Category: Cybersecurity

The Role of Cybersecurity in HIPAA-Compliant Translation Services
21/05/2024

The Role of Cybersecurity in HIPAA-Compliant Translation Services

Posted on | by Jacqueline De Marco | Leave a Comment on The Role of Cybersecurity in HIPAA-Compliant Translation Services

As healthcare cyberattacks surge, cybersecurity is paramount. A 60% year-over-year rise, affecting over 40 million individual patients’ data in 2023, highlights the growing complexity and harm. Robust cybersecurity is crucial to protect individuals from evolving threats and safeguard the integrity of sensitive health information. 

Let’s take a closer look at the role of cybersecurity in HIPAA-compliant translation services.  

Building a Strong Defense  

Terra is a language service provider (LSP) that handles the translation of very sensitive information, as such, we understand that cybersecurity is imperative. These are some of the measures we have in place to build a strong defense:  

  • Proper monitoring. All electronic devices owned by Terra are monitored through Microsoft Azure tools, which detect potential threats. Our translation management system tracks all log activities for projects, generating a distinct timestamped record on projects with ePHI
  • Secure on-premises servers. We have our own secure on-premises server in Milwaukee, Wisconsin, which ensures that the data stays within our safe environments. This also gives us more control over information management in real-time and on demand. 
  • Unique logins. Everyone with access to ePHI has a unique login and strong password—which is frequently updated for additional security.  
  • Microsoft Defender for Endpoint. Terra utilizes this program to ensure security through MFA for all Active Directory users.  

An Ongoing Commitment to Improving Cybersecurity  

There are some other steps the Terra team takes to continue to improve our cybersecurity efforts: 

  • Continuous risk assessment. Terra executes risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us. During this assessment, our processes are audited by an external consultant specialized in HIPAA compliance and IT security. Their recommendations are then implemented so our processes, protocols and software comply with the latest regulations and stay at the cutting edge in terms of cybersecurity. 
  • Security protocols. Our routers actively track and log all attempted security breaches. We conduct regular evaluations to detect any unusual behavior in our processes. 
  • Data protection measures. Our IT department explores new advanced technologies to strengthen security and implement robust backup and recovery plans for ePHI integrity during emergencies or system failures. 
  • Fostering a culture of compliance. Our team regularly trains to uphold our commitment to safeguarding sensitive information. Continuous collaboration with the IT department and our Privacy Officer allows each team member to play a vital role in compliance. 

Cybersecurity beyond healthcare 

Terra places the highest importance on maintaining robust cybersecurity measures and not just because of HIPAA compliance. In the language services industry, all sorts of confidential and sensitive information are handled in a digital format that is usually shared electronically.  

“In the healthcare field, it could be a medical record that would really hurt people if it were made public. But at the same time, in our other verticals, we handle court statements, sometimes from extremely dramatic situations, that no one would want to see disclosed. In other sectors, the damage can be just economic, but it can be huge and disrupt industries,” Dr. Matías Giannoni, Ph.D. and Privacy Officer at Terra explained.  

The takeaway 

The imperative role of cybersecurity in ensuring HIPAA compliance cannot be overstated for LSPs. As technology bridges geographical gaps and facilitates the global exchange of information, the responsibility to safeguard sensitive patient data becomes paramount. Terra’s Privacy Officer, in conjunction with our vigilant IT Department, plays a pivotal role in fortifying cybersecurity measures not just as a regulatory requirement but as a fundamental pillar in safeguarding privacy, maintaining confidentiality, and preventing potential harm to the different industries we work with. 

RELATED CONTENT

14/02/2024

Protecting ePHI in Translation: The Role of a HIPAA Privacy Officer  

Posted on | by Jacqueline De Marco | Leave a Comment on Protecting ePHI in Translation: The Role of a HIPAA Privacy Officer  

In the complex landscape of healthcare, safeguarding sensitive patient information is paramount. Amidst the intricate process of translating documents containing Electronic Protected Health Information (ePHI), the pivotal role of a HIPAA Privacy Officer becomes evident. In this article, we’ll delve into the significance of this key figure in ensuring HIPAA compliance and preserving the integrity of patient data during translation processes

What a HIPAA Privacy Officer Does 

Matías Giannoni, Ph.D., works as a HIPAA Privacy Officer at Terra to ensure that everyone involved in handling ePHI knows the rules, regulations and policies really well and, more importantly, if in doubt, that they feel confident reaching out to him before taking any step or action that might be in violation of the rules or, worse, compromising information. “So, it is not just a matter of ticking a few boxes but being tangentially involved in operations to make sure all processes are compliant and secure,” Giannoni explained. 

The key responsibilities of working as a HIPAA Privacy Officer include: 

  • Making sure all the processes internally are compliant and everyone knows exactly what they have to do in order to minimize risks to almost zero 
  • Overseeing the annual training of team members handling ePHI to keep up to date with the latest developments 
  • Assessing new technologies to optimize our operations while remaining in compliance 
  • Acting as a liaison to the IT Department and prioritizing cybersecurity by taking all the steps to be at the cutting edge of information security technologies  
  • Being the first point of contact in case of any breach and the one in charge of communicating any situation with external stakeholders 

Working with Total HIPAA 

While Giannoni has strong experience working in heavily regulated environments with obscure and sometimes confusing regulations, Terra also relies on an external organization for additional consulting and guidance. When it comes to collaborating with Total HIPAA, Giannoni shared that they have been key partners in organizing our processes, conducting a thorough internal audit, and training our team. There are many things in which their expertise has proven to be invaluable. “Sometimes a certain technology is compliant with regulations, but it can be improved with a more advanced technology as regulations sometimes are defined with reference to technologies that existed at the point a certain legislation was put in place, and Total HIPAA advises us on those points where we can do even better than the minimum standards.” 

The Most Important Aspect of Protecting Patient Privacy 

The human aspect, both in terms of where the main failures can come from as well as in terms of the consequences cannot be overlooked. “When I think about this task, I am not thinking about potential fines or breaches of contract. Having access to all this sensible information, I am constantly obsessed about the fact that I would never like to see such sensitive information out in the open or in the hands of a heartless ransomware hacker,” Giannoni said, “That thought keeps me constantly alert.” 

To make sure that all staff members handling ePHI are trained on HIPAA policies and procedures, they receive Total HIPAA’s thorough training and evaluation annually. According to Giannoni, all of our team members scored high in their training and demonstrated a very strong culture of compliance. “Nevertheless, I often test their knowledge in our operational meetings to make sure they remember it correctly,” he shared.  

The Takeaway 

In safeguarding ePHI, the role of a HIPAA Privacy Officer stands as a crucial pillar in ensuring compliance and fortifying the security of patient data during translation processes. All patients deserve privacy while navigating medical care, which is why at Terra, we go to great lengths to remain compliant.  

RELATED CONTENT

Building a Digital Fortress for ePHI A Three-Layer Defense System
16/01/2024

Building a Digital Fortress for ePHI: A Three-Layer Defense System

Posted on | by Jacqueline De Marco | Leave a Comment on Building a Digital Fortress for ePHI: A Three-Layer Defense System

In a world defined by seamless connectivity and digital advancement, safeguarding electronic Protected Health Information (ePHI) stands as a paramount responsibility, especially within the realm of healthcare. As technology intertwines with the sanctity of personal health data, the stakes are high and demand a robust defense system.  

At Terra, we’re strongly committed to the protection of the data that our clients entrust us to translate. To help us achieve our privacy goals, we partner with Total HIPAA and continuously take steps in the various aspects that pertain to our business operations. This helps us ensure that our processes are always compliant with HIPAA’s Security and Privacy Rules. Let’s take a closer look at the three layers of our defense system.  

Layer # 1: IT Infrastructure 

Our IT Department understands cybersecurity is crucial to protect ePHI and considers it a top priority. Because of this, this department takes the following actions to ensure adequate protection of this information: 

Device protection  

All devices owned by Terra are administered and monitored through Microsoft Azure tools, which include observing for potential threats as well as tracking local user activity. Additionally, all of our connections are SSL (Security Socket Layer) encrypted and we are currently working on expanding our corporate VPN to all users for additional security. As a bonus, any activity logs generated by these tools can be analyzed on demand.  

Software and hardware monitoring 

We continuously monitor both software and hardware through Microsoft Intune, as well as the configuration and subsequent deployment of proprietary security policies. In order to provide maximum security to our clients, Terra hosts all information on our own secure on-premises server in Milwaukee, Wisconsin. This ensures that the information stays within our secure environments, enabling us to have more control over the management of information. 

Security 

To help enhance security, Terra utilizes Microsoft Defender for Endpoint to ensure security through MFA for all Active Directory users. Our team also has limited access to protected health information. They can only view what is necessary and individual access to ePHI is constantly logged. Additionally, all our devices containing protected health information are encrypted and have strong password protection. We frequently update these passwords to maintain their strength.  

When it comes to our internal and external communication, as well as the sharing and management of files, knowledge bases, and content in general, we use Office 365 Suite for seamless collaboration across the organization.  

Layer # 2: Our Team 

Just as crucial as the IT infrastructure, having a team of people behind it who know how to use the tools is as important—if not more. Here’s how we make sure our team has the tools, resources and knowledge to remain compliant: 

All team members with access to protected health information, from leaders to project managers, are trained on the HIPAA compliant procedures and processes in place so they can handle ePHI securely from initial reception to final client delivery. This includes HIPAA concepts, standards, and security and privacy measures. Every member that passes all the courses also receives an official certification from Total HIPAA and is required to sign a confidentiality agreement that protects patient privacy. We promote and encourage a culture of compliance. Because of this, every year, our team participates in additional training.  

Documents that contain ePHI and require translation services are carefully assigned to linguists who are both experts in the healthcare field and are also trained in HIPAA compliance. To evaluate their knowledge, we created an internal test that they must pass to demonstrate their ability to properly handle the documents with the utmost care. These linguists are not able to download the ePHI to their own devices and always work within secure environments. 

Layer # 3: Our Privacy Officer 

Having the right team in place makes all the difference. Our Privacy Officer, Matías Giannoni, oversees the development, implementation, maintenance and adherence to the procedure regarding the safe handling of ePHI in compliance with HIPAA regulations. Matías acts as a liaison to the IT Department to ensure privacy and security practices are implemented. He guides the training of our team, addresses any concerns individuals may have, and promptly analyzes if actions should be taken.  

A Commitment to Risk Assessment, Mitigation and Continuous Improvement  

Maintaining confidentiality, document control, and client trust are vital to Terra. This commitment is illustrated by the entire Terra team executing risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us.  

Our journey towards maintaining privacy is always evolving as HIPAA regulations are subject to change. As a result, we continuously improve our policies and procedures to stay up to date. 

RELATED CONTENT