Questions tagged [hipaa]

12 questions
12
votes
2 answers

How to Protect Sensitive (HIPAA) SQL Server Standard Data and Log Files

I am dealing with electronic protected health information (ePHI or PHI) and HIPAA regulations require that only authorized users can access ePHI. Column-level encryption may be of value for some of the data, but I need the ability to do like…
Quesi
  • 223
  • 2
  • 8
11
votes
2 answers

Should I encrypt OS disk with BitLocker for HIPAA compliance

I am looking into hosting a HIPAA compliant web application on Azure VM's. For the database, right now I am leaning towards using a VM with SQL 2014 Standard Edition. Since TDE is not available with Standard Edition, I am going to just use…
blizz
  • 1,094
  • 1
  • 26
  • 46
6
votes
1 answer

Are GoDaddy dedicated managed servers HIPAA compliant?

I keep getting the run around from godaddy regarding HIPAA compliance. Does anyone have a researched answer on this matter? We have dedicated 5505 and dedicated server with them and I wanted to know if it is possible to make this setup HIPAA/HITECH…
mson
  • 496
  • 1
  • 8
  • 16
6
votes
2 answers

Sending HIPAA compliant e-mails

At a small office, my clients' HR department needs to communicate with some vendors regarding HIPAA-covered material. How do most companies deal with securely sending e-mails regarding HIPAA. I would prefer to encrypt the e-mails themselves…
Brett G
  • 2,023
  • 1
  • 27
  • 45
4
votes
2 answers

Can I remove the external IP from my GKE cluster?

I've just started using Google Kubernetes Engine (GKE) and I love it. I spent some time getting an Internal Load Balancer working so my app has a 10.128.0.0/16 IP. Now I am wondering, can I remove the external IP from my cluster? All I am finding…
3
votes
4 answers

Is STARTTLS sufficient for HIPAA

Is the use of STARTTLS during communication between an internal email server and external recipient sufficient to meet HIPAA guidelines? If so, is it required that TLS be forced?
Gerard
2
votes
2 answers

Client wants to route all my internet traffic through their VPN, but why?

I am currently working with a client in the healthcare sector. Part of the work will involve contact with sensitive patient health information (PHI). The client uses AWS and keeps their sensitive data inside of a Virtual Private Cloud. It is…
Matt Alexander
  • 220
  • 2
  • 10
2
votes
1 answer

What are HIPAA rules concering RPO and RTO for a doctors office?

I am planning system upgrades at several Group Practice doctor offices. I am asking them questions concerning what their RTO (Recovery Time Objective) and RPO (Recovery Point Objective) may be so I can balance their budget with those…
Keith Sirmons
  • 740
  • 3
  • 13
  • 23
1
vote
2 answers

Exchange secure email recipient validation

I have a customer that needs to have their email recipients verify their identity before opening an email with sensitive material in it. For example if I send an email to jsmith@domain.com I need something to pop up and ask "what are the last four…
msindle
  • 605
  • 8
  • 26
1
vote
2 answers

Google Cloud - Hipaa Compliance - PgAudit vs IAM Audit Logs

Our infrastructure is hosted on Google Cloud and uses postgresql instances via Cloud SQL I need to configure logging for HIPAA compliance. I have read 2 articles from Google's…
0
votes
1 answer

Does disk encryption on a hyper-v partition work and is it effective and stable?

I have a new health care IT customer requirement. They're file server is a virtual 2012 R2 running on a Dell PE with 2012 R2 Hyper-V. The Dell PE with 2012 R2 Hyper-V server has two partitions. 1st partition is for the 2012 R2 OS and the 2nd…
0
votes
1 answer

Does our server need to be hipaa compliant to host a form?

We have a client(pharmacy) that wants a form on their website that submits to an api that is a hipaa compliment service. We are not storing any data, only sending. Does our server/system need to be hipaa compliant?
Harpua
  • 53
  • 1
  • 8