Category: Cybersecurity

The Role of Cybersecurity in HIPAA-Compliant Translation Services
21/05/2024

The Role of Cybersecurity in HIPAA-Compliant Translation Services

Posted on | by Jacqueline De Marco | Leave a Comment on The Role of Cybersecurity in HIPAA-Compliant Translation Services

As healthcare cyberattacks surge, cybersecurity is paramount. A 60% year-over-year rise, affecting over 40 million individual patients’ data in 2023, highlights the growing complexity and harm. Robust cybersecurity is crucial to protect individuals from evolving threats and safeguard the integrity of sensitive health information. 

Let’s take a closer look at the role of cybersecurity in HIPAA-compliant translation services.  

Building a Strong Defense  

Terra is a language service provider (LSP) that handles the translation of very sensitive information, as such, we understand that cybersecurity is imperative. These are some of the measures we have in place to build a strong defense:  

  • Proper monitoring. All electronic devices owned by Terra are monitored through Microsoft Azure tools, which detect potential threats. Our translation management system tracks all log activities for projects, generating a distinct timestamped record on projects with ePHI
  • Secure on-premises servers. We have our own secure on-premises server in Milwaukee, Wisconsin, which ensures that the data stays within our safe environments. This also gives us more control over information management in real-time and on demand. 
  • Unique logins. Everyone with access to ePHI has a unique login and strong password—which is frequently updated for additional security.  
  • Microsoft Defender for Endpoint. Terra utilizes this program to ensure security through MFA for all Active Directory users.  

An Ongoing Commitment to Improving Cybersecurity  

There are some other steps the Terra team takes to continue to improve our cybersecurity efforts: 

  • Continuous risk assessment. Terra executes risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us. During this assessment, our processes are audited by an external consultant specialized in HIPAA compliance and IT security. Their recommendations are then implemented so our processes, protocols and software comply with the latest regulations and stay at the cutting edge in terms of cybersecurity. 
  • Security protocols. Our routers actively track and log all attempted security breaches. We conduct regular evaluations to detect any unusual behavior in our processes. 
  • Data protection measures. Our IT department explores new advanced technologies to strengthen security and implement robust backup and recovery plans for ePHI integrity during emergencies or system failures. 
  • Fostering a culture of compliance. Our team regularly trains to uphold our commitment to safeguarding sensitive information. Continuous collaboration with the IT department and our Privacy Officer allows each team member to play a vital role in compliance. 

Cybersecurity beyond healthcare 

Terra places the highest importance on maintaining robust cybersecurity measures and not just because of HIPAA compliance. In the language services industry, all sorts of confidential and sensitive information are handled in a digital format that is usually shared electronically.  

“In the healthcare field, it could be a medical record that would really hurt people if it were made public. But at the same time, in our other verticals, we handle court statements, sometimes from extremely dramatic situations, that no one would want to see disclosed. In other sectors, the damage can be just economic, but it can be huge and disrupt industries,” Dr. Matías Giannoni, Ph.D. and Privacy Officer at Terra explained.  

The takeaway 

The imperative role of cybersecurity in ensuring HIPAA compliance cannot be overstated for LSPs. As technology bridges geographical gaps and facilitates the global exchange of information, the responsibility to safeguard sensitive patient data becomes paramount. Terra’s Privacy Officer, in conjunction with our vigilant IT Department, plays a pivotal role in fortifying cybersecurity measures not just as a regulatory requirement but as a fundamental pillar in safeguarding privacy, maintaining confidentiality, and preventing potential harm to the different industries we work with. 

RELATED CONTENT

14/02/2024

Protecting ePHI in Translation: The Role of a HIPAA Privacy Officer  

Posted on | by Jacqueline De Marco | Leave a Comment on Protecting ePHI in Translation: The Role of a HIPAA Privacy Officer  

In the complex landscape of healthcare, safeguarding sensitive patient information is paramount. Amidst the intricate process of translating documents containing Electronic Protected Health Information (ePHI), the pivotal role of a HIPAA Privacy Officer becomes evident. In this article, we’ll delve into the significance of this key figure in ensuring HIPAA compliance and preserving the integrity of patient data during translation processes

What a HIPAA Privacy Officer Does 

Matías Giannoni, Ph.D., works as a HIPAA Privacy Officer at Terra to ensure that everyone involved in handling ePHI knows the rules, regulations and policies really well and, more importantly, if in doubt, that they feel confident reaching out to him before taking any step or action that might be in violation of the rules or, worse, compromising information. “So, it is not just a matter of ticking a few boxes but being tangentially involved in operations to make sure all processes are compliant and secure,” Giannoni explained. 

The key responsibilities of working as a HIPAA Privacy Officer include: 

  • Making sure all the processes internally are compliant and everyone knows exactly what they have to do in order to minimize risks to almost zero 
  • Overseeing the annual training of team members handling ePHI to keep up to date with the latest developments 
  • Assessing new technologies to optimize our operations while remaining in compliance 
  • Acting as a liaison to the IT Department and prioritizing cybersecurity by taking all the steps to be at the cutting edge of information security technologies  
  • Being the first point of contact in case of any breach and the one in charge of communicating any situation with external stakeholders 

Working with Total HIPAA 

While Giannoni has strong experience working in heavily regulated environments with obscure and sometimes confusing regulations, Terra also relies on an external organization for additional consulting and guidance. When it comes to collaborating with Total HIPAA, Giannoni shared that they have been key partners in organizing our processes, conducting a thorough internal audit, and training our team. There are many things in which their expertise has proven to be invaluable. “Sometimes a certain technology is compliant with regulations, but it can be improved with a more advanced technology as regulations sometimes are defined with reference to technologies that existed at the point a certain legislation was put in place, and Total HIPAA advises us on those points where we can do even better than the minimum standards.” 

The Most Important Aspect of Protecting Patient Privacy 

The human aspect, both in terms of where the main failures can come from as well as in terms of the consequences cannot be overlooked. “When I think about this task, I am not thinking about potential fines or breaches of contract. Having access to all this sensible information, I am constantly obsessed about the fact that I would never like to see such sensitive information out in the open or in the hands of a heartless ransomware hacker,” Giannoni said, “That thought keeps me constantly alert.” 

To make sure that all staff members handling ePHI are trained on HIPAA policies and procedures, they receive Total HIPAA’s thorough training and evaluation annually. According to Giannoni, all of our team members scored high in their training and demonstrated a very strong culture of compliance. “Nevertheless, I often test their knowledge in our operational meetings to make sure they remember it correctly,” he shared.  

The Takeaway 

In safeguarding ePHI, the role of a HIPAA Privacy Officer stands as a crucial pillar in ensuring compliance and fortifying the security of patient data during translation processes. All patients deserve privacy while navigating medical care, which is why at Terra, we go to great lengths to remain compliant.  

RELATED CONTENT

Building a Digital Fortress for ePHI A Three-Layer Defense System
16/01/2024

Building a Digital Fortress for ePHI: A Three-Layer Defense System

Posted on | by Jacqueline De Marco | Leave a Comment on Building a Digital Fortress for ePHI: A Three-Layer Defense System

In a world defined by seamless connectivity and digital advancement, safeguarding electronic Protected Health Information (ePHI) stands as a paramount responsibility, especially within the realm of healthcare. As technology intertwines with the sanctity of personal health data, the stakes are high and demand a robust defense system.  

At Terra, we’re strongly committed to the protection of the data that our clients entrust us to translate. To help us achieve our privacy goals, we partner with Total HIPAA and continuously take steps in the various aspects that pertain to our business operations. This helps us ensure that our processes are always compliant with HIPAA’s Security and Privacy Rules. Let’s take a closer look at the three layers of our defense system.  

Layer # 1: IT Infrastructure 

Our IT Department understands cybersecurity is crucial to protect ePHI and considers it a top priority. Because of this, this department takes the following actions to ensure adequate protection of this information: 

Device protection  

All devices owned by Terra are administered and monitored through Microsoft Azure tools, which include observing for potential threats as well as tracking local user activity. Additionally, all of our connections are SSL (Security Socket Layer) encrypted and we are currently working on expanding our corporate VPN to all users for additional security. As a bonus, any activity logs generated by these tools can be analyzed on demand.  

Software and hardware monitoring 

We continuously monitor both software and hardware through Microsoft Intune, as well as the configuration and subsequent deployment of proprietary security policies. In order to provide maximum security to our clients, Terra hosts all information on our own secure on-premises server in Milwaukee, Wisconsin. This ensures that the information stays within our secure environments, enabling us to have more control over the management of information. 

Security 

To help enhance security, Terra utilizes Microsoft Defender for Endpoint to ensure security through MFA for all Active Directory users. Our team also has limited access to protected health information. They can only view what is necessary and individual access to ePHI is constantly logged. Additionally, all our devices containing protected health information are encrypted and have strong password protection. We frequently update these passwords to maintain their strength.  

When it comes to our internal and external communication, as well as the sharing and management of files, knowledge bases, and content in general, we use Office 365 Suite for seamless collaboration across the organization.  

Layer # 2: Our Team 

Just as crucial as the IT infrastructure, having a team of people behind it who know how to use the tools is as important—if not more. Here’s how we make sure our team has the tools, resources and knowledge to remain compliant: 

All team members with access to protected health information, from leaders to project managers, are trained on the HIPAA compliant procedures and processes in place so they can handle ePHI securely from initial reception to final client delivery. This includes HIPAA concepts, standards, and security and privacy measures. Every member that passes all the courses also receives an official certification from Total HIPAA and is required to sign a confidentiality agreement that protects patient privacy. We promote and encourage a culture of compliance. Because of this, every year, our team participates in additional training.  

Documents that contain ePHI and require translation services are carefully assigned to linguists who are both experts in the healthcare field and are also trained in HIPAA compliance. To evaluate their knowledge, we created an internal test that they must pass to demonstrate their ability to properly handle the documents with the utmost care. These linguists are not able to download the ePHI to their own devices and always work within secure environments. 

Layer # 3: Our Privacy Officer 

Having the right team in place makes all the difference. Our Privacy Officer, Matías Giannoni, oversees the development, implementation, maintenance and adherence to the procedure regarding the safe handling of ePHI in compliance with HIPAA regulations. Matías acts as a liaison to the IT Department to ensure privacy and security practices are implemented. He guides the training of our team, addresses any concerns individuals may have, and promptly analyzes if actions should be taken.  

A Commitment to Risk Assessment, Mitigation and Continuous Improvement  

Maintaining confidentiality, document control, and client trust are vital to Terra. This commitment is illustrated by the entire Terra team executing risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us.  

Our journey towards maintaining privacy is always evolving as HIPAA regulations are subject to change. As a result, we continuously improve our policies and procedures to stay up to date. 

RELATED CONTENT

5 Tips For Helping Employees Securely Work From Home
03/08/2020

5 Tips For Helping Employees Securely Work From Home

Posted on | by Jacqueline De Marco | Leave a Comment on 5 Tips For Helping Employees Securely Work From Home

With many companies having no choice but to allow their employees to work from home during the coronavirus pandemic, employers have had to swiftly make arrangements that enable them to do so. Running a company remotely is much more complex than just sending employees home with a laptop. Like in an office, security measures must be taken to protect a company’s data and employees. This means some employers may be faced with trying to bring this same level of security to hundreds of homes as they formerly did to one office location. If you’re an employer whose employees are now enjoying the remote work life, consider taking these steps to ensure they’re working securely and safely. 

1. Determine a Security Protocol 

First things first, you’ll need to determine exactly what type of security measures your business needs and how you can implement those measures in your employees’ home offices. One simple step to take toward security is to ensure that employees have up-to-date security protection installed on any devices they utilize for work, such as virus checkers, firewalls, and device encryption. Remind employees to update their software when new versions become available or to activate automatic updating on work devices. 

Other aspects of your security protocol may involve resetting default passwords on home Wi-Fi routers, requiring all devices to be locked when an employee walks away from them or providing digital backup systems or external drives to secure work, all of which can help strengthen your remote security measures. 

2. Provide Proper Training & Support

Once you’ve set a security protocol, it’s important to train employees on how to follow it correctly. Ongoing training will be necessary as you put new measures in place or as new security risks arise. Providing them with educational tools and access to an IT support team will help lessen confusion as well as emphasize how important your security measures are. 

3. Take Passwords Seriously 

When employees work remotely, their choice of passwords matters more than ever. Auditing their passwords will give you an idea of if their passwords are secure enough and if they need to be updated. You’ll want to educate them on the importance of having a strong password (aka not a “password” or something personal that can be guessed) and provide password guidelines that you expect them to meet. Requiring them to update their passwords periodically is also an effort worth making. Implementing two-factor authentication across work devices and digital accounts can add an extra layer of security.

In case a key employee is not available, it is important the company has access to their passwords. There are programs such as LastPass that can help you securely manage employee passwords, in case you ever need to access them. 

4. Keep an Eye on Your VPN

Virtual private networks (VPN) can be used to secure data across a core system and remote employee devices. They do so by hiding a user’s IP address and location and by encrypting data transfers. If your company already has a VPN in place, double-check that all of your employees can receive protection from it remotely.

VPNs are susceptible to vulnerabilities, especially older versions, so it is important to keep your VPN up to date through your survey or firewall, whichever provides your VPN solutions. In some cases, this is simply the desktop of the remote user. 

5. Create Scam Awareness

New security scams pop up every day and there is a fresh batch circulating related to COVID-19, according to The National Cyber Awareness System. Ideally, someone on your team will stay abreast of the latest scams so your employees can be properly informed of what scams to look out for. At the very least, employees should be frequently reminded not to click on unsolicited emails or visit unofficial websites.

10 Tips for Working From Home Securely
06/07/2020

10 Tips for Working From Home Securely

Posted on | by Jacqueline De Marco | Leave a Comment on 10 Tips for Working From Home Securely

If you’re one of the millions of employees who rapidly transitioned from working in an office to working out of your home, it’s time to get your ducks in a row. More specifically, your security ducks. When you work in an office, there are often strong security measures already in place and a handy tech team that helps prevent cybersecurity issues. When you take your work home with you though, you’ll need to take extra steps to ensure you’re working securely and protecting your company.

1. Use Strong Passwords

Your home office likely doesn’t have the same level of preventative security as your workplace, which makes the need for a strong password all the more important. Avoid using common passwords such as “passwords” or repeating numbers that are easy to replicate. It’s also best not to use easily identifiable personal information such as your birthdate or a pet’s name to create your password. Make the password random and difficult to guess.

2. Implement Multi-Factor Authentication

Speaking of passwords, using a multifactor authentication process can add an extra layer of protection that is more difficult for hackers to move past. Typically, multifactor authentication requires presenting at least two pieces of evidence to an authentication mechanism, such as entering a password and answering a personal question.

3. Invest in Antivirus Software

If you took your work computer home with you, chances are it came equipped with antivirus software, but if you’re using a personal computer or your company allowed you to purchase a new one, you should install antivirus software to help protect your computer from malware such as viruses, spyware, rootkits, ransomware, and trojans.

4. Learn to Avoid Phishing Scams

If you ever encounter a link in an email, on an app, or on a webpage that seems suspicious, don’t click on it. Take some time to learn the signs of phishing scams. One quick trick to spot a phishing scam is to hover over links instead of clicking on them, doing so allows you to preview the link and see if it looks suspicious. Generic messages with attachments should be avoided as well.

5. Don’t Share Work Devices

Keep your family and friends away from your work devices as you won’t know what risks their activity may expose your work computer to. Not to mention, you may be violating company privacy policies by sharing work devices.

6. Keep Physical Workspace Secure

Whatever rules are in place in your office for keeping your physical workspace secure should be followed at home. That may include best practices like never walking away from your computer while it is still logged on or physically locking up a laptop at the end of the day.

7. Back Up All Data

Often workplaces have computers linked to a secure network that automatically backs up files, but at home make sure you frequently save your work to an external hard drive or cloud storage system to avoid losing valuable data during a system failure.

8. Avoid Risky Apps

Think carefully before you download any external apps onto your work devices and remove any that may put your network or devices at risk. If you don’t need an app, it’s best to remove it even if it seems safe.

9. Only Use Safe USB Drives

Do not use a USB drive unless you are certain of its origins and its contents. Using a randomly found USB drive may result in exposure to malware.

10. Plan Secure Meetings

The rise in popularity of video call meetings has led to new hacking opportunities. To keep virtual meetings secure, use a reputable platform, don’t share the meeting passwords with anyone outside the meeting, and avoid sharing sensitive information during virtual meetings.

Infographic titled ‘Security When Working From Home.’ Ten tips: 1. Use strong passwords, 2. Implement multi-factor authentication, 3. Invest in antivirus software, 4. Learn to avoid phishing scams, 5. Don’t share work devices, 6. Keep physical workspace secure, 7. Back up all your data, 8. Avoid risky apps, 9. Only use safe USB drives, 10. Plan secure meetings.
This infographic shares ten essential security tips for staying safe while working from home, covering passwords, devices, apps, and safe practices.
Data Protection Do you Need a US-Based Translation Team - Portada
10/06/2019

Data Protection: Do you Need a US-Based Translation Team?

Posted on | by Jacqueline De Marco | Leave a Comment on Data Protection: Do you Need a US-Based Translation Team?

The internet has opened up a world of possibilities. These days, it’s not uncommon to work with colleagues from every corner of the globe. This global access allows companies to find the best talent, services, and contracts for their business. But there are times when domestic work is an absolute necessity. Some companies and organizations may require working with a US-based translation team in order to prioritize security, protect data, or adhere to strict regulations. Why is that exactly?

Why Work with a US-Based Translation Team?

A company or organization might need to work with a US-based translation team for many reasons. A few scenarios can include:

  • If they need a notarized translation within the US
  • If they have to work with translators who have undergone a background check
  • If any files and information must remain in US territory
  • If specific security measures must be in place

As a safety precaution, some clients that work with sensitive information may need their documents to stay physically within the United States. Meaning, the linguists working on the projects need to be US-based, as do the Project Managers. Even the servers where the files are stored, or are used for transfers, may need to remain in the United States.

Who Needs a US-Based Translation Team

The needs for a US-based translation team can vary, but some of the clients that may require such services include:

  • Government agencies: Local, state, and federal agencies have varying regulations they need to adhere to. The United States government has statutes that all translation services will be performed within the boundaries of the United States. The inability to perform services in the United States can be grounds for disqualifying a contract.
  • The military: As a branch of the United States government, they are also required to meet strict standards regarding translation services.
  • Healthcare providers: Those in the healthcare space, may also need translators and Project Managers to undergo a HIPPA training. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) aims to protect the confidentiality of the protected health information (PHI) that is translated. The US Department of Health has called out their expectations regarding security on their website.
  • Financial institutions: There is a large amount of sensitive data handled by financial institutions regarding business, employees, and customers that is protected by industry and government regulations. If a financial institution works with healthcare companies, HIPAA guidelines may apply.
  • Companies: Any companies involved in the research, development, sale or maintenance of goods regulated by the US government, such as pharmaceuticals, may be required to use US-based translation services.
  • Exporters of defense and military-related technologies: Under International Traffic in Arms Regulations (ITAR) there are mandatory compliance rules that must be followed regarding translation services for the Defense Department and all of its suppliers.

What We Can Offer

Terra has a robust team of international team members, including US-based translators and Project Managers. As business associates of covered entities, we understand the importance of being HIPAA compliant and our team has undergone HIPAA training with certification.

It is worth noting that HIPAA Rules do not include specific requirements regarding the protection of electronic protected health information (ePHI) processed or stored by a cloud service provider (CSP) or business associates outside of the United States. However, the Office for Civil Rights (OCR) warns that risks related to the ePHI may vary based on location. For example, risks can increase considerably when outsourcing storage or other services for ePHI overseas due to the enforceability of privacy and security protections over the data.

Alongside offering US-based translation services, our project management process meets and exceeds the most demanding requirements, including workflow, timelines, roles, responsibilities, and deliverables.