Author Archives: Blog HIPAA

FREE WEBINAR and LIVE Q&A on HIPAA, Cyber Hacking & ePHI Security

In today’s healthcare environment, we have the dual challenge of compliance and security – that is, how do we stay compliant and stop cyber hackers from accessing our ePHI? In this webinar, we look forward to discussing the current state of cyber hacking techniques, ePHI security and HIPAA compliance.

Join eFax Corporate® for this informative discussion on:

  • Cyber hacking – the stages of a data breach, types of breaches, prevention tips
  • HIPAA compliance – HIPAA standard on encryption and integrity of transmission, compliance pitfalls
  • ePHI transmission – what is considered a secure transmission, common methods, how healthcare companies use cloud faxing to transmit ePHI


HIPAA and Ransomware Fact Sheet

A recent  report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). 1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.

July’s HIPAA Chat

The HHS and OCR has begun Phase 2 HIPAA Audits of Covered Entities. Clearly, CEs need to have a vision for maintaining compliance including having a plan that addresses administrative, technical and physical aspects of HIPAA Security, on a daily, weekly, and monthly basis.

Pose a question on the registration form or attend live and ask your question then.

This month’s event is hosted by Bob Grant and Marc Haskelson of the Compliancy Group.

HIPAA Chat is sponsored by: eFax Corporate® is a brand of j2 Cloud Services™, Inc. (NASDAQ:JCOM). Founded in 1995, j2 is an award-winning, leading provider of Internet services through its two divisions: Business Cloud Services and Digital Media. As of December 31, 2015, j2 had achieved 20 consecutive fiscal years of revenue growth. For more information about eFax Corporate®, please visit:



Webinar: Managed Services Retention

In this webinar you will learn how to create and retain relationships with your clients to ensure a long term business, add value and add the correct offerings to keep your clients.


Presented by David Steizl


HIPAA Audits and Business Associates

OCR outlined the specifics of their new Phase 2 HIPAA Audits back in Marc, stating that: “The Phase 2 HIPAA Audit Program reviews the policies and procedures adopted and employed by covered entities and business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.”

Compliancy Group is the only solution on the market that covers the full spectrum of HIPAA regulation for Business Associates, MSPs, and Covered Entities not only for Phase 2, but for the entire HIPAA rule.

“Our team of expert Compliance Coaches are trained to understand the entire rule of HIPAA compliance, including OCR’s 2016 Phase 2 HIPAA Audits,” said Marc Haskelson, President and CEO of Compliancy Group. “The needs of Business Associates and Managed Service Providers are just as important as the needs of Covered Entities when it comes to HIPAA, and we’re proud that The Guard is the preferred HIPAA compliance solution for Business Associates and Managed Service Providers across the health care industry.”

Click here to learn more about Compliancy Group’s ongoing HIPAA education, including the upcoming webinar on “The Relationship Between HIPAA Compliance and Business Associates” on July 21st at 2:00pm eastern.

Attend this month’s HIPAA Chat

What does it mean to be “HIPAA Compliant” and how do you get there?

Please ask questions on the registration form or attend live and you will be able to ask questions then as well!

This month’s event is hosted by Bob Grant and Marc Haskelson of the Compliancy Group.



Lessons from 2015 – The Year of the Healthcare Breach

Why even the best IT security technologies are not enough – you need to build a culture of cyber security

There are two important lessons that thought leadership responsible for protecting ePHI in healthcare organizations should take away from the breaches in ePHI that occurred in 2015. First, it’s clear that there’s been a shift away from lost or stolen devices as the leading source of data breach to cyber-hacking as the primary source. In fact, over 90% of the top ten breaches in 2015 were categorized as “Hacking/IT Incident”. Furthermore, a Ponemon institute survey on Privacy and Security of Healthcare Data found that there’s been a corresponding 125% increase in cyber-attacks on healthcare businesses in the last five years – a frightening statistic.

Secondly, and perhaps not as obvious, is that in many cases, human error – that is, a ‘negligent insider’ within the compromised company – was at least partially responsible. For example, cyber hackers in the 2015 Anthem breach reportedly leveraged a spearphishing attack, using a fictitious but authentic email to dupe employees into giving up their user name and password credentials in order to gain access to backend systems containing PHI.

The proliferation of spearphishing and other social engineering methods employed by cyber-criminals is proof that people may still often be the weakest link in your organization’s security ecosystem. Without proper training and security awareness, even the most robust security technology and encryption may not prevent breaches, as they are initiated from the inside by users with access to highly sensitive information. Encryption, in this case, is rendered useless because the proverbial ‘keys to the kingdom’ have been stolen through social engineering techniques like spearphishing.

Smart IT managers and thought leaders are addressing their organization’s vulnerability to social engineering and other cyber-hacking techniques by creating a culture of cyber security. That means that your employees should undergo proactive education and training on the methods and techniques employed by the bad guys to try to trick them into providing passwords or login credentials. It also means explaining cyber-security in non-technical terms, so that your non-technical employees can fully understand what’s required of them. Lastly, you should revisit your established policies and procedures to reinforce common sense security practices that can often be overlooked or misunderstood in application. For instance, passwords written on sticky notes posted on workstations, or unintentional disclosure of PHI to unauthorized persons in common waiting areas are still common sources of potential breach events.

By demonstrating to your employees that security of protected health information is as important as their patient’s health, you can proactively work to stave off potential breaches. Simply put, everyone needs to understand the importance of staying vigilant and maintaining security consciousness at all times when it comes to ePHI.

A Culture of Cyber Security in Your Organization Can Include:

  • Training all staff on comprehensive data security awareness and on your organization’s policies, procedures, and access controls.
  • Implementing strict policies regarding the storage of ePHI on unauthorized removable media or mobile (BYOD) devices.
  • Deploying strong encryption and security protocols for the transmission of ePHI to Business Associates (BAs) and Covered Entities (CEs), such as secure cloud faxing using TLS encryption.

If you’d like to learn more about IT best practices and other topics related to healthcare IT and secure cloud faxing, you can read our blog posts on Building a Culture of Cyber Security, Defending Against Cyber Attacks, OCR Phase 2 Audits, and BYOD Best Practices at

As the leading provider of secure fax solutions for the healthcare industry, eFax Corporate can help you to ensure that your fax transmissions containing ePHI are always secure, and help you utilize the strongest encryption (TLS) to protect against cyber hackers and other malicious attacks.

About Michael Flavin

Michael Flavin

Michael Flavin is Sr. Product Marketing Manager at j2 Cloud Connect, a division of j2 Global and is responsible for the go-to-market strategies for the eFax Corporate® suite of solutions. eFax is the world’s leading online fax provider and helps thousands of companies in highly-regulated industries, including healthcare, to transmit and manage sensitive documents efficiently and securely.
Follow me: SpiceWorks     LinkedIn

Webinar: HIPAA Compliance Tune-up for 2016

Wednesday, March 9th from 2:00 EST

Healthcare IT thought leadership and practice managers continually seek ways to foster a culture of alertness when it comes to HIPAA compliance. They have the dual challenge of staying on the right side of federal regulators and stopping would-be hackers. This is especially true given the potential impact a data breach can have on their organization’s reputation and bottom line. By reflecting on 2015, it becomes clear that covered entities and business associates alike will continue to prepare to mitigate the threat of cyber-attacks and the planned ramp up of OCR Phase 2 Audits.

HIPAA compliance Tune-up for 2016 is the topic of this webinar – which will be focused on mitigation strategies Covered Entities and BA’s alike can take to minimize the risk of data breach or actions prompting an OCR Audit.

To register for this FREE webinar please visit Watch the Webinar