all-in-one privacy solution":["Proton Unlimited — комплексное решение для защиты данных"],"Black Friday":["Черная пятница"],"No ads. Privacy by default.":["Без рекламы. Гарантия конфиденциальности"],"People before profits":["Люди важнее прибыли"],"Security through transparency":["Безопасность, основанная на прозрачности"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["${ BLACK_FRIDAY }: лучшие предложения Proton Mail"],"The world’s only community- supported email service":["Единственный в мире сервис электронной почты с поддержкой сообщества"]},"specialoffer:limited":{"${ hours } hour":["${ hours } час","${ hours } часа","${ hours } часов","${ hours } часа"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Осталось ${ hoursLeft }, ${ minutesLeft } и ${ secondsLeft }"],"${ minutes } minute":["${ minutes } минута","${ minutes } минуты","${ minutes } минут","${ minutes } минуты"],"${ seconds } second":["${ seconds } секунда","${ seconds } секунды","${ seconds } секунд","${ seconds } секунды"],"Limited time offer":["Ограниченное по времени предложение"]},"specialoffer:listitem":{"Create multiple addresses":["Создавайте несколько адресов"],"Hide-my-email aliases":["Создавайте алиасы hide-my-email"],"Quickly unsubscribe from newsletters":["С легкостью отменяйте подписку на рассылки"],"Use your own domain name":["Используйте собственное доменное имя"]},"specialoffer:logos":{"As featured in":["О нас в СМИ"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Электронная почта, защищающая вашу конфиденциальность"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Черная пятница в Proton Mail: скидки до 40 %"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Получите Proton Mail со скидкой до 40 %. Не пропустите выгодные предложения на планы безопасной электронной почты, зашифрованной сквозным шифрованием, в честь «черной пятницы»."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["«Черная пятница» в Proton Mail | Скидки до 40 %"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* ${ TOTAL_SUM } за первый год."],"*Billed at ${ TOTAL_SUM } for the first 2 years":["* ${ TOTAL_SUM } за первые два года."],"30-day money-back guarantee":["Гарантия возврата средств в течение 30 дней"],"Billed at ${ TOTAL_SUM } for the first 2 years":["${ TOTAL_SUM } за первые 2 года"],"Billed at ${ TOTAL_SUM } for the first year":["${ TOTAL_SUM } за первый год"],"You save ${ SAVE_SUM }":["Вы экономите ${ SAVE_SUM }."]},"specialoffer:off":{"${ DISCOUNT } off":["–${ DISCOUNT }"],"${ PERCENT_OFF } off":["–${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Обожаю ProtonMail!"],"My favorite email service":["Мой любимый сервис электронной почты"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Спасибо Proton за защиту в запутанном интернет-пространстве."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Полностью оправданное вложение денег. Бигтех-компании используют тебя, если ты им не платишь. Поэтому я перешла с Gmail на @ProtonMail."]},"specialoffer:time":{"Days":["дн."],"Hours":["ч."],"Min":["мин."]},"specialoffer:title":{"And much more":["И это еще не всё"],"Make your inbox yours":["Настройка на свой вкус"],"Safe from trackers":["Защита от трекеров"],"Stay organized":["Всё по полочкам"],"Black Friday email deals":["Безопасная почта для покупок в «черную пятницу»"],"Don’t just take our word for it":["Отзывы наших клиентов"],"Our story":["Наша история"],"Transfer your data from Google in one click":["Перенесите данные из Gmail в одно нажатие"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Сохраняйте конфиденциальность в Интернете и получайте доступ к заблокированному контенту. Включает ${ TOTAL_SERVERS } серверов более чем в ${ TOTAL_COUNTRIES } странах с возможностью подключения на 10 устройствах, доступ к стриминговым платформам со всего мира, блокировщик рекламы, функцию защиты от вредоносных программ и другие преимущества."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Предоставляйте доступ к календарю родственникам, друзьям и коллегам, а также просматривайте календари других сервисов"],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Включает поддержку 1 пользовательского домена, 10 адресов электронной почты, 10 алиасов hide-my-email, совместный доступ к календарю и другие преимущества."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Включает поддержку трех пользовательских доменов, 15 адресов электронной почты, неограниченного числа алиасов hide-my-email, совместный доступ к календарю и другие преимущества."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["До 25 календарей, мобильные приложения, сквозное шифрование, удобный перенос данных из Google Календаря и другие преимущества"]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["При использовании сервиса Proton VPN могут возникать проблемы"],"Learn more":["Подробнее"]},"Status banner":{"Learn more":["Подробнее"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Сейчас при использовании сервиса ${ issues[0] } могут возникать проблемы."],"We are experiencing issues with one or more services at the moment.":["При использовании одного или нескольких сервисов могут возникать проблемы."]},"suggestions":{"Suggestions":["Предложения"]},"Support":{"Sub category":["Подкатегория","Подкатегории","Подкатегорий","Подкатегорий"]},"Support article":{"${ readingTime } min":["${ readingTime } мин.","${ readingTime } мин.","${ readingTime } мин.","${ readingTime } мин."],"Category":["Категория","Категории","Категорий","Категорий"],"Didn’t find what you were looking for?":["Не нашли желаемый контент?"],"General contact":["Общие контакты"],"Get help":["Получить помощь"],"Legal contact":["Контакты юридического отдела"],"Media contact":["Контакты для прессы"],"Partnerships contact":["Контакты по вопросам партнерства"],"Reading":["Чтение"]},"Support categories":{"Browse Proton product support":["Смотреть ресурсы по поддержке продуктов Proton"]},"Support category":{"There is no article in this category yet.":["В этой категории еще нет статей."]},"Support troubleshooting":{"--- Select ---":["— Выбрать —"],"App version":["Версия приложения"],"Browser":["Браузер"],"Check if this helps":["Возможно, нужный ответ найдется здесь"],"Choose a category for your question":["Выберите категорию запроса"],"Choose a product":["Выберите продукт"],"Did this solve your issue ?":["Удалось ли нам решить вашу проблему?"],"Faster assistance is just a few clicks away — please make your selections":["Выберите подходящие варианты. Всего пара нажатий — и вы на шаг ближе к решению проблемы."],"No, contact support":["Нет, связаться со службой поддержки"],"Proton account":["Аккаунт Proton"],"Proton Bridge":["Proton Bridge"],"Proton Calendar":["Proton Calendar"],"Proton Drive":["Proton Drive"],"Proton for Business":["Proton for Business"],"Proton Mail":["Proton Mail"],"Proton Pass":["Proton Pass"],"Proton VPN":["Proton VPN"],"Thank you for your feedback":["Спасибо за отзыв!"],"Troubleshooting":["Устранение неполадок"],"What can we help with ?":["Чем мы можем вам помочь?"],"Yes":["Да"]},"support_modal_search_query":{"Search query":["Поисковый запрос"]},"support_search_button":{"Search":["Найти"]},"support_search_i_am_looking_for":{"I'm looking for":["Я ищу"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Чтобы быстро устранить проблему в приложении Bridge, выберите «Справка» > «Сообщить о проблеме»."],"Information":["Информация"]},"SupportForm:option":{"Account Security":["Безопасность аккаунта"],"Contacts":["Контакты"],"Custom email domain":["Пользовательский домен адреса электронной почты"],"Email delivery and Spam":["Доставка электронных писем и спам"],"Encryption":["Шифрование"],"Login and password":["Имя пользователя и пароль"],"Merge aliases and accounts":["Объединение псевдонимов и аккаунтов"],"Migrate to Proton":["Переход на Proton"],"Notifications":["Уведомления"],"Other":["Другое"],"Plans and billing":["Тарифы и оплата"],"Proton for Business":["Proton for Business"],"Sign up":["Регистрация"],"Storage":["Хранилище"],"Users, addresses, and identities":["Пользователи, адреса и личные данные"]},"SupportForm:optionIntro":{"Select a topic":["Выберите тему"]},"swiss_baseed_feature":{"Swiss based":["В Швейцарии"]},"Testimonial":{"Awards":["Награды"],"Customers":["Клиенты"],"Featured":["Что о нас говорят"],"Go to testimonial source":["Перейти к источнику отзыва"],"Reviews":["Отзывы"],"Videos":["видео."]},"Text":{"Find the plan that's right for you":["Найдите подходящий план"],"If you need help, check out our ${ supportLink }.":["Если вам нужна помощь, перейдите в ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Возможно, страница удалена\nили у вас устаревшая ссылка."]},"Title":{"On this page":["На этой странице"],"Related articles":["Статьи по теме"],"Share ${ thisPage }":["Поделиться ${ thisPage }"],"Thank you!":["Спасибо!"],"this page":["этой страницей"]},"Tooltip":{"More information":["Подробнее"]},"tooltip_calendar":{"Create up to 20 custom & shareable encrypted calendars. On top of that, add up to 5 calendars from friends, family, colleagues, and organizations.":["Есть возможность создать до 20 зашифрованных пользовательских календарей и делиться ими с другими людьми, а также добавить до 5 календарей друзей, родственников, коллег и организаций."]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Получайте доступ к заблокированному контенту, просматривайте страницы анонимно и пользуйтесь стриминговыми сервисами со всего мира. Мы предлагаем ${ TOTAL_SERVERS } серверов более чем в ${ TOTAL_COUNTRIES } странах, высочайшую скорость VPN, ${ TOTAL_VPN_CONNECTIONS } VPN-подключений, защиту от вредоносных программ, блокировщик рекламы и многое другое."],"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, 10 VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Получайте доступ к заблокированному контенту, просматривайте страницы анонимно и пользуйтесь стриминговыми сервисами со всего мира. Мы предлагаем ${ TOTAL_SERVERS } серверов более чем в ${ TOTAL_COUNTRIES } странах, высочайшую скорость VPN, 10 VPN-подключений, защиту от вредоносных программ, блокировщик рекламы и многое другое."]},"version_history_label":{"Version history":["История версий"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Храните версии каждого файла (до ${ versionHistoryNumber }) не более нескольких лет (${ years })."]},"vpn_features_link":{"View VPN plans":["Посмотреть тарифы VPN"]},"vpn_features_useCase":{"Access blocked content and browse privately":["Доступ к заблокированному контенту и конфиденциальный просмотр веб-страниц"]}}},"unleashApi":"https://account.proton.me/api"};
// We need to import data (the framework context) from the server
// This Astro feature with define:vars works well but creates an inline script
// So we can't directly import the initFramework helper, we have to store the context
window.frameworkContext = frameworkContext;
})();
What is HIPAA compliance? A healthcare privacy guide for organizations | Proton
The Health Insurance Portability and Accountability Act (HIPAA) defines how healthcare services and their business associates in the United States handle sensitive data about their clients.
Regulated by the Department of Health and Human Services (HSS), it is a collection of closely aligned regulations aimed at ensuring the privacy and confidentiality of personal medical data.
This article is part of our series focusing on the privacy and security aspects of the US’s most comprehensive federal data protection law.
HIPAA compliance is the ongoing and active process by which covered entities and business associates secure and protect protected health information (PHI).
Protected health information (PHI)
The purpose of HIPAA is to protect protected health information. PHI is any information that can be used to identify an individual, plus all medical records and related data. It includes:
Patient’s name, contact details, profession, social security number, billing, and insurance details
Any other personally identifiable information, such as photographs, fingerprints, and emergency contacts
Medical history and ongoing treatments
Family medical histories
Information collected through conversations between the patient and a healthcare provider
The Security Rule(new window) is an update to HIPAA that regulates how electronic protected health information (EPHI) — PHI that is stored and accessed in electronic form — must be protected.
Entities that must be HIPAA compliant
As a rule, any person or entity that has access to patients’ medical data must be HIPAA compliant. These entities are defined by HIPAA as:
Covered entities(new window)— any person or organization that has access to PHI. This includes healthcare providers, doctors, healthcare staff, pharmacies, healthcare clearinghouses, insurance companies, dentists, clinics, and nursing homes.
Business associates(new window) — any person or organization that performs a service or other activity for a covered entity that gives it access to PHI. This includes email providers, cloud storage providers, physical storage providers, billing and finance companies, lawyers, accountants, third-party consultants, and Electronic Health Record (EHR) platforms.
In short, any business or any individual acting in a professional capacity that has any contact with the healthcare industry must be HIPAA compliant.
HIPAA rules
HIPAA contains multiple regulations, but the key rules everyone should be aware of are:
HIPAA Privacy Rule
The HIPAA Privacy Rule(new window) and the HIPAA Security Rule (see below) together provide the foundations of HIPAA. The Privacy Rule only applies to covered entities (not business associates). It defines in detail what data constitutes PHI and explains how and when covered entities can access it.
The Privacy Rule also explains patients’ rights to access their own PHI, and the circumstances under which such access can be denied.
HIPAA Security Rule
The HIPAA Security Rule(new window) applies to both covered entities and business associates and defines the physical, electronic, and administrative protections that must be in place for storing, handling, and transmitting PHI in electronic form (EPHI).
HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule(new window) requires covered entities to notify individuals within 60 days if their PHI has been improperly accessed and stipulates other actions that must be performed in such an event.
Meaningful Breaches — any breach that affects over 500 individuals must be reported to the OCR within 60 days. Local law enforcement agencies must also be contacted immediately, and a press release must be prepared in order to alert potential victims about the situation.
HIPAA Omnibus Rule
An important update to HIPAA, the Omnibus Rule(new window) clarifies and updates the previous rules. Most importantly, it greatly expands the definition of business associates who must be HIPAA compliant to almost all entities that have any contact whatsoever with PHI. This includes subcontractors, storage consultants, and storage providers.
The Omnibus Rule rule also prohibits covered entities and business associates from exploiting PHI for marketing or other commercial purposes.
HIPAA Enforcement Rule
As its name suggests, the HIPAA Enforcement Rule explains how companies should handle HIPAA violations, be they the result of incompetence, negligence, or malicious actions by a third party. All violations must be reported to the OCR.
HIPAA violations
HIPAA violations are investigated by the HSS Office for Civil Rights (OCR), which has the power to levy fines against offenders. We discuss HIPAA violations(new window) in detail in a separate article.
Why HIPAA compliance is important
For patients
HIPAA provides a raft of safeguards that protect the privacy and security of patients’ data. Without it, there would be no legal requirements for healthcare entities to provide such protections and no negative consequences for privacy breaches.
It specifies rules about who has access to patient’s data, how that data is stored, and who it can be shared with.
HIPAA also ensures that patients have a degree of control over their own medical data. It allows them to access their own medical records and have a say in who their data is shared with.
Importantly, HIPAA allows patients to correct mistakes in their medical records that could have big consequences on their insurance payments.
For healthcare providers
With fines of up to $1.5 million, non-compliance can be expensive.
HIPAA compliance is critical to the reputation of any healthcare-related service, and HIPAA violations are likely to have a large negative impact on customers’ and potential customers’ confidence in the service.
Patients are less likely to withhold personal and sensitive information that might affect accurate diagnosis when they are confident that their data is secure.
PHI can be easily and securely transferred between HIPAA-compliant entities. This is in sharp contrast to the situation before HIPAA, when healthcare providers were under no obligation to share patients’ records.
Because all HIPAA-compliant entities work to the same security standards, different healthcare services can work together with greater efficiency.
Recent updates to HIPAA legislation
It has been seven years since any major updates were made to HIPAA Rules, and many now feel that some changes are long overdue. After a very slow 2019, hopes were high that some movement might be achieved in 2020, but the COVID-19 pandemic has placed such plans on a backburner.
The most important new developments in the health sector are due not to HIPAA, but to the
The CARES Act also introduces new rules on the sharing substance abuse disorder (SUD) records for patients, while still complying with HIPAA.
A number of major updates to HIPAA were expected in 2020. These included improvements to how HIPAA violations are enforced, an updated penalty structure for violations, and new legislation aimed at tackling the opioid abuse epidemic currently plaguing America (notably, aligning HIPAA with the 42 CFR Part 2(new window) regulations that protect SUD records).
The HSS was also debating the implementation of a permanent audit structure, and the OCR is considering changing the Privacy Rule to make sharing PHI between healthcare providers mandatory, rather than simply allowed.
No updates to HIPAA legislation have been made in response to COVID-19, but the OCR has announced three Notices of Enforcement Discretion that relax how it will enforce HIPAA violations during the pandemic:
Remote consultations over the internet that avoid in-person contact have become a vital means of providing healthcare during the pandemic. Unfortunately, many of the video-conferencing and other remote networking platforms used to provide such care fall short of the levels of security usually expected for HIPAA compliance.
This Notification of Enforcement Discretion addresses the problem by stating that “OCR is exercising its enforcement discretion to not impose penalties for noncompliance with the HIPAA Rules in connection with the good faith provision of telehealth using such non-public facing audio or video communication products during the COVID-19 nationwide public health emergency.”
This announcement states that the OCR will waive violations of “of certain provisions of the HIPAA Privacy Rule” relating to public health and health oversight activities by business associates acting in good faith.
This notice waives HIPAA violations for covered entities and business associates at COVID-19 drive-through testing sites.
FAQ
What does HIPAA compliance mean?
HIPAA compliance is the proactive process of adhering the HIPAA regulations designed to protect the medical data of patients in the United States.
Who is required to be HIPAA compliant
HIPAA defines every individual or organization that comes into contact with protected health information (PHI) as either covered entities (primary healthcare providers and services) or business associates (any entity that has secondary contact with PHI).There are different compliance requirements for each group.
What happens if I am not HIPAA compliant?
HIPAA defines every individual or organization that comes into contact with protected health information (PHI) as either covered entities (primary healthcare providers and services) or business associates (any entity that has secondary contact with PHI).There are different compliance requirements for each group.
HIPAA defines every individual or organization that comes into contact with protected health information (PHI) as either covered entities (primary healthcare providers and services) or business associates (any entity that has secondary contact with PHI).There are different compliance requirements for each group.
What happens if I am not HIPAA compliant?
HIPAA violations can result in fines of up to $50,000 per day per violation. Please see HIPAA violations(new window) for more details.
What are three major things addressed in the HIPAA law?
1. Privacy of medical data 2. Security of medical data 3. Penalties for HIPAA violations
COVID-19 has put great strain on all healthcare services and creates new challenges for entities that wish to remain HIPAA compliant during the pandemic. These challenges include:
– Increased patient numbers after lockdown — after long periods during which routine services have been suspended, healthcare services can become overwhelmed by patients seeking appointments when lockdown restrictions end. This can create an environment where it is easy for HIPAA compliance violations to occur.
– Complex interactions between healthcare services — during the pandemic and its aftermath, patents may use multiple healthcare services. They may change their doctor because increased patient numbers mean that no appointments are available, they may be waiting on test results which are processed by multiple labs, or they may require repeated visits to their hospital (which itself may be struggling with high patent turnover).
– Telehealth visits — we discuss this issue in the recent updates section above. The enforcement office, the OCR, has proactively addressed it by issuing a Notice of Enforcement Discretion.
Who is responsible for HIPAA?
HIPAA is regulated by the Department of Health and Human Services (HSS) and enforced by the HSS’s Office for Civil Rights (OCR).
What is the difference between the HIPAA Privacy and Security rules?
HIPAA is regulated by the Department of Health and Human Services (HSS) and enforced by the HSS’s Office for Civil Rights (OCR).
What are required and addressable rules?
As its name suggests, a required rule is compulsory for all covered entities and business associates in order to remain HIPAA compliant. An addressable rule gives entities more flexibility in how to comply with the rule, implementation of which is often based on the size of the company.
What is a business associate agreement?
A business associate agreement (BAA) is a contract between a covered entity and any business associate that it shares PHI with. BAAs must meet HIPAA compliance requirements, but also address the specific contractual requirements of the participating entities.
Secure, seamless communication is the foundation of every business. As more
organizations secure their data with Proton, we’ve dramatically expanded our
ecosystem with new products and services, from our password manager to Dark Web
Monitoring for cr
On the subject of cybersecurity, one term that often comes up is brute force
attack. A brute force attack is any attack that doesn’t rely on finesse, but
instead uses raw computing power to crack security or even the underlying
encryption.
In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as
the legal justification allowing federal agencies like the NSA, CIA, and FBI to
perform warrantless wiretaps, which sweep up the data of hundreds of thousands
of US citi
In response to the growing number of data breaches, Proton Mail offers a feature
to paid subscribers called Dark Web Monitoring. Our system checks if your
credentials or other data have been leaked to illegal marketplaces and alerts
you if so. Often
Your email address is your online identity, and you share it whenever you create
a new account for an online service. While this offers convenience, it also
leaves your identity exposed if hackers manage to breach the services you use.
Data breaches
Our mission at Proton is to help usher in an internet that protects your privacy
by default, secures your data, and gives you the freedom of choice.
Today we’re taking another step in this direction with the launch of our open
source password manage