2. We’ve created a packaged solution specific to providers. Our solution helps keep patient records and sensitive
data secure. You can be confident that Encyphr’s solution is the best choice for your data protection needs.
FirewallWeb Security Cloud BackupHIPAA Policy Antivirus Encrypted Email
The Department of Health and Human Services (HHS) requires all Covered Health Care Providers
to comply with HIPAA and the Security Rule. These rules require addressable measures be taken in
regards to Privacy and Security. To comply with the Security Rule, covered entities must assess
security risks, implement solutions, and re-assess periodically to maintain protection and compliance.
With sensitive ePHI, personal records and customer privacy that all need protection, you can be
confident that Encyphr’s solution is the best choice for you. Our mission is to prevent these issues
using the latest technology and compliant solutions.
+PHYSICIANS +CHIROPRACTORS +PHYSICAL THERAPISTS
+DENTISTS +ORTHODONTISTS +HEALTHCARE BILLING
+HEALTHCARE LAWYERS +HEALTHCARE INSURANCE
Why should Healthcare Practices worry about security?
Healthcare providers may believe that if they are small, they will escape the attentions of digital
attacks. Yet, every day there are new attacks aimed specifically at small to mid-size organizations
for the very reason that they are low profile and less likely to have fully protected themselves. It is
vital to do as much as possible to protect sensitive health information or data. The consequences
of a successful cyber attack could be very serious, including loss of patient trust, violations of the
Health Insurance Portability and Accountability Act that can come with hefty fines.
3. The Code of Federal Regulations Title 45 Part 164.312 e(1) states,
that covered entities must implement technical security measures to
guard against unauthorized access to electronic Protected Health
Information (ePHI) that is being transmitted over an electronic
communications network.
WHY DO I NEED A FIREWALL?
NETWORK SECURITY
WHAT DOES A FIREWALL DO?
Firewalls are devices that control the flow of network traffic between networks that employ differing
security measures. By employing firewalls to control connectivity between internal and external internet
communications, an organization can prevent unauthorized access to its systems and resources. We ship
our firewall to your office, and partner with a local IT Provider to install it on your network. This, along
with our web security software, is one of the most advanced small business protection systems available
today.
At Encyphr, we utilize a web security solution that’s advanced, yet highly
cost-effective. Our cloud-based SecureAnywhere solution enables
offices to achieve the right level of security while maintaining productive
web access for employees. The service stops web abuse, minimizes
malware risks, and consistently enforces content and access policies that
optimize productive web usage. Utilizing this advanced software on each
of your devices, we create a dual-layer of protection when combined
with our physical firewall.
ANTIVIRUS
Malware and viral attacks don’t just wreak havoc on most computers,
they cause numerous issues for small business owners if security is
compromised. Conventional antivirus protection is struggling to
keep up with today’s threats and attacks. It slows down machines,
and is complex and resource-intensive. This is why Encyphr partners
with the best cloud-platform in the business to effectively stop
malware and zero-day threats at the moment of attack.
HIPAA POLICY + RISK ASSESSMENT
Your first step in implementing the Security Rule in regards to HIPAA compliancy is to create
a Manual to document policies and procedures. A Risk Assessment should be performed to
determine your offices' liability. We provide a policy manual and risk assessment document to
walk you through this process. You should ensure that these policies and procedures accurately
reflect the actual activities and practices exhibited by your business, staff, systems, and
business associates. Walking through this manual is your first step in identifying areas that you
need to work on, and documenting the procedures you are implementing.
4. Part 164.310(d)(1) of the Security Rule states that cove-
red entities must address how their data is backed up. An
offsite backup is required to safeguard data. Ensure that an
exact retrievable copy of the data is retained and protected
to protect the integrity of ePHI.
WHY DO I NEED DATA BACKUP?
DATA BACKUP
Keeping a copy of your data safe and off-site is a crucial step in protection. To
ensure data safety, we create a cloud-based, encrypted data backup of your main
server or file serving desktop computer. This ensures that important data is kept
safe in a third-party location for disaster recovery. We utilize compliant storage
servers with industry leading 256-Bit encryption during transmission, and while in
the cloud storage. This process is automated and monitored by our team.
COMPLIANT E-MAIL
What about sending private information through email? We provide an encrypted, complaint
email account for you to safely send those private documents to recipients. It works through
web-browsers and Outlook, and can be sent to anyone. We can utilize existing Gmail, Google
Apps and Yahoo accounts, or create one for you. This specific email address creates a layer of
safety to send important documents. Section 164.312(e)(1) of the Security Rule requires
covered entities to develop and implement transmission security policy and procedures. Our
encrypted email helps aid in that process by creating a tunnel of encryption for emails sent via
our compliant solution.
Top 10 Security Measures you can take for your Office
+ Use Strong Passwords and Change them regularly
+ Install and maintain Anti-Virus Software
+ Use a Firewall
+ Control access to protected health information
+ Control physical access
+ Limit network access
+ Plan for the unexpected
+ Document Policies and Procedures
+ Protect mobile devices that access your system
+ Establish a culture of security and training
The information contained in this guide is not intended to serve as legal advice nor should it substitute for legal counsel. The guide is not
exhaustive, and readers are encouraged to seek additional detailed technical guidance to supplement the information contained herein.