United Benefit Advisors Insight and Analysis Blog

Man-in-the-Middle Attacks on ePHI, HIPAA Enforcement in the News

Posted by: Danielle Capilla    May 4, 2017 12:57:07 PM

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued its Man-in-the Middle Attacks and "HTTPS Inspection Products" guidance. The OCR warns organizations that have implemented end-to-end connection security on their internet connections using Secure Hypertext Transport Protocol (HTTPS) about using HTTPS interception products to detect malware over an HTTPS connection because the HTTPS interception products may leave the organization vulnerable to man-in-the-middle (MITM) attacks. In an MITM attack, a third party intercepts internet communications between two parties; in some instances, the third party may modify the information or alter the communication by injecting malicious code.

Read More

Topics: HIPAA, protected health information, internet security, ePHI

Shining a Light on HIPAA Compliance for Health and Welfare Plans

Posted by: Elizabeth Kay    Jun 7, 2016 5:43:27 PM

With the passage of the Affordable Care Act (ACA), the federal government became much more involved in what had always been a heavily regulated, but predominately private industry. What many people have forgotten is that the ACA was not the first legislation to be passed that involved private and employer-sponsored health and welfare plans.

Read More

Topics: compliance, HIPAA, health plan compliance, Elizabeth Kay, PHI, health and welfare plans, protected health information, business associate agreement