• The golden rules of HIPAA compliance for your clinical trials

    As Flask Data customers progress through their clinical trial journey to FDA clearance and post-marketing, we are frequently asked on how to achieve HIPAA compliance in an era of digital health apps, medical IoT and collection of RWD (real-world data) from patients. I will try and help you make sense out of HIPAA and the HITECH […]

  • 3 things to do before you spend money on a HIPAA consultant for your clinical trial

    Flaskdata specializes in same data data and safety solutions for clinical trials. Flaskdata is a technology company specializing in clinical datamanagement and monitoring. We are accomplished at providing our customers with the most effective way to achieve high quality clinical dataand assure patient safety. There is no single solution that works for everyclinical trial. We work […]

  • Why HIPAA Policies and Procedures are not copy and paste

    Compliance from Dr. Google is a very bad idea. Searching for HIPAA Security Rule compliance yields about 1.8Million hits on Google. Some of  the information is outdated and does not relate to the Final Rule and a good deal of other information is sponsored by service providers and technology companies selling silver bullets for HIPAA compliance. The […]

  • The chasm between FDA regulatory and cyber security

      When a Risk Analysis is not a Risk analysis Superficially at least, there is not a lot of difference between a threat analysis that is part of a software/hardware security assessment and a risk analysis (or hazard analysis) that is performed by a medical device company as part of their submission to the FDA. […]

  • Risk does not walk alone

    Israeli biomed companies often ask us about the roles of audit and risk management in their HIPAA security and compliance activities.  At the eHealth conference in Israel last week – a lawyer gave a presentation on HIPAA compliance and stated: If you have to do one thing, make sure everything is documented – your policies […]

  • How do you know that your personal health data is secure in the cloud?

    Modern system architecture for medical devices is a triangle of Medical device, Mobile app and Cloud services (storing, processing and visualizing health data collected from the device).  This creates the need for verifying a chain of trust: patient, medical device, mobile app software, distributed interfaces, cloud service software, cloud service provider. No get out of jail free card if […]

  • Refreshing your HIPAA Security Rule compliance

    Clients frequently ask us questions like this. Danny, I have a quick question about our HIPAA compliance that we achieved back in early 2013. Since then  we have released a couple of new software versions and we are wondering to what extent we need to perform another security and compliance assessment.  Please let us know what sort of information you might […]

  • Privacy, Security, HIPAA and you.

    Medical devices, mobile apps, Web applications – storing data in the cloud, sharing with hospitals and doctors. How do I comply with HIPAA? What applies to me – the Security Rule, the Privacy Rule or both? Consider a common use case these days – you’re a medical device vendor and your device stores health information in the cloud. […]

  • The importance of risk analysis for HIPAA compliance

    A chain of risk analysis The HIPAA Final Rule creates a chain of risk analysis and compliance from the hospital, downstream to the business associates who handle / process PHI for the hospital and sub-contractors who handle / process PHI for the business associate. And so on. The first thing an organization needs to do is a risk analysis. […]

  • Dealing with DLP and privacy

    Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of  the office out on vacation, you have some time to reflect on data security. Or on the humidity.  Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]