Medical Software Application including mobile, web, IoT and back-end applications that process Protected Health Information (often abbreviated to PHI, or ePHI when it is stored or transmitted electronically) are required to comply with HIPAA requirements. Examples of these applications include eHealth or mHealth app that collects personal data about the person are required to use [...]
The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule, effective March 26, 2013, greatly expands privacy and security standards, compliance actions, breach notification steps, and penalties. The new regulations allow for fines of more than $1 million for health record breaches. The potential for data breaches is significant and increasing. Stakeholders must act [...]
The Department of Health and Human Services (HHS) has issued the HIPAA Omnibus Final Rule in January 2013. The rule’s security and privacy implications lie in its strengthening of regulatory protections for patient information and increasing fines for HIPAA violations. HHS has taken a series of steps to strengthen patient privacy protections and to monitor [...]
Third party organisations that successfully complete a SOC 2 audit can offer their clients reasonable assurance that an independent reviewer has assessed their controls that relate to operations and compliance; and they meet the criteria prescribed by AICPA for the five TSCs. The report helps to prioritise risks in order to ensure that high quality [...]
Enhanced SOC 2 reports are highly flexible tools that can incorporate multiple frameworks and industry standards into third-party assurance reporting. For Outsourced Service Providers (OSP’s), the benefits are even more significant. Consider that these businesses must often respond annually to hundreds of individual audit requests, customer questionnaires, and requests for proposals. Many of these requests [...]
When considering the broad spectrum of services provided by outsourced service providers in today’s marketplace, some service types lend themselves clearly to one SOC reporting option over another. To best understand the reporting options, it’s important to consider the intended use and audience in each case. There are three SOC reporting options currently available in [...]
Like all software, mobile apps often contain vulnerabilities (introduced by errors in design or implementation or by malicious intent) that can expose a user, a mobile device and its data or enterprise services or its data to attacks. Any one of many simple errors that a developer can make potentially exposes the sensitive data or [...]
A new Android malware called Joker (after the manic Batman villain) has been discovered which can gain access to a victim’s SMS messages, contacts list, and other specific device information. It can also sign victims up for premium subscription services without their knowledge. The malware has been reported to have infected a total 24 apps [...]
Third party organisations that successfully complete a SOC 2+ audit can offer their clients reasonable assurance to demonstrate that effective internal controls are in place and these controls pertain to the criteria covered in the AICPA Trust Service Principles, as well as many of the detailed requirements covered in other regulatory and industry-specific frameworks. Service [...]
In relation to medical software applications, the term HIPAA compliant means that the application meets the technical and physical safeguards of the HIPAA Security Rule. If you are hosting an application in a HIPAA-compliant environment then it does not make the application HIPAA-compliant. If you build an eHealth or mHealth app that collects personal data [...]
