Dropbox HIPAA Compliance

in HIPAA Headlines by John Brewer 5 Comments

There seems to be a flurry of activity about whether a cloud storage service called DropBox is HIPAA compliant or not. On the surface it appears that DropBox would be HIPAA compliant. As their site states: “All transmission of file data occurs over an encrypted channel (SSL).” “All files stored on Dropbox are encrypted (AES-256)” Read More

Password vs. Encryption

in HIPAA Headlines by John Brewer Leave a comment

There is a common (wrong) belief out there that when something is password protected, it is therefore encrypted. This is totally wrong. The recent “loss” of a laptop by BP that contained the personal data of 13,000 people brought this misconception back to light. Briefly: this lost BP laptop was password protected, but not encrypted.  Read More

Get Your HIPAA House in order

in HIPAA Headlines by John Brewer Leave a comment

If your practice has a security breach, there will be a financial hit with fines and the cost of providing credit watch services for you patients. Additionally, I’ve long told physicians to be aware of the public relations hit the a practice will take with a loss of patient data. Here’s another perfect example of Read More

$55,000 HIPAA Fine

in HIPAA Headlines by John Brewer Leave a comment

Health insurance company Health Net has just been fined $55,000 by the state of Vermont over the insurer’s loss of a portable disk drive that exposed the protected health information (PHI) of 1.5 million people, including 525 Vermont residents. The HITECH Act, that piece of legislation that is mostly remembered for giving physicians reimbursement money Read More

1,700 Patients Data Lost

in HIPAA Headlines by John Brewer

As reported in the Time Free Press, the personal information of more than 1,700 patients of a local Chattanooga, TN doctor’s office has been lost. This family practice office had been using a computer flash drive, commonly referred to as a “thumb drive” as their off site computer backup. This thumb drive was not encrypted. Read More