Tag: HIPAA

Why Secure Disposal Matters Secure disposal of WashU hard drives is much more than throwing away old equipment. Some devices being reused, transferred, donated, or converted to personal use may still contain recoverable data, such as Protected Health Information (PHI), that the next user may not be authorized to access. This is why it is important to follow WashU IT’s secure disposal process anytime you handle disposal of a workstation.  Deleting Isn’t Enough Did you know […]

Running an old version of Windows might seem harmless—after all, “it still works.” But when Microsoft ends support for an operating system, that means no more security updates, no patches for new vulnerabilities, and no help when things go wrong. Hackers know this, and they actively target outdated systems because they’re easy to attack.  In a university environment, especially one that has access to […]

If you become aware of or suspect a HIPAA privacy or security incident, it must be reported immediately. WashU is subject to stringent regulatory requirements that necessitate the prompt investigation of any alleged incidents in order to assess their impact and to take appropriate corrective actions. How Do You Report a HIPAA Incident? Report HIPAA […]

A business associate (BA) is a person or entity, not part of the WashU workforce, who creates, receives, maintains, or transmits protected health information (PHI) on behalf of WashU.  Examples* of BAs include software or application vendors, data analytics and conversion companies, consultants, and document storage and disposal vendors. The HIPAA Rules generally require that […]

WashU workstations are carefully designed to have a core set of security applications to protect them from unauthorized access and comply with the HIPAA Security Rule. Equipment not sourced from our IT Depot, and WashU IT equipment with missing or disabled security controls, significantly increases the risk of an incident including ransomware or other loss of […]

All WashU community members who handle PHI are responsible for maintaining a secure environment and patient privacy. This includes faculty, staff, volunteers, trainees, and students. WashU’s core technology systems are designed to safely store and transmit PHI for safety and compliance with HIPAA. Before using external websites or cloud services to store, create, or transmit WashU Confidential […]

What if you are still running Windows XP or 7 on some of your computers? Extended support for Windows 7 ended on January 14, 2020, over 10 years after the release of Windows 7. Now the operating system no longer receives security updates. Some versions of Windows 10 and 11 are already unsupported. Devices with an […]

Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available […]

The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]