TrueVault Safe free for COVID-19 projects
by Jason Wang March 20, 2020
TrueVault is offering its HIPAA-compliant service free of charge to nonprofit COVID-19 projects.
Read MoreRecent Posts
Do I Need to Be GDPR Compliant?
by Jason Wang March 15, 2018
As covered in the previous blog post, GDPR is a new law regulating the processing (collection and use) of individuals’ personal data, which comes into effect on May 25th, 2018. If you are covered by GDPR, then not only will your customers expect you to be compliant, but your business partners may require it as a condition of their contracts. Moreover, the fines for breaching the Regulation are harsh, going up to €20,000,000 or 4% of your global turnover (whichever is higher). With that in mind,...
Read More
What is GDPR?
by Jason Wang March 8, 2018
The General Data Protection Regulation (GDPR) is an extensive new law regulating the collection and use of personal data of individuals in the European Union, which comes into effect on May 25, 2018. GDPR replaces the Data Protection Directive of 1995, which was the EU’s first legal framework covering data security. In the 20 years since then, the explosion in the use of computers and the internet has contributed to a huge rise in the collection and processing of personal data. Unfortunately,...
Read More
Protect Your Organization From Ransomware, Social Engineering, and Other Attack Vectors
by Jason Wang March 15, 2017
Compliance with HIPAA, although vital, is not enough to ensure that customer data will be genuinely secure: Anthem was HIPAA-compliant, and yet they still suffered one of the biggest data security breaches in history. Often, the weakest link in a system is the people operating it. Whether by accident or design, it can be all too easy for them to allow threat actors access to your systems, giving them the opportunity to do what they want with patient data.
Read More
Understanding the EU/US Privacy Shield and Its Impact on Business
by Jason Wang May 11, 2016
The US/EU Safe Harbor framework has been invalidated, but a new agreement known as the EU/US Privacy Shield is in the process of being implemented. The new agreement introduces a series of limitations on the processing of European data that will have serious implications for U.S. companies handling European citizen data. Here is what this new agreement entails, what it will mean in practice, and what you should know going forward.
Read More
7 Tips for a Successful mHealth Strategy
by Jason Wang April 6, 2016
TrueVault works with healthcare organizations and channel partners to deliver foundational technologies to power their mHealth strategies. Doing so has given us plenty of opportunity to develop a deep understanding of what works (and what doesn’t) as healthcare organizations proceed on this journey. Here we’ll share some of our key insights, to help you successfully drive forward your organization’s mHealth strategy and avoid some of the potential pitfalls.
Read MoreDriving business value through mobile in the health insurance industry
by Jason Wang March 10, 2016
This is the first in a series of posts. Our health insurance customers tell us that they face intense business challenges. Government mandates are pushing costs up and reducing profitability. Health insurance leaders are consolidating (e.g., Aetna’s $37 billion acquisition of Humana) into fewer, larger companies, in an effort to leverage economies of scale and scope to drive down their cost structures. Indeed, some industry executives and CFOs predict, “Big is going to be better.
Read MoreTrueVault Unaffected In UCLA Health Breach
by Jason Wang July 23, 2015
Recently, UCLA Health experienced a data breach. UCLA Health is a TrueVault customer, however, data stored in TrueVault was not affected by the breach. TrueVault continues to maintain the highest level of security and protection of our customer’s sensitive data. If you have any questions, please contact our security team at security@truevault.com.
Read MoreIntroducing TrueVault Connect
by Jason Wang May 28, 2015
Today we’re excited to announce the general availability release of TrueVault Connect, an identity management solution empowering businesses to share sensitive data with third party applications securely. TrueVault Connect allows authorized applications to access enterprise data in standards-compliant fashion. With TrueVault Connect, end users can grant third party applications the access to their own data, while enterprises maintain control of how data is being accessed. With sophisticated...
Read MorePOODLE Security Update
by Jason Wang October 16, 2014
Yesterday, an embargo on a major vulnerability with SSL named POODLE ended [0]. This vulnerability POODLE (Padding Oracle On Downgraded Legacy Encryption) is caused by downgrading of SSL connection from TLS to to SSLv3 and then exploiting SSLv3's weak ciphers to steal "secure" HTTP cookies/tokens/headers. More details about the vulnerability can be found in the release drafted by Google on the OpenSSL website[1]. This vulnerability did not affect TrueVault. In fact, TrueVault removed support...
Read MoreHIPAA Compliant File Storage for Healthcare
by Jason Wang January 8, 2014
TrueVault can offer you HIPAA compliant storage for any file format. This is not just a file backup or cloud storage solution. Our BLOB Store was designed from the ground up to integrate with mobile applications, web apps, and wearable devices. File uploads, downloads, updates, and deletes are all accessible via a REST(ful) API. When TrueVault launched in September of 2013 we released HIPAA compliant storage for JSON Documents. In December 2013 we launched our BLOB Store.
Read MoreWho Certifies HIPAA Compliance?
by Jason Wang January 4, 2014
The short answer is no one. Unlike PCI, there is no one that can “certify” that an organization is HIPAA compliant. The Office for Civil Rights (OCR) from the Department of Health and Human Services (HHS) is the federal governing body here. And, HHS does not endorse or recognize the “certifications” made by private organizations. There is an evaluation standard in the Security Rule § 164.308(a)(8), and it requires you to perform a periodic technical and non-technical evaluation to make sure...
Read MoreHow do I become HIPAA compliant? (a checklist)
by Jason Wang October 30, 2013
A little housekeeping before we answer the question. This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction. So you have determined that you are handling protected health information (PHI) and that you need to be HIPAA compliant. What’s next? What steps need to be taken in order to become HIPAA compliant?
Read MoreHIPAA Physical Safeguards Explained, Part 2
by Jason Wang October 27, 2013
In a previous blog post titled, HIPAA Physical Safeguards Explained, Part 1, we covered the basics of the HIPAA Physical Safeguards and the first of four standards of the HIPAA Security Rule. In this post, we’ll cover the remaining three standards: Workstation Use, Workstation Security and Device and Media Controls. If you skipped part 1 of the series, you should read that first. Otherwise, Let’s dive right in. The Workstation Use standard states your entity must define what each workstation...
Read MoreDo I Need To Be HIPAA Compliant?
by Jason Wang October 13, 2013
If you handle what’s called protected health information (PHI), then this is an important question to be asking because HIPAA violations can result in some serious penalties. What is PHI you ask? Good question. PHIis any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.
Read MoreHIPAA Physical Safeguards Explained, Part 1
by Jason Wang October 10, 2013
Update 10/27/2013: You can read part 2 of this series here Physical Safeguards are a set of rules and guidelines outlined in the HIPAA Security Rule that focus on the physical access to Protected Health Information (PHI). In contrast, Administrative Safeguards focus on policy and procedures, while Technical Safeguards focus on data protection. When we think about PHI, we typically think about the digital form of PHI: database records, PDF patient files, and MRI scan images.
Read More