HIPAA Compliance: Not Just for Doctors

/in /by

Just as the title above suggests – contrary to popular belief, doctors and hospitals aren’t the only ones bound by HIPAA law. HIPAA was created in 1996 to ensure an individual’s health record was theirs to share and theirs alone. Thereby, HIPAA law extends to any organization involved with an individual’s medical records, including:

 

● Health Insurance Providers
● Doctors
● Clinics
● Hospitals
● Nursing Homes
● Mental Health Specialists
● Pharmacies
● Dentists, Orthodontists, and Oral Surgeons
● Any Business or Entity Sharing Medical Records with These Organization

 

As such, HIPAA law enforces the obligation of these organizations to steadfastly protect the privacy, security, and accuracy of all medical records entrusted to them. Nerds Support is vastly familiar with all aspects of HIPAA law, including the following aspects: The HIPAA Privacy Rule – sets limits on the handling and disclosure of any and all medical records without prior knowledge, understanding of, and approval from the patient. This rule also allows individuals to have access to their medical records to ensure complete awareness and accuracy of their contents. HIPAA Compliance for Business Associates – extends HIPAA law to cover not only the original definition of an “HIPAA-Covered Entity,” but also to any and all business associates with whom they share medical records. This newer aspect of HIPAA law ensures coverage over every organization who keeps medical records for any reason. HIPAA Security Rule – governs practices for how medical records may and may not be saved and shared. 
One of the largest undertakings in the medical industry as a result of this rule is the current universal conversion of all patient medical records from the original paper method to electronic data. 
As a result, organizations operating under HIPAA law must take austere measures to ensure strict HIPAA compliance with all medical data, leaving no stone unturned to minimize risk between data transfers and storage. HIPAA Omnibus Final Rule – the newest rule under HIPAA compliance law. According to Hitech Answers, the modifications within this rule are intended to: 
● Make business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules’ requirements. Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization. 
Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full. 
● Require modifications to, and redistribution of, a covered entity’s notice of privacy practices. 
● Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others. 
● Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted in the October 30, 2009, interim final rule, such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect. 

 

Is your organization adequately prepared to stay within HIPAA compliance law? 

 

Nerds Support is
Don’t be just a number with Nerds Support!

 

With our IT Support Miami team you get personalized 1-1 support in 12 minutes or less.

 

Your nerd is
a call away
305-551-2009
 

Regulatory Compliance for Financial Institutions: Compliance is Everything

/in /by

Regulatory compliance: it’s a subject no one likes to talk about, and yet
– if your business isn’t well-versed with it and takes measures to ensure
compliance – it could be awful news.

Regulatory compliance is simply making sure that organizations are following their required state and federal laws, as well as all required standards and procedures. That may sound simple enough, but considering all the different federally mandated compliances out there, such as HIPAA, SOX, and PCI DSS, it can be easier than you think to fall out of compliance. And if that happens, you’re looking at possible federally imposed fines, audits, and even public humiliation from the negative attention that comes with an investigation. In the age of social media and online sharing, a company cannot risk losing business because of their reputation.

The bottom line is: not staying within regulatory compliance will end up equating to significant lost revenue for your organization, and perhaps more.

Stratus, formal penalties for noncompliance with SOX can include fines, removal from listings on public stock exchanges, and invalidation of D&O insurance policies. That’s a lot more. Hence, the reason regulatory compliance is often the very backbone of an organization’s security system.

A nerd sharing his opinion about helping small and medium sized businesses achieve SOX compliance

*Nerd Comment


Regulatory Compliance Isn’t Always an Easy Road to Follow

While there are many different types of regulatory compliance regulations for various industries, the three largest are HIPAA, SOX, and PCI DSS. Your particular organization may deal with only one or with all three. In any case, it’s highly advised to familiarize yourself with the specific details of the regulations which apply to you. That being said, it is, unfortunately, possible to believe you are taking all necessary measures to ensure comprehensive compliance, yet still unknowingly be in violation of one or more regulations. Some of the reasons for this may include referencing outdated materials, new wordings of rules replacing old, and basic misunderstanding of how each law is interpreted by enforcement agencies.


What Can You Do?


First and foremost, as you are the greatest watchdog for yourself and your business, you should begin familiarizing yourself with the most up-to-date information on regulatory compliance to the best of your ability.

While some of your study materials may indeed quickly become obsolete, you will still know much about your specific compliance regulations, and can then take measures to stay updated on any changes.

After that, it’s time to get your technology in absolute compliance, and that means finding an IT support service with expert-level knowledge on regulatory compliance. Luckily for you, Nerds Support is one of the best.

Once we understand your exact needs, we will create a customized infrastructure for your organization that ensures strict regulatory compliance with your requirements, including HIPAA, SOX, and PCI DSS.

We have over 17 years of experience working with small to medium sizes businesses in the accounting, financial, wealth management, freight forwarding, and logistics industries.

We will make your website into a veritable Fort Knox — locked-up tight, safe and secure

Don’t be just a number!

With Nerds Support you get individual 1-1 support in 12 minutes or less.

Your nerd is

just a call away

305-551-2009


Free Cloud Solutions Assessment

Miami Cloud Solutions Assessment For Business Owners

/in /by

Get Your Free Report Today

Before Migrating Your IT to the Cloud, Be Sure to Read These Five Important Facts First!

With so many cloud computing solutions out there, how do you know which one is right for your business, and when the right time to make the switch is? This absolutely free report will give you the insight and information you need to make the right decision about migrating your business technology to the cloud, so you don’t end up spending time and money on a solution that’s not right for your unique needs.

Find out the answers to these common questions and more:

  • What exactly is cloud computing, and how can it save my business money over my current server-based network?
  • What are my choices when it comes to cloud computing, and which solution is right for me?
  • How much money can I expect to save by switching to the cloud?
  • What are the most important questions I should ask my computer technician before getting started?
  • What are the critical facts I should know about data hosting and the security of sensitive information?
  • What’s in the fine print when it comes to migrating my technology to the cloud?

Testimonial

testimonial“Working with Nerds Support and Scott has been fantastic! With their proactive approach to IT we rarely have network or PC problems. Any little problem is fixed immediately and this keeps productivity high. Any organization, no matter how many work stations, will benefit greatly from Nerds Support services.”

Get My Free Report
cloud startups

How Cloud Solutions Can Help Grow Your Startup in 2019

/in /by

Startups might begin small, but when successful, they will evolve. And in this century, it’s necessary to scale technology as business operations and processes get more complex, staff grows and clients demand more. But choosing the right tech solution for your business at such an early stage can definitely be a challenge as you can’t tell the future and there’s no way to know with certainty the many ways your company will change.

Ideally, you’ll want a technology platform that can grow with you and adapt to your business’ needs as it expands and transforms. And your worst fear as an entrepreneur might be that you’ll need to spend thousands of dollars in tech that can give you an edge over the competition.

Still, in 2019 you won’t need the budget of a big corporation to take your business to the next level. You just need the right tools to build your empire’s foundation. And in this day and age, all of these tools can be found in the cloud.

Here’s how cloud computing can help propel your business to stratospheric levels.

Business Continuity Planning

Whether it’s human error or a major natural disaster, all businesses are vulnerable to downtime, data loss and even worse things, like terrorist attacks. The one thing you can do to protect your business from critical situations is to have a business data backup and recovery plan in place. Not all data backup and recovery plans are created equal though. So, working with disaster recovery experts is the safe bet.

Working Remotely from Anywhere

Cloud computing is an all-encompassing, almost omnipotent solution that provides flexibility to its users and increased productivity for businesses. Most companies have migrated some or all of their in-house technology to a cloud environment and have reduced operational costs, gotten a better return on their IT investment and can now work from anywhere in the world.

But with that ability, comes the need of having to be extra careful when we access our company’s virtual workplace or web platforms. A cloud-managed wireless access point allows you to keep track of what your employees do while using the cloud-based workplace. You can see what apps they use, the documents they work on, among other things that will allow you to be a more effective manager.

Monitoring your employees’ use of company software and platforms is very important for security reasons, as the possibility of one of them connecting via a compromised single access point could enable hackers to see confidential data.

Minimal IT Infrastructure Upkeep

Simplifying doesn’t mean the same as downsizing. With the cloud, scalability and growth come faster because you don’t need to maintain your own servers and can opt for managed services that will make your life easier.

This means that all of your critical business applications and servers will be hosted in an offsite data center, your infrastructure will be monitored by expert IT technicians, and you can return your focus to managing your business instead of wasting time worrying about maintaining your IT infrastructure.

Better Security and Compliance

If your business uses email to communicate or is based on the web, you are at risk for online threats. From viruses and malware, to spam and phishing attacks, to Man in the Middle and DDoS attacks, there’s a plethora of things hackers can do that can do serious damage to your company.

And while you think you’re safe using unprotected systems and networks, your email system or business website are probably not as secure as you think. Managed IT services in the cloud can reduce your risks for online threats and ensure data compliance.

Talking about compliance, if you are a government or healthcare industry contractor, you’ll find that you’ll be required to implement stricter compliance measures to safeguard confidential data. Working with cloud solutions will reassure your clients (whether in the private or public sector) that you take the security of their data (and their business) seriously.

Your Business Online 24/7

It goes without saying that, when the applications and data that support your business are in the cloud, you will be able to access whatever you need to keep things running from anywhere, and at any time. You’ll also enjoy 24/7 IT support and services for an affordable monthly fee. You don’t need a full, in-house IT department to run your small business like a big corporation.

Less Costly Business Solutions

Expensive services like VoIP phone systems, productivity applications, team collaboration software, remote desktop access, virtual work machines, website hosting, business automation, and cyber security come at a fraction of the price when it’s all managed from the cloud. Also, cloud solutions are highly customizable, which is exactly what businesses need when they’re starting up.

This is why for most entrepreneurs the cloud represents infinite possibilities and unlimited business growth. Startup founders know the value of sticking to the philosophy of doing more with less, as it’s how most of them thrive in a dog-eat-dog world where big, Goliath-like businesses and corporations have an unfair advantage over the Davids of the world.

If you’re still not sure what type of solutions your startup needs to get off the ground, contact the Cloud Computing experts at Nerds Support for a free consultation.

Working Remotely During the Holidays

Cyber Security Tips for Working Remotely During the Holidays

/in /by

Whether we’re new to working remotely or veterans, whether we’re addicted to our jobs or unwilling slaves to our work, most of us don’t know the risks involved with this practice when we’re traveling and connecting to work computers and accounts via unsecured networks and personal devices.

Because most companies deal with sensitive information, they limit the access to their own computer networks and platforms to minimize threats like phishing, malware (viruses, worms, spyware, ransomware, etc.), Man in the Middle and DDoS attacks, and even computer theft!

You might think your organization’s CIO or CTO is a bit paranoid for treating you and other employees like security threats, but you’d be surprised to know that this is not far-fetched. In fact, it is likely that if a data breach or cyberattack happen during the holidays, you or a low-tier coworker might be partly responsible even if you’re unaware as to how this could happen.

According to the CEO of Nerds Support, Scott Richman, all businesses should have a relationship with a professional, established IT firm. “What we’re finding is that most of them do have relationships with IT personnel but are not educating them about the risk that remote users pose”, confessed Scott.

Implementing just a few of these practices will make the IT team at your company respect you a little bit more. So, here are some tips on how to work remotely the right way, in complete compliance with cyber security preventative practices.

Secure All Your Devices

This might be a tedious and time-consuming task, but it’s something that is absolutely necessary to prevent hackers from gaining the upper-hand! Below, you’ll find advice on what you could do to limit access to personal data in your device.

  • Enable 2FA: To enable two-factor authentication, we might need to access both or personal and work accounts and follow the instructions that each platform provides. You could also use an authenticator app (like Authy, Duo Mobile, or Google Authenticator).
  • Enable Remote Wipe: To set up remote wipe on your Android, Apple or Windows mobile device, first you’ve got to go to Settings, turn on the Find My Phone feature, and then active the erase device command in your phone.
  • Encrypt your Hard Drive: In Mac, you just need to turn on the FileVault, and in PC, turn on BitLocker.

Scott says the biggest problem the NS team finds is that there is no process in place. Sometimes, when users remote-wipe their work device, it’s already too late because too much time has passed. That’s the benefit of working with an IT team: they have emergency security protocols in case these things happen and will act fast to minimize the threat.

Connect to the Internet Safely

Avoid public Wi-Fi/hotspots and use a VPN service if you absolutely need to connect from an unsecured network and get some work done ASAP. If you have the budget, you could also purchase your own mobile router and configure the network’s settings, or you could enable your personal mobile hotspot with your cellphone wireless provider (most big telecommunications companies can enable this feature on smartphones).

Communicate Securely

One thing that will help avoid data leaks is using secure videoconferencing and messaging apps, like Signal and WhatsApp. Here’s another practical tip: if you deal with company trade secrets or sensitive data, avoid talking about work in public spaces (remember: IRL there’s no such thing as a “cone of silence”, and people WILL be listening regardless they want to or not).

According to Scott, company communication should not be discussed in a public marketplace where anyone could misappropriate the intellectual property of your business. This happens to entrepreneurs often. They let their guard down while discussing their start-up ideas with their prospective clients over delicious coffee, and just like that, their new business concept has been stolen.

Use Productivity/Team Collaboration Apps Setting Up User Permissions

Your boss might ask you to use time tracking or task management apps, or to be “online” at all times so he/she can know if you’re actually working. However, you must know something: even though these tools maximize productivity, they could be detrimental for your company’s security.

Don’t assume these platforms are completely safe, as that would be a big mistake! It’s important that you keep high-security standards when using collaboration apps. That way, you will avoid revealing sensitive company and client data to malicious hackers.

Take a look at the security settings of the apps you’re using for team collaboration and project management and take the time to make your account harder to get into. Also, Scott recommends to validate any product that you use online. Check if they’re compliant with the latest security practices, and that they maintain their software and patch the bugs regularly.

Safely Access Your Work Email

Only send emails to co-workers who have company email addresses. For example, if your company is using G-Suite, don’t send personal or work emails from that G-Suite account to people outside the company network.

One of the biggest cyber security threats right now is phishing, as the techniques and methods have gotten more and more sophisticated with the years. Malicious emails are now more realistic than ever.

Scott especially warms about the dangers of phishing and spearfishing. “You’ve got to make sure that the person who’s emailing you is who they say they are. Any invoices you receive, claims of donations, or any prompts to reset the password to your bank account are all red flags, and you could be sending your personal and banking information to a hacker who could end up being able to access your governmental and financial records.”

Promote Remote Work Best Practices, Ensure Compliance!

Remember, promoting cyber security practices and cyber threat awareness is the best strategy to prevent embarrassing situations like data leaks. Train your employees, vendors and contractors on cyber security best practices, which include using strong passwords and password managers, turning off social logins (via Facebook and Twitter), set up or strengthen the spam filter on both your personal and work email, installing anti-malware software, and setting up a secure browser like Chrome with extensions like HTTPS Everywhere, Password Alert and uBlock Origin.

Also, remind your fellow employees with access to sensitive/valuable data to enforce these security measures, so everyone in your team can be safe from cybernetic threats.

Additional Remote Working Tips for the Holidays

Santa is making a list and checking it twice, and so are hackers. Don’t forget that. Just remember these tips, and never, EVER use personal, unmonitored devices to connect to company websites or access company data!

Scott’s final recommendation, said in a joking manner, is that if you don’t feel like you have any security measures in place as a remote worker, then just quit the Internet altogether. “It’s truly the only way you’ll be 100% safe from online threats”, said Scott while laughing.

If you must or need to work remotely and want to do it the right way, talk to us. We’ll help you set up a secure remote work environment (a “Workplace”, if you will) so you can safely access your work apps, files and website accounts, no matter where you are!

Want to know how your cyber security knowledge as a remote worker stacks up? Take this quiz!
Remote Worker Cyber Security Test