Medical

10/3/2015
HIPPA-Compliant WiFi
MP3 - HIPPA-Compliant WiFi

3/28/2009

Major HIPPA changes were part of the 2009 stimulus package. They have a major financial impact on medical practitioners and anyone who does business with them. If you are a medical practitioner or do business with one, you should listen to this show.

5/15/2010

All of this data is fully applicable in 2014.

Hospitals tend to have security, but small practitioners and private practices frequently don't take security seriously. If you have ever used the services of a medical office, you should listen to this show.

A simple test you can use to tell whether or not the medical office you visit has security has to do with your x-rays. Ask them to email your x-rays to you. If you receive the email fully encrypted with the x-rays attached, then they likely have good security. If you receive an email that is not encrypted, then it is HIGHLY likely that office has insufficient security and is in violation of HIPPA regulations.

Additionally, if the medical staff attempt to photocopy or scan your driver's license, then they do not understand the Red Line Rule. There is another whole Breakfast Bytes show on the Red Line Rule.

NEVER let them photocopy you driver's license. Virtually none of these copiers have an encrypted hard drive. And never let them scan your driver's license. They have no legal basis for their desires. The Red Line Rule simply states that they must verify your identity IF you are using insurance in order to prevent insurance fraud. They do not need to copy your identity card to verify your identity.

Most medical offices do not even have HIPPA-compliant hardware-based firewalls. They also allow wireless on the same network as the practice management database. This leaves the practice management database wide open for hacking.

Listen to the show for examples and more details about security violations.

9/17/2011

Red flag rule - fighting fraud and identity theft
Medical offices copying your photo ID and storing it - they shouldn't be doing it
Phone, hard drive encryption
Evaluating cloud vendors for security
Why users shouldn't choose their own solutions
What techniques exist for blocking USB devices stealing data?

Interview with security expert Kurt Roemer

9/3/2011

Understanding PCI DSS
The need to use 12 simple steps to reduce fraud
Understanding HIPPA
Understanding what is security due care

Interview with security expert Kurt Roemer

The following is a computer systems security and maintenance self-assessment that organizations of all sizes can use to test their overall security strategy. Most of this list is also applicable to residential scenarios. Special items related to HIPPA or PCI environments are notated.

This is not an exhaustive list to verify HIPPA or PCI compliance, but is intended to be an overview in terms that most business decision makers will understand.

The QPC website has many articles where you can find solutions to any strategy deficiencies revealed to you through use of this assessment. Use the handy search boxes in the Breakfast Bytes area and the Resources area to find articles and podcasts pertinent to the subjects you are interested in learning more about.

1/4/2014 Author: Felicia

Payment Card Industry (PCI) standards have recently changed. The new version of PCI DSS 3.0 was published in November 2013. You may want to visit the PCI Standards Security Council website. You can find the PCI 3.0 DSS full document here. And you can find the version 2.0 to 3.0 changes here.