is not a one-time endeavor and should be completed once every quarter at the minimum.   Read Whitepaper

The post Achieve HIPAA Omnibus Compliance in Five Easy Steps appeared first on Aegify.

]]>
In this whitepaper you will learn 5 steps to achieving HIPAA Compliance.  However, given that new vulnerabilities are discovered every day, it is imperative to conduct HIPAA assessments regularly. It is not a one-time endeavor and should be completed once every quarter at the minimum.

 

Read Whitepaper

The post Achieve HIPAA Omnibus Compliance in Five Easy Steps appeared first on Aegify.

]]>
Security Elements in Aegify https://www.aegify.com/security-elements-in-aegify/ Sun, 03 Jan 2016 22:46:46 +0000 http://www.aegify.com/?p=1535 In this whitepaper we will discuss our effort to deploy a secure SaaS. Cloud infrastructure has indeed been a very attractive proposition to many enterprises, small or large, from the features that cloud infrastructure providers offer today. But cloud security is sometimes raised as a matter of concern. Therefore, when Aegify took its information security…

The post Security Elements in Aegify appeared first on Aegify.

]]>
In this whitepaper we will discuss our effort to deploy a secure SaaS. Cloud infrastructure has indeed been a very attractive proposition to many enterprises, small or large, from the features that cloud infrastructure providers offer today. But cloud security is sometimes raised as a matter of concern. Therefore, when Aegify took its information security and compliance services to the cloud, it made sure that the services offered were after a thorough due diligence to ensure complete privacy and security of customers, partners and businesses using the cloud based services.

Read Whitepaper

The post Security Elements in Aegify appeared first on Aegify.

]]>