HIPAA - the Health Insurance Portability and Accountability Act. Not exactly a name that gets your attention, but it should. This law is designed to provide privacy standards to protect patients' medical records, however, it applies not only to doctors, hospitals and other health care providers, but any business that provides services to those entities, as well as those that provide services to those service providers!
This month, we discuss HIPAA compliance, and we discuss our recent HIPAA verification process. In addition, we discuss the importance of encryption as a data protection plan, are introduced to our non-profit of the month Riverside Industries, and we meet network specialist Scott Seifel, who also doubles as our Information Security Officer. Enjoy!
Dave DelVecchio, President
A common thread throughout our client base is the need to keep data secure. For clients in certain industries, data security needs are defined by regulations which govern their industry, with one well-known example being HIPAA compliance within the medical field. According to HIPAA definitions, data security standards are not only applicable to "Covered Entities", or those who directly provide health-related services and maintain health records, but also "Business Associates" who provide services to Covered Entities. In addition, those who provide services to Business Associates are considered "Downstream Business Associates", and are also impacted with data security requirements.
Starting in November 2016, Innovative has been actively pursuing and has recently completed a comprehensive HIPAA verification process. This thorough program focuses not only on the physical and technical security in place to protect data, but also the administrative controls through policies, processes, education, and on-going management. As a result, Scott Seifel
has been named our Information Security Officer, with Jonathan Hebert
designated our Information Security Manager, working in tandem to document and manage our compliance programs.
HIPAA compliance falls under the U.S. Department of Health and Human Services (often referred to as HHS), who maintains a list of data breaches that have affected more than 500 individuals on their "wall of shame"
. To learn more about our HIPAA verification process, or to discuss whether HIPAA verification is appropriate for your organization, contact Innovative
for more information.
Encryption as part of a HIPAA strategy
Quite often, when Electronic Personal Health Information (ePHI) is lost, fines and penalties levied by HHS aren't due to the impact of the data loss itself. More so, it's due to the entity that lost the data failing to use commercially-reasonable efforts to protect the data in the first place. One simple and commercially-reasonable solution to protect ePHI is to leverage a managed encryption solution for all laptops, desktops, mobile devices, and portable storage.
Innovative offers encryption-as-a-service for desktops, laptops, mobile devices, and USB storage devices that allows not only for the encryption of data-at-rest, but advanced management capabilities, such as complete data wipe capability when devices are stolen and remote enforcement of password and security policies as part of a broad range of both administrator-enabled and automatic security responses to threat conditions. For more information on the importance of encryption as part of your HIPAA compliance or data privacy strategy, please download the following white paper
Introducing Riverside Industries
Riverside Industries is celebrating 48 years of helping empower adults, ages 21 to 75, living with developmental disabilities, from 33 towns in western Massachusetts. Riverside participants thrive in the heart and center of community life. Riverside services are designed so that participants may live life with purpose, joy and as much independence as possible.
This year's annual Riverside Auction will be held on Friday, April 7, 2017 from 6pm-9pm
and will transform One Cottage Street in Easthampton, MA into a gala venue where hundreds of people from every walk of life will come together to celebrate community at its best! Every year, our community rallies to "Support-A-Need" at the auction, and this year's theme will be ExpandAbility
, to purchase adaptive tools and equipment to enable, empower, and expand on the abilities of 230 individuals to live rich and full lives - with joy, self-expression, productivity and engagement.
For a tour of the One Cottage Street campus, and a free cup of coffee at Cottage Cafe, call Nisa Joy Zalta, the Director of Development & Community Relations, she will be delighted to meet you. You can call or email Nisa at 413-527-2711 ext. 155 or firstname.lastname@example.org
Meet Scott Seifel
First joining Innovative in 1998, Scott
is one of the four employee-owners of Innovative Business Systems, and serves as our Red Team Support Lead, responsible for working with his team to address client support needs via on-site services. In addition, Scott serves as our Information Security Officer, who in partnership with our InfoSec Manager, Jonathan Hebert, helps Innovative maintain compliance to HIPAA standards for a Business Associate.
One of the brightest wired and wireless networking minds around, Scott has earned multiple Microsoft, Symantec, GFI, Fortinet, and Cisco certifications. A lacrosse player in college, Scott enjoys the outdoors, camping with his wife and boys, and always enjoys a nice bottle of wine.