How to send a HIPAA compliant email

These days, it would be unthinkable to operate any kind of business without email or other forms of electronic communication. And it’s a pretty standard practice among businesses of all sizes to at least be aware of security issues such as phishing, address spoofing, viruses, and spyware. For businesses that deal with protected health information (PHI) however, there is an added layer of security required.

We’re talking about the Health Insurance Portability and Accountability Act, most commonly known as HIPAA. HIPAA sets the standard for protecting sensitive data. All businesses dealing with PHI are required to make sure that physical, network, and administrative security measures are in place and kept in compliance.

Included in these considerations is handling HIPAA compliant email.

What’s involved?

HIPAA requires that PHI is secure both when it’s being sent and when it’s not. The email must be protected by levels of unique usernames and passwords for PCs and servers, and secure encryption procedures each time the information is sent or received.

This means that it’s not recommended to use common, free internet-based email services. If you do use an internet-based email service, you must have a signed Business Associate Agreement (BAA) which confirms that administrative, physical, and technical safeguards are being maintained. The BAA will generally cover the host server responsibility, but you’re still required to protect every other part of the email or transmission chain.

Encryption, particularly for stored files, is also your responsibility. There are many options available for encrypting data on your own computers, and failure to take steps to use encryption could result in heavy fines.

How to keep email secure

What to consider when setting up secure email procedures

  • Many email servers will encrypt emails from sender to recipient. If the recipient is not a client of that server, they are given the option to securely connect to the server in order to receive the email.
  • Patient portals allow for secure storage of PHI and other communications. An email is sent to the recipient informing them of an incoming message. They can then log in and securely receive the message.
  • When setting up your own email accounts, use strong password protections and possible 2-factor authentication.
  • While email disclaimers and confidentiality statements aren’t a guaranteed protection for you, said disclaimers should clearly state that the information sent is considered PHI and should be treated as such. This is not a replacement for encryption or other security measures.

What about the patients?

HIPAA realizes that you have no control over the email clients and security patients may use. The regulation states that as long as you’re using secure email and encryption on your end, you are not responsible for what happens on the patient’s end of things. Well… there are a few conditions:

  • You must have a fully secure, alternate option for patients to receive information (such as a patient portal).
  • You must inform patients that their personal email clients may not be secured. If they still want the information, it’s all right to send it.
  • You must document the above conditions.

Protecting different types of emails

Not all emails are sent from a provider’s office to a patient. Emails sent between doctors located in different locations, and not sharing a secured network or email server must also use encryption. Likewise, doctors who email PHI from their home computers to their work accounts must use encryption to avoid HIPAA violation. While in-office emails using the same secured email server don’t have to worry about additional encryption, remote access situations must follow encryption procedures.

In conclusion

Don’t become overwhelmed by the many requirements for sending a HIPAA compliant email. Consider working with a managed IT services provider experienced in HIPAA compliance and technology.

Detecting Foreign and Domestic Invasions

At the risk of sounding alarmist, our typical duties and responsibilities as a Managed Service Provider involves analyzing connection and activity logs and – sometimes – blocking potentially unwanted activity.

A few of our customers still use passwords instead of Multi-Factor Authentication. If that customer only operates in Denton from 7AM to 6PM, then it’s a pretty safe bet that midnight “Login Failures” from Virginia, Oregon, or even China are attempts to break into protected services. Thanks to a mix of new auditing tools, not only can we investigate specific login attempts, we can also research unusual activity from suspicious users and guests in the cloud.

RWA technicians can not only keep an eye on your services, but decode the relatively esoteric results you get from an audit sweep. One of our recent adventures involved investigating rule changes in Outlook – an approved piece of software changed inbox rules to redirect new mail to the MSN Communicator folder. It’s the sort of change that only makes sense if you remember the state of technology from 12 years ago, and RWA technicians can help walk you through the implications of detected activity.

Unfortunately, the cybersecurity landscape only seems to get more challenging with each year, but RWA is here to help. Contact us if you need help with any cybersecurity concerns or questions.

Annual maintenance tips for PCs in the home and office.

The last few years have been crazy – and there’s no real end in sight. Most computers built before 2018 will need to be replaced by 2025 in order to receive support through Windows 11, but selection and options on store shelves are at an all time low. Until you’re ready to make your next purchase, keep your computers going strong with the following tips.

1. Remove programs you no longer use

Are your devices running slowly? It could be all of those programs you downloaded this year — accounting tools, marketing software, business applications, etc.  Get rid of programs you no longer need and free up space in the process. You’ll thank yourself for it later.

2. Organize your desktop

Take a look at your desktop and streamline this space. Remove any files and folders you no longer use and only keep shortcuts to frequently-used applications.

“Hoarding files on your desktop not only makes it challenging to locate what you need when you need it, but it can also compromise the speed of your computer,” says HubSpot.

3. Review your anti-virus software

Hackers pose a significant threat to businesses who rely on technology to store and process data. Still, 90 percent of small businesses don’t have any data protection at all for customer and company information.

If you currently use anti-virus software, make sure it still works and perform a comprehensive scan of your systems. If you don’t have any anti-virus software at all, make it your priority to get some.

4. Change your passwords

Believe it or not, people don’t change their passwords very often. Others don’t change them at all — shockingly, 30 percent of people have never replaced their passwords. This is a big mistake. Changing your passwords on a regular basis can prevent hackers from accessing your company’s valuable data.

Use a combination of letters, numbers, and special characters — this makes it more difficult for hackers to guess your new password. Try to use different passwords for different applications, too. Use one password for your CRM system, for example, and a completely different one for your email.

5. Clean your hardware

Processors, servers, and other hardware can become dusty and dirty over time. It’s time for an end-of-the-year clean. Use a cloth to remove dust and grime from your equipment and wipe down your monitors. You can even use a clean toothbrush to remove dirt from your keyboards.

6. Clear your internet browser cache

Once you’ve dusted your hardware, it’s time to clean your software. Clear your internet cache and cookies in order to speed up your browsing experience and protect your personal information.

“Web browsers save cookies as files to your hard drive,” says computer expert Graham Cluley. “They’re small in size (only a few KB), but over time, you can accumulate a lot of them. This volume means your web browser must use more and more computing power to properly load saved web pages, which means your browser sessions will likely get slower and slower.”

Whether you use Internet Explorer, Firefox, or Google Chrome, clearing your cache can take as little as a few minutes.

Final thoughts

It’s not to late to make a fresh start for 2022. Don’t have time to complete these tasks yourself and your staff? There’s a managed service provider in Texas that can do all the work for you.

Year-End Checklist: Licenses and Employee Permissions

It’s that time of year again! Make sure you’re not spending money on unnecessary licenses, and ensure that all of your employees only have access to data they need.

A variety of new cloud products are available to fit your workforce better than ever before. Frontline and outside sales workers can collaborate with the rest of the group through Microsoft F3, while we can meet your demands for modern productivity and security with Microsoft 365 Business Premium.

If you need any guidance, RWA is here to help.

Windows 10 End-of-Support: October 14th, 2025

Several months ago, Microsoft announced the planed end-of-support date for Windows 10.

When Microsoft originally announced their plans to end support for Windows 7, most computers that supported Windows Vista and Windows 7 could also be upgraded to Windows 10. However, with Windows 11, Microsoft now has new hardware requirements that support Zero Trust networking and far more resilient protections that simply can’t be offered on hardware that doesn’t support TPM 2.0.

Contact RWA to start planning for hardware upgrades and Zero Trust networking for your business and employees. While more than 3 years seem like plenty of time – we’re currently looking at a 6 month backlog for most popular PCs, laptops, and monitors, we expect supply chains problems to continue well through 2022, and every other business on the planet will also look to upgrade their hardware… especially as the end of support date gets closer.

Your next PC will spend a lot of time parked on one of these, waiting for a spot to open up at the docks.

Security Improvements in Windows 11

Microsoft’s newest operating system only runs on new computers, typically those built on or after 2019. The core reason for this is simple: Windows 11 provides a full slate of new security features that protects your data and business from the rapidly escalating danger posed by cyberattacks.

Traditionally, Windows has been a general purpose operating system. Your business had nearly complete control of software, configurability, and security. Contrast this to your typical cellular phone running on a carrier network – locked down, restricted to apps approved by Google and Microsoft, not customizable. In practice, Windows 11 will take a middle ground approach – while you can still install other operating systems on your hardware, Windows 11 will only boot up if the motherboard and operating system verifies that everything is secure and intact. While it is possible to run Windows without this, you’ll be locked out of protected data and applications, the same way a modern DVD player might reject a bootleg video purchased at a foreign airport.

With this new foundation, Windows 11 is also able to take advantage of new processor and virtualization features. It’s now possible for a Medical EMR or Financial System application to completely reject access from other processes on the the computer, effectively blocking the ability for private and secure data to leak through untrustworthy software. Malware and ransomware can no longer completely hijack a computer and motherboard unless an administrator disables protection. Even the traditional concept of a system administrator with full access – a classic and social point of vulnerability – is mitigated through a new concept in: Zero Trust Security

We strongly recommend Windows 11 for all of our Medical Practices and Financial Services clients. If you’d like to learn more, or to schedule a complimentary Network Assessment, please reach out to RWA today.

Windows 11 Arrives October 5th

Over the next few weeks, RWA will provide a preview of new features, security improvements, and more in Microsoft’s latest upgrade to the Windows operating system.

If you’re interested in Windows 11 and would like to know if your computers are ready to support it, please reach out and schedule a complimentary Network Assessment today.

Windows 11 will require Secure Boot and up-to-date processors and security hardware modules. If your computer is not compatible, it will not upgrade to Windows 11, and you will not receive additional protection against malware, ransomware, and rootkit attacks. We will strongly recommend the Windows 11 for all of medical and financial services clients.

For home users, keep an eye out for notifications from Windows 10 about the upgrade, as Microsoft will slowly roll out to new system over several months.

As always, feel free to reach out to RWA with questions about Windows 11 or any other Information Technology topics.

Keeping Up With Supported Versions of Windows Desktop and Server

Windows 10 End Of Life Approaching 

It’s been a solid run, and Windows 10 actually shared most of the hardware requirements of Windows Vista and Windows 7… However, going forward, Microsoft requires encryption hardware such as TPM modules and embedded security to run Windows 11 and beyond. This will ensure that content that needs to be secure stays secure, and that attackers won’t be able to replace or modify core modules of the operating system.

You’ll need to replace all of your Windows 10 computers by October 14th, 2025.

Seems like only yesterday…

Windows Server 2012 (LTSC) End Of Life Approaching

We’re seeing far more old servers around the DFW area than we’d like. Many of them no longer receive security updates, and a popular edition of Windows Server will join this list on October 10th, 2023.

New attacks targeting unsupported servers emerge every day, while foreign governments and unscrupulous corporations are quickly outpacing independent hackers as your largest threats. 

If you are unsure about the support status of workstations currently connected to your network, please contact RWA today for a network assessment. We will scan your server and all other devices for non-compliant software and equipment, then put together a plan to bring everything up to date.  

Video Conferencing – The Summer of Digital Transformation

For most of our customers, remote work has shifted from an option to a necessity over the past few months. We’ve seen millions of students and traditional workers take part in remote learning and conferencing for the first time. Here are some of the most notable developments and platforms that have emerged.

RWA is your Information Technology partner for small and mid-sized businesses in and around the Dallas/Fort Worth area. We’re here to guide you through the rapid changes we all face in today’s Information Technology environment, transition more of your services into the cloud, and adapt your staff for remote work. Contact us today!

Zoom Meetings, “Virtual Rooms” in Teams, and Fed Chair Jay Powell on a secure Cisco video conferencing device

Zoom

The founder of Zoom worked at Cisco’s WebEx for many years, leaving in 2011 after his ideas for smartphone-friendly video conferencing were rejected. Thanks to low barriers to adoption, colleges and schools across the country instantly adopted Zoom as the favored telelearning platform of the pandemic era. Increased adoption led to significant scrutiny of their security standards, and they’ve promised to fix those issues as they attempt to maintain momentum into the fall.

Microsoft Teams

Here at RWA, we’re a Microsoft Partner and an early adopter of Microsoft Teams. In the wake of the pandemic, Microsoft placed significant focus on videoconferencing in Teams and making it available to more people – but the unique selling point here is the collaboration tools they’ve built, extending into SharePoint Online and the rest of the Office 365 suite.

Slack

With a focus on collaboration for digital products, Slack has unparalleled adoption among the silicon valley crowd. In additional to excellent third-party module support, Slack is where developer go to collaborate with other developers – over video, through text messages, or even using software development tools. Slack typically starts with the development crowd then brings the rest of a company in.

Google Meet

Meet is a key component of the GSuite offering, integrating will with Gmail and all of their other tools. Deep integration, along with privacy concerns, slowed adoption and growth in 2020 – but Google Meet has been a reliable tool for many years, and we expect Google to stay active in this space.

Cisco WebEx

Cisco provides world-class security and enterprise services, and WebEx is often used to connect those customers with nearly anybody in the world. We didn’t see significant uptake in this product during the early phases of the pandemic. However, for those who in the financial or government service industries, their presence is nearly ubiquitous.

Time is running out

Save on your 2019 IT purchases with Section 179 tax deductions


“Save Money” by Got Credit is licensed under CC BY 2.0

Increased limits and new tax rules may significantly offset the purchasing and leasing of business equipment for the year, but the equipment must be placed into service before December 31st.

What Is this?

The IRS states Section 179 of the Tax Cuts and Jobs Act of 2017 allows businesses to deduct the full price of qualifying equipment, including hardware & software, purchased or financed during the tax year.  This tax deduction is limited to $1 million for 2019.

What purchases qualify?

Most new and used (must be new to you) equipment purchased outright, leased or financed qualifies, provided it is placed into service by December 31 of the tax year claimed.

Why is this important?

  • Microsoft is ending support and security updates for Windows 7 and Server 2008 in January, and this deduction could completely offset replacement costs.
  • Equipment upgrades can increase productivity, improve your IT security posture, and meet demanding new regulatory requirements.
  • New and growing businesses can expand without having to amortize these purchases over the course of several years.

Whatever the reason, the Section 179 deduction may significantly offset the purchasing and leasing of equipment by providing an immediate sizeable tax break. However, you must finalize equipment purchases and leases now to benefit.

RWA is here to help you. Contact us now for your IT purchasing, leasing, installation, project management and other technology support needs.

For more information on this tax deduction, please visit the Section179.org website and consult your tax, legal and accounting advisors.

RWA is an Information Technology company and Managed Services Provider. We do not provide tax, legal or accounting advice or opinions. This material is for general information purposes only, and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any transaction.