Introducing TrueVault Connect

Today we’re excited to announce the general availability release of TrueVault Connect, an identity management solution empowering businesses to share sensitive data with third party applications securely. TrueVault Connect allows authorized applications to access enterprise data in standards-compliant fashion. With TrueVault Connect, end users can grant third party applications the access to their own data, while enterprises maintain control of how data is being accessed. With sophisticated...

Read More

What is Protected Health Information?

Protected Health Information, or PHI, is the personally identifiable health information that HIPAA regulates and protects. But HIPAA was written nearly 20 years ago for a mostly analog world of paper files and physical x-rays—the iPhone wasn't even a dream. In today's world of wearables, health apps, genetic sequencing and more, getting a precise definition of PHI can be confusing for developers trying to parse whether they need to be HIPAA compliant or not.

Read More

Top mHealth Apps for September

Apps continue to grow in importance for smartphone users, as more people spend more time in apps and less time on the mobile web. With the recent launches of HealthKit, Apple Watch and more, health and wellness is no exception to the trend. September’s most in-demand mhealth and medical apps for iOS and Android offer everything from tracking medical information, getting or staying in shape, consulting with physicians, and even helping others.

Read More

POODLE Security Update

Yesterday, an embargo on a major vulnerability with SSL named POODLE ended [0]. This vulnerability POODLE (Padding Oracle On Downgraded Legacy Encryption) is caused by downgrading of SSL connection from TLS to to SSLv3 and then exploiting SSLv3's weak ciphers to steal "secure" HTTP cookies/tokens/headers. More details about the vulnerability can be found in the release drafted by Google on the OpenSSL website[1]. This vulnerability did not affect TrueVault. In fact, TrueVault removed support...

Read More

Apple’s HealthKit vs. Google Fit [Infographic]

The field of mHealth has never been hotter as more people add wearables to their list of must-have devices. With the release of the iPhone 6 and HealthKit, Apple is now one of the largest digital health platforms in the world. It’s clear that we’re at the very beginning of a megatrend in personal health technology. Apple’s not the only one jumping on the mHealth bandwagon, however. Google released Google Fit and Android Wear, and Samsung threw their hat into the ring with SAMI (Samsung...

Read More

What is HIPAA Compliant Hosting?

According to security guidelines established by HIPAA (the Health Insurance Portability & Accountability Act), it’s not only covered entities—that’s those who provide treatment, payment, and operations in healthcare—but also their business associates—that’s anyone who develops mHealth, eHealth, or wearable applications that deal with Protected Health Information (PHI)—who are required to meet national standards for Physical, Administrative, and Technical security of health information. When it...

Read More

HIPAA Compliance Checklist [Download]

Establishing and maintaining HIPAA compliance for healthcare applications can be a time consuming and frustrating ordeal for developers. From the administrative safeguards that the business needs to implement, to the technical and physical safeguards that require software architecture and custom development, the process can add months to a development timeline and expensive technical debt that requires ongoing attention and refactoring. Unfortunately, using HIPAA-ready hosting like Amazon’s AWS...

Read More

Shellshock Bash Bug and TrueVault

Yesterday, a critical exploit was announced that affects Linux servers through bash, aka the Bourne Again SHell. The vulnerability involves how Bash processes environmental variables. With specifically crafted variables, intruders could invoke shell commands, making the system vulnerable to even greater assault. TrueVault was notified of the bug via the publication of the issue and patch information on Seclists.org, the leading security mailing list. Upon notification of the threat TrueVault...

Read More

Introducing the TrueVault Partner Program

Today we’re excited to introduce the TrueVault Developer Partner program. The Developer Partner program is designed to make it easier for application developers and agencies to work with TrueVault to build the next generation of healthcare applications for their clients. If you build mobile and web-based applications for hospitals, doctors or other healthcare providers, or if you’re an agency or development shop who specializes in building for the healthcare vertical, we want you to be a part...

Read More

5 Things CIOs Should Do in Light of the 4.5 Million Community Health Systems Patient Records Theft

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June. While the hackers did not get access to the highly-valued protected health information in patient medical records, the hack represents the second largest...

Read More

Introducing the TrueVault Badge

Today we're excited to announce the launch of the TrueVault Badge Program for applications that use our HIPAA compliant API and data store to keep user data compliant and secure. The TrueVault Badge Program allows any TrueVault customer who has signed a Business Associate Agreement with us to display the badge on their website to show their customers they care deeply about keeping protected health information safe and secure. Why a TrueVault Badge?

Read More

HIPAA Violations are on the Rise (Infographic)

Over the past year, consumer complaints to the Office of Civil Rights regarding HIPAA violations has skyrocketed. The number of complaints rose nearly 10x between 2013 and 2003. While 2013 was a record year for complaints, 2014 is setting up to easily shatter the previous mark. Complaint volume is up 45.7% year-over-year through the month of May (the most recent month with data available). Enforcement of the new Omnibus Final Rule that was published in January of 2013 and effective as of...

Read More

Should App Developers Get HIPAA Certified?

If you are a developer and you create apps, software, or other technologies that are connected to healthcare information, you are likely dealing with the question of HIPAA compliance and whether the laws around compliance apply to you and your app. One of the first things that probably come to mind is whether you need to get HIPAA certified. It’s a reasonable question. Especially if you’ve built applications that use sensitive data like payment information, you’re used to the notion of required...

Read More

Introducing the Developers Guide to HIPAA Compliance

With the news today of Apple’s HealthKit and the Health app, we’re fairly certain that interest in mobile health (mHealth) applications is only going to rise. But building a healthcare-based application has particular challenges that other consumer applications don’t face—mainly the regulation and compliance with HIPAA, the Health Insurance Portability and Accessibility Act. The HIPAA Security Rule lays out the requirements for the privacy of user data, called protected health information (PHI)...

Read More

5 Pitfalls Mobile App Developers Face When it Comes to HIPAA Compliance

The Health Insurance Portability and Accountability Act was signed into law by Bill Clinton on August 21st, 1996. To put this in its technological context, HIPAA predates the first iPhone by 10 years, the first iPad by nearly 14 years, and came into effect just 1 year after commercial ISPs started providing broader access to the consumer Internet. At this point in time, anything close to mobile apps was still beyond the imaginations of even the most outlandish sci fi writers.

Read More

Eight Things We Are Looking for From Apple’s Healthbook and iOS 8

With the rise of popular wearables like the Nike Fuel band and Jawbone Up, and health-based applications for smartphones, personal health is shaping up to be the next major area of innovation for consumer device makers—smartphone manufacturers included.

Read More

What Developers Need to Know about HIPAA Compliance in Wearable Tech

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

Read More

Meet us at HxRefactored

TrueVault will be at HxRefactored in Brooklyn, New York on May 14-15. Our CEO Jason will be speaking on Wednesday in the HIPAA and Data Security for developers track. His talk, “Decoding HIPAA for Developers” is focused on helping application developers and hardware engineers understand the ins-and-outs of HIPAA compliance for mobile apps, wearable technology and more. If you’re building a new mobile or web app, or software for new wearable devices you’ll want to put this session on your...

Read More

Here's How to Keep Your Mobile Data Secure

More than 4.4 million phones were stolen or lost in 2013, according to Consumer Reports. With 70.4% of missing phones the result of theft, there is a lot of personal data floating around in the wrong hands. So how can you keep your phone data safe? Follow these nine tips to keep your personal data safe and secure, even if your phone is stolen. Keeping Mobile Data Safe Set a lock screen password.

Read More

What is the penalty for a HIPAA violation?

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn’t know and, by exercising reasonable diligence, would...

Read More

HIPAA Compliant File Storage for Healthcare

TrueVault can offer you HIPAA compliant storage for any file format. This is not just a file backup or cloud storage solution. Our BLOB Store was designed from the ground up to integrate with mobile applications, web apps, and wearable devices. File uploads, downloads, updates, and deletes are all accessible via a REST(ful) API. When TrueVault launched in September of 2013 we released HIPAA compliant storage for JSON Documents. In December 2013 we launched our BLOB Store.

Read More

Who Certifies HIPAA Compliance?

The short answer is no one. Unlike PCI, there is no one that can “certify” that an organization is HIPAA compliant. The Office for Civil Rights (OCR) from the Department of Health and Human Services (HHS) is the federal governing body here. And, HHS does not endorse or recognize the “certifications” made by private organizations. There is an evaluation standard in the Security Rule § 164.308(a)(8), and it requires you to perform a periodic technical and non-technical evaluation to make sure...

Read More

How do I become HIPAA compliant? (a checklist)

A little housekeeping before we answer the question. This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction. So you have determined that you are handling protected health information (PHI) and that you need to be HIPAA compliant. What’s next? What steps need to be taken in order to become HIPAA compliant?

Read More

HIPAA Physical Safeguards Explained, Part 2

In a previous blog post titled, HIPAA Physical Safeguards Explained, Part 1, we covered the basics of the HIPAA Physical Safeguards and the first of four standards of the HIPAA Security Rule. In this post, we’ll cover the remaining three standards: Workstation Use, Workstation Security and Device and Media Controls. If you skipped part 1 of the series, you should read that first. Otherwise, Let’s dive right in. The Workstation Use standard states your entity must define what each workstation...

Read More

Do I Need To Be HIPAA Compliant?

If you handle what’s called protected health information (PHI), then this is an important question to be asking because HIPAA violations can result in some serious penalties. What is PHI you ask? Good question. PHIis any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.

Read More

HIPAA Physical Safeguards Explained, Part 1

Update 10/27/2013: You can read part 2 of this series here Physical Safeguards are a set of rules and guidelines outlined in the HIPAA Security Rule that focus on the physical access to Protected Health Information (PHI). In contrast, Administrative Safeguards focus on policy and procedures, while Technical Safeguards focus on data protection. When we think about PHI, we typically think about the digital form of PHI: database records, PDF patient files, and MRI scan images.

Read More