Protecting patient information is a crucial and necessary part of healthcare… but so is communicating effectively with patients. Considering that email continues to be the most common form of electronic communication, it stands to reason that providers meet patients where they are. 

However, HIPAA regulations have rather strict requirements for protecting PHI, and plain email just doesn’t cut it. Here, we’ll discuss how to effectively use email to engage with patients without breaking compliance.

Read More

Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure. 

However, understanding that HIPAA is a requirement for operation doesn’t necessarily make compliance or effective cybersecurity much easier to implement. That’s why an initiative conceived by government agencies, known as the Health Industry Cybersecurity Practices (HICP), was put into action to align security along with government and industry best practices. 

Read More

Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting. 

Since SOC requirements come directly from the AICPA, the organization releases documents pertaining to guidance for audits and compliance. One of the primary documents for SOC compliance is Statement on Standards for Attestation Engagements no. 18 (SSAE 18). 

Read More