Health Information Compliance Alert
Learn 7 Big Lessons From HIPAA Breaches
PDF
Tip: Don’t forget about physical safeguards for your paper records.
Data breaches and exposure of protected health information seems to be happening on nearly a daily basis all over the United States. But what should you be learning from these breaches?
Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT, offers the following key lessons and quick tips for compliance:
1. Data Encryption — Encrypt data at rest on any desktop or portable device/media storing electronic PHI (ePHI).
2. Safeguards — Have clear and well-documented administrative and physical safeguards on the storage devices and removable media that handle ePHI.
3. Security Awareness — Raise the security awareness of workforce members and managers to promote good data stewardship. Make sure your staffers are well trained on what to do and what not to do.
4. Double-Check Before Sending — Make sure you have the right fax number, email address or postal address before sending PHI. Check your fax numbers on a regular basis, at least once per year, to ensure that the fax number you’re using is correct. If you don’t verify the fax number, who knows where that fax will end up?
5. Paper Records — Do not neglect physical safeguards for areas where paper records are stored or used.
6. Alternative Storage — Reduce risk through network or enterprise storage as an alternative to local devices.
7. Internal Audit — Monitor and audit your systems so you know what’s going on.
Health Information Compliance Alert
- Case Study:
Don't Cut Any Corners In Your Security Rule Compliance Practices
The road to a data breach is riddled with (fixable) security potholes. Taking a lax [...] - Learn 7 Big Lessons From HIPAA Breaches
Tip: Don’t forget about physical safeguards for your paper records. Data breaches and exposure of [...] - Risk Assessment:
Understand The 6 Major Risk Categories For Your Risk Assessment
And check out 10 other risk areas that you shouldn’t overlook. You may feel like [...] - Tool:
Use This Cheat-Sheet To Mitigate Your Security Risks
Don’t forget about organizational requirements like business associate contracts. Security Rule compliance may seem overwhelming [...] - Reader Question:
Which Comes First: Compliance Or Strategic Risk?
Question: Should our internal audit focus on compliance or strategic risks? Answer: “It depends,” answers Susan Ulrey, [...] - Reader Question:
Is Sending An Unencrypted Email An Automatic Breach?
Question: If we use unencrypted email to send a message with a patient’s protected health information [...] - Reader Question:
How Can You Make Continuous Monitoring Feasible?
Question: What is the best way to develop a more continuous monitoring approach to our internal [...] - Enforcement News:
When HIPAA Trumps State Law Privacy Claims
Plus: Identity theft hackers could open you up to an investigation by the IRS and [...]