The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

Five Best Practices to Avoid Common HIPAA Violations

Juliana Lee

Posted by Juliana Lee
Tue, Jun 06, 2017

Fines up to $1.5 million, loss of clients, and negative publicity are just some of the serious consequences of violating the 1996 Health Insurance Portability and Accountability Act (HIPAA).

The penalties for non-compliance are based on the level of negligence, and in some cases carry criminal charges that can result in jail sentences. HIPAA compliance is serious business, and when penalties are levied one of the main things taken into consideration is what, if any preventive steps were taken.

With that in mind, here are some basic best practices to implement regarding HIPAA compliance, including:

  1. Comprehension of the guidelines
  2. Training
  3. Guard against 3rd party disclosure
  4. Proper disposal methods
  5. Mobile device management

Read on to learn about each of these five best practices, and how you can implement them.

Read More

The End of Life: What the End of Windows Server 2003 Means for SMBs

Caroline McKee

Posted by Caroline McKee
Wed, Jul 15, 2015

On July 14th 2015, Windows Server 2003 reached the end of its very long life. The “End of Life” of Windows Server 2003 refers to Microsoft’s discontinuation of support for this now outdated platform, however many people do not realize the full impact this will cause.

According to Microsoft, Windows Server 2003 accounted for 39% of all Windows servers in use at the time the End of Life was enacted, with an estimated 9.4 million servers existing in North America alone.

So what does this mean for companies still using Windows Server 2003 as their primary server?
Read on to learn the risks faced by those who have not yet made the switch over to another server and  how to make the transition away from Windows Server 2003 as smooth as possible for your individual company.

Read More

HIPAA Misconception – Risk Analysis vs Compliance

Robert Bruce

Posted by Robert Bruce
Tue, Jun 30, 2015

What you don’t know about HIPAA can hurt you. Ignorance and misinformation are no excuse when it comes to the law. 

The 1996 Health Insurance Portability and Accountability Act (HIPAA) applies to a large number of organizations, including many small health care providers in the Washington, DC area. Because HIPAA is such a wide reaching act, affecting medical providers as well as their business associates, it is important to get the facts straight. Non-compliance is a serious matter, and companies have been fined who had no idea they were in violation of the law.

Keep reading to learn more about:

  • The difference between compliance and risk analysis
  • Risk analysis facts and myths
  • And more
Read More

Who Needs to be HIPAA Compliant?

Robert Bruce

Posted by Robert Bruce
Wed, Jun 24, 2015

The common misconception that the Health Insurance Portability and Accountability Act (HIPAA) is just for medical companies is one that could have serious consequences, especially for a small-to-midsized business (SMB).

The act has official rules that specify required compliance by covered entities (CE), which are: healthcare providers, health plans, or healthcare clearinghouses, and business associates — that is, any company that comes in contact with electronic protected health information (e-PHI). According to the U.S. Department of Health and Human Services, all of these are considered covered entities and must comply with HIPAA encryption requirements to protect the privacy and security of protected health information.

Keep reading to learn more about:

  1. Who needs to be HIPAA compliant
  2. Why being compliant is a necessity
  3. PHI implications
  4. And more
Read More

Top 5 Key Points on Technology for SMB Executives in 2015

Matt Williams

Posted by Matt Williams
Thu, Jun 04, 2015

I get a lot of reading material in my mailbox, and frankly some of it's not even worth the time it takes to click delete. Not so, however, with a recent article from SearchCIO that really got my attention — I'm glad I read it. The author, Harvey Koeppel, president of the tech consulting firm Pictographics, shares some great insights into the challenges facing today’s C-level technology executives. Information technology is now so intertwined with business operations that IT execs, whether they go by CIO, CTO, CISO, or any other title, must focus on the bigger enterprise picture, rather than just the nuts and bolts of IT.

In any size organization, perhaps even more so in the small-to-midsized business (SMB), the IT chief must hone their skill set beyond the old break/fix maintenance model of yesteryear. SMB executives often wear many hats and, often, small businesses either outsource the CIO responsibilities, or they're handled by a CEO, CFO or COO, in addition to their core responsibilities. Large enterprises often employ more than one C-level tech exec, parsing out different responsibilities to a number of decision makers. Upper-level executives at large organizations may have the luxury of focusing on operations that they’re familiar with, their core competencies like sales, marketing, margins, supply chain, purchasing, etc., and there may be several IT execs available for these areas. 

At small businesses, the CIO (or in some cases the virtual CIO), must have a more comprehensive understanding of both the organization’s core mission and the synergistic relationship between technology and operations. For that reason, I've compiled a similar list of tips specifically for IT execs at SMBs. They are all key, but I am listing them in order of importance, at least from my subjective viewpoint.

Read on to learn more about:

  • The key factor
  • Enterprise/IT collaboration
  • Security measures and policies
  • Compliance
  • And more
Read More

5 HIPAA Compliance Best Practices and How MSPs Keep DC SMBs Compliant

Juliana Lee

Posted by Juliana Lee
Tue, Mar 10, 2015

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects health insurance coverage for workers and their families when they change or lose their jobs. Unprotected health information can be a tempting target for hackers and other data thieves as illustrated by the recent data attacks on Anthem, one of the largest health insurers in the US.

In 2003, the U.S. Department of Health and Human Services (HHS) finalized its HIPAA security rule to provide organizations with “administrative, physical and technical guidelines” to safeguard protected health information (PHI). The Privacy Rule addresses the use and disclosure of individuals’ health information by organizations subject to the Rule, called “covered entities.” Within HHS, the Office for Civil Rights (OCR) has the responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties, ranging from $100 to as much as $1.5 million. The law also allows for criminal penalties of up to 10 years in prison for HIPAA privacy violations.

With so much at stake, many large medical and health enterprises, particularly those with their own IT departments have dedicated HIPAA specialists whose primary task is to guard against any kind of HIPAA non-compliance. Some smaller businesses, especially medical practices, without a resident IT HIPAA specialist are partnering with a trusted Managed Services Provider (MSP) to ensure HIPAA compliance. HIPAA compliance requires a concentrated team effort and attention to detail.

Here are five essential best practices for HIPAA compliance:

  1. Perform a Protected Health Information Inventory
  2. Evaluate Your Security Policies
  3. Conduct a Risk Analysis
  4. Plan for Contingencies
  5. Have an Incident Response Policy and a Disaster Recovery Plan

Read on to learn more about how you can implement each of these compliance best practices.

Read More

DC Healthcare Firms: Anthem Breach Illustrates Need for Data Security

Robert Bruce

Posted by Robert Bruce
Tue, Mar 03, 2015

Earlier this year, Anthem — one of the nation’s largest health insurers — suffered a massive cyberattack. Anthem administers health plans under a variety of brands, including Anthem Blue Cross/Blue Shield, Blue Cross and Blue Shield of Georgia, and Empire Blue Cross/Blue Shield. Hackers gained access to as many as 80 million records that reportedly included Social Security numbers, birth dates, addresses, and emails for both customers and employees, including Anthem’s own chief executive. Anthem officials say that for now it appears that client medical information shared with doctors and hospitals has not been compromised. Anthem, along with industry security experts and federal investigators are currently trying via cyber forensics to determine the extent of the data breach.

The Anthem cyber attack, along with other high-profile data thefts at large enterprises such as Sony, Home Depot, JP Morgan Chase, and EBay may result in 2014 eventually being remembered by cyber security professionals as the year of big data breaches. According to a report from digital security solutions firm Gemalto, data breaches jumped 46% from 1,056 in 2013 to 1,540 in 2014. But it was the steep rise in data records theft that occurred last year that is particularly alarming. That leapt 78%, from approximately 575 million in 2013 to over one billion in 2014.

Read on for more information about:

  • The security risks healthcare firms face
  • Key takeaways and security insights from the Anthem breach
  • The roles of encryption and HIPAA
Read More

Five Compliance Environments You Should Know About

Robert Bruce

Posted by Robert Bruce
Tue, Mar 04, 2014

In the Digital Age, document storage and compliance with local, state, and federal regulations has never been more important, nor more complicated. From Sarbanes/Oxley to the Affordable Care Act, the devil is in the details. And those details involve accurate record keeping solutions. These solutions may vary from using dedicated software to employing an outsourced managed document services provider.

Read More

Windows XP & 2003 Upgrade Essential for Network Security & Compliance

Jordan Arnold

Posted by Jordan Arnold
Tue, Sep 17, 2013

 

Windows Server 2003, Windows XP, and Exchange 2003 will reach their end-of-life on April 8, 2014, which means that Microsoft will no longer support maintenance, security updates and patches for the systems.

After this date, these systems will lack protection from Malware and Spyware software—hackers are waiting in the wings to attack once these systems become vulnerable. Furthermore, systems running on Windows Server 2003 or XP will no longer be HIPAA Compliant once the deadline hits.

Read More
1

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook

 
DM_Workbook_Cover_Page.jpg

Download

Sort Posts by Topic

see all