A blog post summarizing important steps organizations must take to make their Slack workspace HIPAA compliant. Many companies working in healthcare are using Slack to improve their efficiency, but using Slack to create, store, or transmit PHI requires additional security layers.

With new features like web-based training, improved ways to engage staff on a recurring basis, new HRIS integrations, performance improvements, and more, Haekka 2 is built to meet the training needs of modern, remote companies!

This is a blog post about the 5 best Slack apps for security and compliance. Slack apps are can be extremely useful when leveraged properly, and security is one operation that Slack apps make more efficient. These apps each serve a different purpose and can be used in conjunction with one another.

This blog post explains what social engineering is, gives common forms of social engineering attacks, and offers five ways to prevent social engineering attacks. This post was published during data privacy week to help people keep themselves and their organizations safe.

A brief guide for understanding HIPAA violations. This post covers what constitutes a HIPAA violation, how to report HIPAA violations, and how to prevent violations by creating an effective compliance program. It also puts an emphasis on effective employee training for compliance efforts.

The past two years have seen a record number of healthcare startups. As we continue to progress into the new year, we want to showcase 9 startups we believe will disrupt healthcare in 2022. These companies have smart teams, amazing products, and are ready to change the world!

Phishing attacks are one of the most common forms of attack against employees. In a world full of remote workers, communications over email have never been more important or more integrated into work. How can you train remote employees on these dynamic and continuous attacks? Learn how in this post.

Healthcare data is extremely sensitive. And, HIPAA requires some form of security training under section. Despite that, data from Osterman Research found that a whopping 24% of healthcare workers were not offered security awareness training at their workplace!

If you find yourself on the website for a company in the healthcare industry, you may notice a badge showcasing that the organization is “HIPAA Certified”. Seeing these badges can be confusing since there is no official HIPAA certification.

The shift to digital healthcare has created many challenges around identifying protected health information (PHI) and and ensuring PHI is utilized in a compliant manner. Keeping up with changing regulations and technology can be difficult, but this post sheds light on the various aspects of PHI.

How long do you need to retain medical records under HIPAA? HIPAA defines what data needs to be kept but it is not the data that most people think of when they think about HIPAA. In this article we detail what HIPAA requires in terms of retaining medical records.

HITRUST is not a small investment. HITRUST takes considerable time and money. HITRUST should be viewed as an investment. An investment that will create an ROI only if leveraged over time and in a proactive way. In this post, we breakout the various ways we've seen companies get value from HITRUST.

With today's transition to remote work, the entire paradigm of employee learning changes. Onboarding remote employees and continually engaging them with relevant knowledge is harder now than every. Slack, the hub of communications for many companies, has many features perfectly suited to an LMS.

HITRUST, as a meta framework that normalizes and maps to various regulations, can be leveraged by companies to address requirements across the myriad of regulatory frameworks that exist today, making reporting more streamlined for companies that operate across industries and geographies.

We're often asked if Slack is HIPAA compliant — meaning is it a suitable place to store and transmit PHI. Because we're helping companies train their staff on both the HIPAA Privacy and Security rules, I felt it would be helpful to discuss the details of how best to use Slack in a HIPAA-compliant...

Ever wonder how HITRUST works when you rely on partners, such as cloud providers and SaaS vendors, for various parts of your infrastructure? Third party risk is a major factor to consider when deciding what vendors you want to work with and how they impact your security and compliance posture.

HITRUST scoring can be complicated and the details are best left to assessors and the CSF. The main goal of this post is to appreciate the various components that go into your overall score. With this, you can focus resources on areas with the most impact to help you achieve HITRUST Certification.

After you've determined that HITRUST is a framework to which you want to comply, the next step is to decide on the type of HITRUST assessment for your company. HITRUST offers 3 different types of assessments. The type of HITRUST assessment determines the level of assurance and external value.

HITRUST is an increasingly important and widely adopted security reporting framework. With an initial focus on healthcare, HITRUST has expanded to other verticals. In this first post in a series, we provide an introduction to HITRUST and an overview of the HITRUST Common Security Framework (CSF).

Your employees have the power to make or break your company’s success. While many companies reach for traditional training methods, upskilling, a new form of training, is often a better alternative. In this post we examine upskilling and how to effectively implement it at your company.

We officially launched on Product Hunt today! Go check it out and don’t be shy about showing us support or dropping comments. There’s an awesome demo from Ryan that shows the entire product experience. Why are we launching now vs a month ago or a month from now? We explain in this post.

The OWASP Top 10 has been a tool for software developers and vendors since 2003. However, things are looking a little different in 2021.In this blog post, we address what changed, why it changed, and how to integrate the new OWASP Top 10 2021 into your daily practice.

The OWASP Top 10 is one of OWASP’s most popular and well-received security resources for engineers. The non-profit organization has identified the ten most crucial security risks for web applications and common exploits used by hackers. Learn more about in this post.

At Haekka, we bet on workflow tools such as Slack and Teams as the hubs of work for companies. That bet has paid off. Covid, and work-from-home (WFH), has accelerated the adoption of workflow tools. Shifting to workflows anchored on Slack and Teams requires rethinking how we work.

Slack’s goal is to be an “easier, more organized way to work”. They accomplish this by empowering users to send the right message to the right person at the right time in the right context. One such feature that supports this objective is Slack groups.