I keep getting the run around from godaddy regarding HIPAA compliance. Does anyone have a researched answer on this matter? We have dedicated 5505 and dedicated server with them and I wanted to know if it is possible to make this setup HIPAA/HITECH compliant. I’m a bit hesitant because when I asked them what the Business Associate agreement with them, they responded, “what is that?” Asked by mson Go Daddy Managed servers cannot be made [...]

Is the use of STARTTLS during communication between an internal email server and external recipient sufficient to meet HIPAA guidelines? If so, is it required that TLS be forced? Generally, no. If you are configuring an e-mail client, and setting STARTTLS on the SMTP connection, then the e-mail is going to be encrypted just between you and your e-mail server; not to the recipient’s e-mail server, and not between the recipient and their e-mail server. [...]

At a small office, my clients’ HR department needs to communicate with some vendors regarding HIPAA-covered material. How do most companies deal with securely sending e-mails regarding HIPAA. I would prefer to encrypt the e-mails themselves instead of requiring vendors to log into a secure messaging server, but I don’t know if this is commonplace You are required to encrypt the data end to end. You can use TLS to send the email to their [...]

I am dealing with electronic protected health information (ePHI or PHI) and HIPAA regulations require that only authorized users can access ePHI. Column-level encryption may be of value for some of the data, but I need the ability to do like searches on some of the PHI fields such as name. Transparent Data Encryption (TDE) is a feature of SQL Server 2008 for encrypting database and log files. As I understand it this prevents someone [...]