Chat with us, powered by LiveChat

HIPAAOne statement on Heartbleed

HIPAA One Heartbleed update:

You are probably aware of the Heartbleed Bug. This vulnerability is in the OpenSSL cryptographic software library (CVE-2014-0346 / CVE-2014-0160).  There has been a tremendous amount of media coverage due to the severity of this bug.

This bug enables someone to read the memory of systems protected by vulnerable versions of OpenSSL software

. More details can be found here: http://heartbleed.com.  In summary, an information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160)

HeartbleedAfter analyzing our cloud infrastructure at https://secure.hipaaone.com, we found that no production servers were impacted by this bug.

We conduct regular vulnerability scans and are commencing with periodic ethical hacking.  This helps provide assurances we are current with vulnerabilities and managing risk in our production platforms.
Thank you for your attention to this matter.

For anyone else who is running Linux, and and are running OpenSSL it internally, we recommend you apply the security patch issued by RedHat or equivalent against affected servers and restart the OpenSSL service. For example, you can issue “openssl version” from the command line to determine if it is running a version susceptible to the bug. The RedHat security advisory is included here for your reference.

https://rhn.redhat.com/errata/RHSA-2014-0376.html

Steven Marco

HIPAA One® President

HIPAA One® 2.0 Is Live

bobby-hippoAs of February 14, 2014 we are live with 2.0!  After 3 months of full-time beta testing, we felt confident in HIPAA One® 2.0’s ability to function without bugs and pushed it into production on http://login.hipaaone.com.

The following audiences can take advantage of HIPAA One®:

  1. Healthcare Clinic and Administrative staff
  2. HIPAA Compliance, Security and Privacy Officers
  3. Audit and Healthcare Consultants
  4. Business Associates
  5. Fraud and Abuse Professionals

Our new features in 2.0 include:

  1. Executive dashboards for remediation tracking progress.
  2. Added subjective “Risk Remediated” checkbox for remediation plan updates.
  3. Parent-Child relationship for regional and affiliated Clinic and Hospital organizations.
  4. Import/convert historical HIPAA One® Risk Analysis data for simple Risk Analysis updates.
  5. ePHI System Administrator role added to better handle multi-EHR, EPM, PACS, RIS, and ePHI system environments.
  6. Can marry ePHI System to existing or new location – avoiding redundant questions.
  7. Improved workflow for cloud or hosted systems.
  8. Compliant with Meaningful Use Stage 2 (CM 7/9 for EH/EP) and Stage 1 (CM 14/15 for EH/E.P.) requirements.
  9. Added ASTM_E2147-01,  and 45 CFR 170.314(d)(4), (d)(2), (d)(3), (d)(7), (d)(1), (d)(5), (d)(6), (d)(8), and (d)(9).
  10. Automated Shopping cart functionality for customized product quotes.

Valentine’s Day 2014 was a big day both for the Healthcare Industry and Bobby – the HIPAA One® Mascot!

HIPAA One 2.0 Security Risk Analysis Solution Software Update Announcement – More Simple, Automated and Affordable Than Ever

bobby hipaa one hippoHIPAA One unveiled an update to its popular HIPAA Security Risk Analysis solution on Tuesday at the company’s headquarters in Lindon, UT.

HIPAA One announced today the release of HIPAA One 2.0, the simple, automated and affordable alternative to complex and time-consuming HIPAA Security Risk Analysis tools and spreadsheets on the market today – by people with or without a security background. To address anxiety in dealing with HIPAA requirements, HIPAA One 2.0 facilitates a “Turbo-Tax”-like guided step-by-step process making the process easier and basic. Some small clinics are reporting completing their HIPAA Security Risk Analysis and Assessment in as little as one day using HIPAA One. Hospitals are reporting success in measuring compliance on a per-location basis for clinics and affiliates.

Steven Marco, President of HIPAA One states, “We have had excellent adoption of our HIPAA One Security Risk Analysis solution in 2013. And are reinvesting our successes into features for our users, the healthcare industry to offer peace of mind they are doing the right thing when it comes to securing their patient’s identities. We guarantee compliance with Meaningful Use to protect CEHRT data requirements when using HIPAA One.”

New features of HIPAA One 2.0 include:

  1. Executive dashboards for remediation tracking progress.
  2. Added subjective “Risk Remediated” check-box for remediation plan updates.
  3. Parent-Child relationship for regional and affiliated Clinic and Hospital organizations.
  4. Import/convert historical HIPAA One® Risk Analysis data for simple Risk Analysis updates.
  5. ePHI System Administrator role added to better handle multi-ePHI system environments.
  6. Can marry ePHI System to existing or new location – avoiding redundant questions.
  7. Improved workflow for cloud or hosted systems.
  8. Compliant with Meaningful Use Stage 2 (CM 7/9 for EH/EP)
  9. Added ASTM_E2147-01, and 45 CFR 170.314(d)(4), (d)(2), (d)(3), (d)(7), (d)(1), (d)(5), (d)(6), (d)(8), & (d)(9).
  10. Automated Shopping cart functionality for customized product quotes.

Original release found on PRWeb.