Updated March 2025: Looking for a Business Associate Agreement? Download our FREE template.

Free BAA Download
Total HIPAA Logo

Most Popular HIPAA Topics This Year

Here at Total HIPAA, we pride ourselves on providing helpful resources for all businesses striving for HIPAA compliance. Our weekly blog is one of the many services we offer. As we approach the end of 2020, we reflect on the most popular HIPAA topics this year. Our analytics tell us these were the most-visited pages posted on our website this year.

10. CCPA & HIPAA: Important Intersections

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. CCPA is a California state law that establishes new consumer rights relating to the access of personal information that is held by businesses. This prompted many to ask: how does CCPA impact Covered Entities who comply with the HIPAA law? In this post, we break down the intersection of these two laws and who needs to be compliant.

9. Ransomware Attacks Directed at Businesses Grow

Ransomware attacks have surged in the last year and healthcare providers and other businesses have fallen victim. Previously, these cyberattacks mostly targeted individuals, who often paid only a few hundred dollars to retrieve their files. Now, many businesses have found themselves locked out of their networks and unable to access them unless a ransom is paid. Read this article to learn more about preventative measures and what to do if your organization becomes the victim of a ransomware attack.

8. Microsoft End of Support 2020

Every year, Microsoft terminates support for a number of products. This means they no longer release security updates or technical support for any of the programs on the list. HIPAA requires Covered Entities and Business Associates to use programs that detect, guard against, and report malicious software. This is only possible when programs receive regular security updates from the manufacturer. 

7. Password Guidelines Updated by NIST

The National Institute of Standards and Technology (NIST) – the security standard HIPAA is based on – has updated its password guidelines in accordance with new research. The U.S. government requires its agencies to follow these guidelines, and many other organizations would benefit from implementing these rules as well.

6. Secure Remote Work During COVID-19

In this combo podcast and blog post, Jason Karn, Total HIPAA’s Chief Compliance Officer, interviewed Erik Kangas, founder and CEO of LuxSci. The two discussed security practices to use while working remotely during COVID-19.

5. HIPAA Compliant efax Provider Recommendations

Online fax, cloud fax, or eFax is the use of the internet and internet protocols to send a fax, rather than using a standard telephone connection and a fax machine. In this blog post, we review five eFax vendors (Concord Cloud Fax, Faxage, Innoport, SRFax, and Upland InterFAX) which provide HIPAA compliant eFax services that keep your transmissions secure and protected at all times.

4. HIPAA Waiver: How COVID-19 Impacts HIPAA Compliance

In March, HHS issued a limited waiver of certain HIPAA sanctions and penalties to ease access of data for providers, public health authorities, and others. This HIPAA waiver has important ramifications for care coordination, public health, and the attempted prevention or control of the virus. Read on to learn more about how it may affect your organization’s coronavirus response.

3. What Should an Employer Do if an Employee Tests Positive for COVID-19?

With the onset of COVID-19, many employers have had to face the possibility of the virus entering the workplace. Normally, under the Americans with Disabilities Act (ADA), employers are prohibited from asking employees about symptoms or illnesses they’ve experienced. However, during a pandemic, certain exceptions to this rule can be made.

2. COVID-19 HIPAA Compliance Checklist

How do companies who do not usually allow working from home adapt to the COVID-19 crisis? COVID-19 is changing the way we do business and remote work comes with all kinds of administrative and technical challenges. Both employers and employees have questions. Implementing the items on this checklist can help ensure employee safety and productivity, as well as continuity of operations and business plans.

1. COVID-19 and HIPAA

COVID-19 has prompted many employers in the U.S. to request that workers take sick leave, work from home, or use various other precautions to ensure the safety of themselves and the business. Organizations that must comply with HIPAA should have a Disaster Recovery Plan in place for such a situation. This article details preventative measures, necessary supplies, sick leave, remote access, and other protocols that should be addressed during this outbreak.

If you have ideas for topics you would like us to address in 2021, please tweet at us or send your suggestion to info@TotalHIPAA.com. Subscribe to our blog and follow us on social media (Facebook, Twitter, LinkedIn) to stay connected and informed.

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2025

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document
Register for Webinar

Related Posts

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records
*This process is technical and requires access to your Domain Name Server (DNS). It’s recommended to have an IT professional handle these configurations to avoid potential issues. If you proceed yourself, back up your current settings with screenshots or copies before making any changes.
Organizations rely heavily on email for marketing and communication, making it a prime target for malicious actors. Phishing, spoofing, and other email attacks can inflict significant financial and reputational damage. In response to this growing threat, email providers are tightening their security measures, and businesses that aren’t paying attention risk having their emails blocked.
A recent announcement from Microsoft, highlighted in their Tech Community blog, highlights that Outlook is implementing stricter requirements for high-volume senders to protect users from unwanted and potentially harmful messages. This move serves as a clear signal: email authentication is no longer optional – it’s required for all organizations, regardless of their sending volume.
The key to making sure your emails reach their intended recipients is all in the configuration and alignment of your Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) records. These protocols verify an organization actually sent the emails and tells receiving servers your messages are legitimate and shouldn’t be sent to spam folders or blocked.
What makes SPF, DKIM, and DMARC so crucial?
SPF (Sender Policy Framework): This record lists the authorized mail servers permitted to send emails on your behalf. When your email server receives an email, it checks it and verifies if the sending server’s IP address matches the list in your SPF record. This helps prevent attackers from spoofing your domain using unauthorized servers.
DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to your outgoing emails. This signature is cryptographically linked to your domain and verified by the receiving server using a public key published in your DNS records. DKIM ensures the integrity of the email content and confirms that it hasn’t been tampered with in transit.
DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC builds upon SPF and DKIM. It tells receiving servers what to do with emails that fail SPF and/or DKIM checks. You can set policies to “none” (monitor), “quarantine” (send to spam), or “reject” (block). DMARC also enables reporting, allowing you to gain valuable insights into who sends emails using your domain and identify potential spoofing attempts.
Microsoft’s Stance: A Wake-Up Call
The stricter requirements being implemented by Outlook for high-volume senders emphasize the need for organizations to set up and review their authentication protocols. While the current focus is on high-volume senders, it is clear: email providers are looking for authenticated mail. Failing to correctly set up your DMARC, SPF, and DKIM records will lead to deliverability issues of emails.
What Your Company Needs to Do Now:
Regardless of size or email volume, every company should take the following steps to make sure its email authentication is configured correctly. Here’s a checklist:
Audit Your Existing Records: Check for existing SPF, DKIM, and DMARC configurations. Are they accurate and up-to-date?
Implement Missing Records: If you are missing any of these records, add them immediately. *Consult with your IT team or email service provider for guidance.
Check Alignment: It’s crucial to make sure there is alignment between your SPF, DKIM, and DMARC records. This means that the domain used for SPF and the signing domain in DKIM should match the “From” address domain in your emails. DMARC relies on this alignment to function effectively.
Start with a Monitoring Policy: For DMARC, it’s often best to start with a “none” policy to monitor how your emails are being handled and identify any legitimate sending sources that might not be properly authenticated.
Gradually Enforce Stronger Policies: Once you clearly understand your email flows and have addressed any authentication issues, move gradually towards stronger DMARC policies like “quarantine” or “reject” to protect your domain from spoofing actively.
Regularly Review and Update: The email landscape is constantly changing. Regularly review and update your authentication records as needed, especially when changing your emails or third-party sending services.
The Benefits of Proper Email Authentication:
Properly configuring and aligning your DMARC, SPF, and DKIM records offers significant benefits:
Improved Email Deliverability: Your legitimate emails are more likely to reach the inbox, avoiding spam folders and blocks.
Enhanced Brand Reputation: Protecting your domain from spoofing builds trust with your recipients and safeguards your brand’s reputation.
Increased Security: You significantly reduce the risk of using your domain for phishing and other malicious activities.
Compliance with Evolving Standards: By staying ahead of the curve, you ensure your email practices align with the increasingly stringent requirements of email providers.
The message is clear: email authentication is no longer optional. The recent emphasis from major providers like Microsoft underscores its critical importance in maintaining reliable and secure email communication. By taking the steps to audit and align your DMARC, SPF, and DKIM records, your organization can protect itself, customers, and reputation. Don’t wait until your emails are blocked – act now to secure your email.
Have questions or need help with your HIPAA compliance? Schedule a call with our experts today. https://www.totalhipaa.com/get-started/
To check your DMARC Records go here
https://www.totalhipaa.com/dmarc-lookup-free/
All records, a free and easy tool to use
https://easydmarc.com/

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)

Send Cart Email
Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Send Cart in an Email Done! close
Save Cart & Generate Link
Empty cart. Please add products before saving :)