HIPAA calls for careful social media behavior

Healthcare providers that use social media platforms like Facebook and Twitter can interact with their patients, advertise new services, and communicate urgent announcements. Even though there’s immense potential for social media to improve healthcare, it can also expose patient-specific information when used irresponsibly.

What social media actions violate HIPAA rules?

Posting patients’ protected health information on social media, even if it’s accidentally, without the patients’ permission or authority is a violation of HIPAA regulations. This includes actions like:

  • Sharing pictures (like a team lunch in the workplace) with patient information visible in the background
  • Sharing any form of PHI (such as images or videos)
  • Posting any information that could identify an individual
  • Sharing gossip about a patient, even if the patient’s name is not mentioned

What are the consequences of violating HIPAA?

People in the healthcare industry should not treat HIPAA violations lightly. If an employee is found guilty of breaking a HIPAA rule, they could face fines between $100 and $1,500,000 depending on the severity of the violation. They could also face a 10-year jail sentence, lawsuits, job termination, and revocation of their medical license.

How can healthcare organizations prevent violations?

There are simple ways to avoid HIPAA violations while using social media:

  • Don’t post stories about patients on social media. Even if the patient’s name is omitted, the patient could still be identified by their diagnosis or treatment.
  • Check the background of photos before posting. Make sure there are policies that prohibit employees from posting photos of a patient or their information.
  • Prohibit employees from offering medical advice on social media. It’s best practice to refrain from posting diagnosis or treatment plans on social media, even if a patient asks for medical advice.
  • Always get written permission. Sometimes, a patient’s story is too great not to share. Maybe they made an astonishing recovery or exhibited great strength in the face of adversity and you want to share their accomplishment. In cases like these, ask for written permission from the patient before posting anything on social media.
  • Undergo training on HIPAA security and HIPAA privacy procedures and policies. Make sure to discuss topics such as workstation use, workstation security, and using personal devices for work. These procedures ensure that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written, or oral.

Do you work in the healthcare industry and need help managing IT and privacy issues? Feel free to call us today!

This post was originally published on this site

HIPAA calls for careful social media behavior

Healthcare providers that use social media platforms like Facebook and Twitter can interact with their patients, advertise new services, and communicate urgent announcements. Even though there’s immense potential for social media to improve healthcare, it can also expose patient-specific information when used irresponsibly.

What social media actions violate HIPAA rules?

Posting patients’ protected health information on social media, even if it’s accidentally, without the patients’ permission or authority is a violation of HIPAA regulations. This includes actions like:

  • Sharing pictures (like a team lunch in the workplace) with patient information visible in the background
  • Sharing any form of PHI (such as images or videos)
  • Posting any information that could identify an individual
  • Sharing gossip about a patient, even if the patient’s name is not mentioned

What are the consequences of violating HIPAA?

People in the healthcare industry should not treat HIPAA violations lightly. If an employee is found guilty of breaking a HIPAA rule, they could face fines between $100 and $1,500,000 depending on the severity of the violation. They could also face a 10-year jail sentence, lawsuits, job termination, and revocation of their medical license.

How can healthcare organizations prevent violations?

There are simple ways to avoid HIPAA violations while using social media:

  • Don’t post stories about patients on social media. Even if the patient’s name is omitted, the patient could still be identified by their diagnosis or treatment.
  • Check the background of photos before posting. Make sure there are policies that prohibit employees from posting photos of a patient or their information.
  • Prohibit employees from offering medical advice on social media. It’s best practice to refrain from posting diagnosis or treatment plans on social media, even if a patient asks for medical advice.
  • Always get written permission. Sometimes, a patient’s story is too great not to share. Maybe they made an astonishing recovery or exhibited great strength in the face of adversity and you want to share their accomplishment. In cases like these, ask for written permission from the patient before posting anything on social media.
  • Undergo training on HIPAA security and HIPAA privacy procedures and policies. Make sure to discuss topics such as workstation use, workstation security, and using personal devices for work. These procedures ensure that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written, or oral.

Do you work in the healthcare industry and need help managing IT and privacy issues? Feel free to call us today!

This post was originally published on this site

Microsoft 365 data loss protection: A quick and easy guide

Businesses of all sizes and across all sectors are turning to Microsoft 365 for the productivity-boosting benefits it offers. Many also choose the subscription service for its robust security features designed to safeguard against cyberthreats of all kinds. To make the most out of these functionalities and ensure your business data’s security, follow these tips.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since employees often use personal smartphones or computers to access their work email, calendar, contacts, and documents — especially if they’re working remotely — securing employee-owned devices should be a critical part of protecting your organization’s data. Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multifactor authentication

Relying on a single password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Instead, enable multifactor authentication (MFA). MFA requires users to supply additional credentials on top of a password before they can access their accounts. This makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity, preventing hackers from taking over users’ devices and accessing private information.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Give us a call today — our team of experts are here to help.

This post was originally published on this site

Microsoft 365 data loss protection: A quick and easy guide

Businesses of all sizes and across all sectors are turning to Microsoft 365 for the productivity-boosting benefits it offers. Many also choose the subscription service for its robust security features designed to safeguard against cyberthreats of all kinds. To make the most out of these functionalities and ensure your business data’s security, follow these tips.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since employees often use personal smartphones or computers to access their work email, calendar, contacts, and documents — especially if they’re working remotely — securing employee-owned devices should be a critical part of protecting your organization’s data. Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multifactor authentication

Relying on a single password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Instead, enable multifactor authentication (MFA). MFA requires users to supply additional credentials on top of a password before they can access their accounts. This makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity, preventing hackers from taking over users’ devices and accessing private information.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Give us a call today — our team of experts are here to help.

This post was originally published on this site