Basic Requirements of HIPAA Data Compliance

Security should be a high priority for any business sharing information across the internet (or any other digital network). For those who operate under HIPAA, it’s not just something you should do; it’s something you have to do by law. 

Recently, we discussed what part of HIPAA covers digital and online assets. Today, we’re going to focus on some of the basic features HIPAA requires. This is by no means a full breakdown, as that would very long, confusing, and attention shattering. 

Instead, we’ll discuss on some of the broader areas you’ll want to make sure are covered by your hosting provider and IT team. 

The goal is here is to handle PHI (protected health information) appropriately by ensuring three things: 

  1. PHI can only be viewed, edited, and shared by authorized people. 
  2. An individual must be able to access their PHI whenever they choose to. 
  3. PHI must be safeguarded against data loss. 

To do so, you’ll need the following… 

Data Encryption 

Data encryption is the first level of defense for your PHI. This ensures that data can only be accessed through the proper points of access (such as login portals). Should a person or program go around your server controls to break into your system, any data obtained will be undecipherable.  

Access Logs 

It’s important to know who accesses what data and when they access it. Also, any changes, edits, or additions must be logged. These logs will help prove that compliance has been maintained. Should problems arise, they’ll also help determine the source and what’s been affected.  

Typically, access logs should go back as far as six years. 

Automated Backup Systems 

It’s not just data breaches that you need to protect against. The loss of data can be just as damaging. HIPAA systems are required to make regular, complete backups that are fully encrypted. That way, should your system be breached or destroyed, a backup can be put in place to maintain compliance.  

Backup Power 

In order to keep information accessible, the power needs to keep running to your servers and systems at all times. Backup power is required to prevent against potential outages and ensure that PHI can always be accessed. 

System Updates 

Outdated software or hardware systems can be a common cause for both technological issues and breaches in security. Any server, network, OS, or device that’s involved in the handling of PHI must stay up to date. 

Depending on the complexity of your network, this can be quite an undertaking. 

Password Compliance 

Weak passwords are very dangerous for any system. In fact, they’re the most common causes for data breaches. In the case of HIPAA, weak passwords aren’t just a liability; they can violate policy. Organizations operating under HIPAA must have systems implemented for creating, changing, and safeguarding passwords”. 

The specifics of how you go about doing this can vary. What matters most is that you have an established system that everyone follows. 

Still, using complex passwords and changing them frequently aren’t always enough. Even when strong passwords are used and regularly changed, you can still be vulnerable to brute force attacks (programs that randomly generate characters until the right password is entered). 

To truly protect yourself, you need additional security measures in place that signal warnings and lock-out hackers before they can break your password. 

When It Comes to HIPAA, You Can’t Plead Ignorance 

Whether you understand all the specifics of HIPAA requirements or not makes little difference. You’ll be penalized all the same. Failure to comply with HIPAA rules will put you under the enforcement of the Office for Civil Rights of the Department of Health and Human Services (or OCR). 

An individual HIPAA fine can be as much as $50,000. An organization can be fined as much as $1,500,000 per violation category in a single year. On top of that, you may face civil lawsuits from people affected by any breaches or data losses. 

This is enough to crush many large companies let alone the small ones. The best protection against this happening is by leveraging the assets, knowledge, and experience of a company like DataYard. 

At DataYard, we provide dedicated cloud hosting, cybersecurity services, and colocation services that can meet the strictest areas of HIPAA compliance. We house are cloud servers in Dayton, Ohio where they are protected against outages, breaches, and data loss.  

Additionally, our IT expertise enables us to consult, advise, and directly assist you in maintain HIPAA compliance across the rest of your systems. 

Contact us today and make sure you maintain compliancy.  

We Can Keep You HIPAA Compliant

TELL US WHAT YOU NEED

Cybersecurity 102: How Firewalls Protect Against Threats

The internet is two-way connection. You don’t just go onto the internet. The internet goes onto the device you’re using. If you’re not careful, a lot of bad things can get into your system through the internet.  

Recently, we discussed some of the major threats that companies face on the internet. Now it’s time to look at the first step to protect yourself from those threats.  

It’s Starts with a Firewall 

A firewall is the gatekeeper to your network and/or device. Its purpose is to let safe information in while keeping the bad stuff out. Dangerous items could include spyware, viruses, hackers, and much more. Additionally, certain firewalls can be customized and configured to keep out content that’s technically “safe”, but unwanted on a particular network. For example, companies may use firewalls to block time-consuming websites such as Facebook or YouTube. 

Firewalls can also act as a filter between different company networks. This is helpful in protecting your information from vendors and contractors you may work with. 

Are All Firewalls the Same?

No. First of all, a firewall can either be a software program or a physical device. Both perform the function of flagging questionable content and preventing it from coming through, though they do so in slightly different ways. 

A software firewall operates on your computer (or other device), protecting the information found there. Should a virus or hacker breach your network, a software firewall can still protect your individual device.  

A software firewall continues to protect your device even when you’re on other networks, which is very beneficial.  

Hardware firewalls are physical devices that act as the first point of connection to the internet, protecting your entire system and every device connected to it. Sometimes hardware firewalls double as routers. Other times, they connect to a router. Different hardware firewalls can offer different features. 

Not only do hardware firewalls protect against hackers and viruses, but they also keep out spam traffic that can slow down your network. 

The best form of protection is a mixture of both physical and device-based firewalls throughout the environment. DataYard provides a comprehensive solution that may include physical, hosted, and next-generation firewall solutions.  

Firewall Systems Need to Stay Updated  

Digital attacks are constantly changing as hackers find new flaws and loopholes in network systems and computer software. In order for your firewall to do its job, it needs to be maintained and updated. It’s important that you keep your network and online data somewhere that’s secure and protected against the latest threats. 

As an IT partner DataYard values an ‘eat your own dog food’ model that incorporates all the products that we would recommend to a client including physical devices, hosted firewall solutions, and software-based products. The more points of security the better. All of these options are available to new and current clients utilizing DataYard’s access, cloud hosting services and colocation. Second to great firewall solutions we maintain backups as an extra safety measure.  

For those who have extra security compliance standards to meet, we have you covered. Our team has a track record for providing thorough solutions that check all the boxes for all compliance requirements.  

And for those who want to make sure they have the right firewalls in place and configured correctly, our IT support in Dayton, Ohio can help you out. 

Not sure what you need? We’re happy to consult so you get the protection you need. Contact us today! 

Our Data Center is Here for You

LEARN MORE ABOUT HOW WE CAN KEEP YOUR DATA PROTECTED

August Maintenance week 2019

Throughout the week of August 12th 2019, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 2:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

Dayton Cares

DataYard has been located in the heart of Dayton’s downtown community for over two decades. Naturally, when the heartbreaking news of Sunday morning’s tragedy scrolled across our screens, we were devastated along with the rest of the community. Some of our own staff were in the district that night but had headed home just before the madness broke out. Sunday morning was a slew of messages, everyone checking in on one another. The sigh of relief that our team was safe was instantly followed by the realization that others were sending the same messages with empty replies, making our stomachs sink. Coping in the wake of tragedy is an endless carousel of questions and “what if?” scenarios. 

 

Our team somberly entered the office on Monday and had to deliver service like any other day, but the day was not the same. It was a day filled with confusion, mixed with a desire to do something in response. But how could we respond as a business? Our service isn’t poised to directly help or comfort someone hurting. We were at a lost as to how we could be there for our community, other than by just being there. It wasn’t until the end of the day on Monday that we discovered how we could help.

 

Monday afternoon we received a call from the Dayton Foundation with a request to help the victims of the Oregon District shooting. NBC Columbus was going to be hosting a telethon the next day, President Trump was visiting Wednesday, and American Airlines had already given $75,000. They were expecting to see unprecedented numbers hit the Dayton Foundation website over the next several days. We responded by immediately bulking up their resources so they were able to accommodate the traffic and security risks that come with national attention.

Dayton Strong. Dayton Proud. Dayton Cares.

Over the last 5 days, we’ve been able to help support our community and the victims in our own way, doing what we do best. This is where the joy of doing what we do shines through the darkness. When we could help the Dayton Foundation reach over 610,000 people from all over the world as well as give over 2,100 people the opportunity to contribute to the victims, we were glad to know we could help in our own way that was unique to our resources and abilities.

 

We’re Daytonians. What Daytonians do is show up and care for their own. We’ve watched this community rally against hate, around tornado victims, and in response to tragedy, each person giving what they could in the way they knew how. That is what makes Dayton great – the people. In Dayton, when someone gets hit, the entire community picks them backup. Dayton cares. So far, you can see 360,000 reasons why we care in the Dayton Foundation’s Oregon District Fund.

 

Dayton Strong. Dayton Proud. Dayton Cares.

HIPAA Compliance for Hosting and Data Security

If you work anywhere in the healthcare space, you’re probably very familiar with HIPAA compliance. Passed in 1996, the Health Insurance Portability and Accountability Act provides rules and guidelines for healthcare access, health information storage, health insurance, and more.

HIPAA consists of five primary parts or titles:

  • HIPAA Title I – Health care access, portability and renewability,
  • HIPAA Title II – Preventing health care fraud and abuse; administrative simplification; medical liability reform
  • HIPAA Title III – Tax-related health provisions
  • HIPAA Title IV – Group health insurance requirements
  • HIPAA Title V – Revenue offsets for tax deductions

While HIPAA provides an important function of protecting the health coverage and personal information of individuals, along with reducing fraud across the industry, it can get a little confusing.

Arguably the most complex section of HIPAA is Title II, which among other things, covers how information is stored and accessed. Since almost everything is digital these days, that means Title II covers your hosting, server, and network setup. 

Meeting the Requirements of HIPAA Title II

Failure to follow the proper requirements of HIPAA Title II can put your customers personal data at risk, not to mention result in some serious penalties. It’s very important that all of your information is stored securely within a HIPAA compliant system. 

Of course, HIPAA extends beyond hosting, covering IT areas such as account access, password management, and more. You also need to be mindful of working with external vendors and third parties, as they bring additional risks and requirements regarding your data. 

Professional Help for Staying HIPAA Compliant 

By itself, the world of hosting and IT support is very technical. When you add in HIPAA compliance, the complexity multiplies. That’s why it’s best to utilize an experienced IT team that’s well versed in HIPAA compliance. 

At DataYard, we offer a wide range of services for companies and organizations that operate under HIPAA. This includes private cloud hosting at our data center in Dayton, Ohio that meets HIPAA and HITECH requirements. Additionally, we can provide you with consultation, on-going support, and threat protection so that all of your technological and digital fronts are covered. 

You don’t need to understand all of the complexities of HIPAA Title II. You just need an IT team that does. Contact us today! 

Our Data Center is Here for You

LEARN MORE ABOUT OUR HOSTING AND CONSULTATION SERVICES


DataYard Network Maintenance 8/8

DataYard will be moving up a part Saturday’s maintenance on our core internet infrastructure to tonight (8/8) at 10:00 PM for customer on a few services. Tonight’s change will impact ethernet express metro and regional ethernet services delivered via Centurylink. Downtime is expected to be less than 15 minutes.  This is being done to prevent any business hours interruptions to service due to hardware that is in a degraded state.

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

DataYard Network Maintenance 8/10

DataYard will be performing maintenance on our core internet infrastructure Saturday morning (8/10) at 12:01 AM to replace suspect hardware. This will impact ethernet express, ethernet express metro, and regional ethernet services. Downtime is expected to be less than 15 minutes.

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

 

Cybersecurity 101 – What are the Threats?

With so much of our lives and businesses online, cybersecurity is more important than it’s ever been. And it’s not just something that big businesses have to worry about. Nearly half of cyber-attacks are targeting small businesses 

For small businesses, one bad hack could be enough to put them out of business for good. 

That means cybersecurity should be a top priority for all businesses. If any part of your business is storing information online (and it probably is), you need to protect yourself against threats. How do you do that? 

The best place to start is by understanding what types of attacks are happening out there. Here are some of the most common types of attacks taking place in 2019. 

Today's most common threats to your data...

Ransomware  

Ransomware has been around since ‘89, and it’s a tactic that’s still going strong. As you might deduce from the name, ransomware is malware that gets into your system, locking you out of it, and cutting you off from your data. In order to get access back, hackers will demand payment or “ransom”. 

Sophisticated encryption in modern day ransomware ensures that your data is virtually impossible to recover without gaining permission from the random holder. What’s even scarier is the fact that should you pay the ransom, the hacker might delete your information anyway. 

This is why regular backup systems and segmentation is so important in modern server systems. 

Cryptojacking 

This is a relatively new attack that’s quickly gaining steam. You’ve probably heard of cryptocurrencies such as Bitcoin and Ethereum. Without going into too much detail (because cryptocurrencies can get very confusing, very fast), these currencies involve a process called mining, which requires a lot of computer power to perform efficiently.  

This is where cryptojacking comes into play. 

Cryptojacking involves planting hidden malware that secretly uses your company’s hardware and resources to mine cryptocurrencies. These attacks can be very hard to notice as they don’t cause obvious problems. They do, however, slow down your system and anyone who is connected to it. 

The good news is it’s relatively simple to prevent cryptojacking from happening. Even if your system has been infected, a skilled IT professional can get it removed quickly. 

Device Exploitation 

Smart technology is only growing more popular. These devices connect with the internet and with each other, forming something called the “Internet of Things”. While these devices can offer a lot of convenience, they can also serve as areas of exploitation. 

Individual devices have their own systems which require their own updates. Failing to update your devices is one of the easiest ways to expose yourself to attackers. Software and network updates exist largely to patch potential security risks in products. 

Systems need to be in place to ensure that the various devices connected to your network are secure and up-to-date. 

Third Parties 

Everyone likes to think of their vendors and contractors as trusted allies, but the truth is, they can be massive security risks as wellEspecially smaller companies who often lack proper security systems and dedicated IT teams.  

If your vendors have any access to your system, they pose a potential threat. You need to account for this. An IT audit, or Discovery, as we like to call them, can help expose where these weaknesses exist and provide steps to remediation.  

Phishing 

Despite a pretty wide awareness of phishing, it’s still a popular (and often successful) means of attack. Today’s phishing schemes are smarter than ever, often utilizing personal info and professional sounding email addresses to seem legitimate. 

These schemes can easily steal important passwords or spread malware through one wrong click. 

Cyber Attacks are Constantly Changing and Evolving 

Technology is advancing faster than ever. With it, cyber-attacks are constantly evolving. The only way to protect yourself, your customers, and your partners is with on-going security. Software or a simple firewall isn’t enough. 

You need a professional team by your side. 

At DataYard, we provide cyber security in Dayton, Ohio and beyond. Our web hosting and cloud services ensure regular backups of your data are made and that your systems stay up-to-date. Our IT support services (AYS) can further assist you in forming proper security protocols and ensuring that you stay protected from the latest digital threats. 

Contact us today to learn how we can keep you and your business safe.  

Is your company safe?

LEARN MORE ABOUT OUR CYBER SECURITY SERVICES