Health Information Compliance Alert
Avoid Severe Automatic Logoff Policies
PDF
Question: Our information systems department has asked that all workstations be set to automatically log users off after five minutes of inactivity. However, our clinical staff is complaining that this is not feasible. Does the security rule demand that we adhere to a five-minute logoff standard? North Carolina subscriber Answer: "No," says Raj Patel, the manager for security assurance and consulting at Plante & Moran in Southfield, MI. The security rule makes automatic logoffs an addressable -- not required -- standard, he points out. Setting your system automatically to log out users after five minutes of inactivity could cause more problems than it solves. Rather, set your automatic log off for 15 minutes, Patel suggests. Note: You don't have to set one timeframe for everyone in your organization. Determine how much time each department might need and then base your policy on that. Example: Your clerical staff may need 15 minutes, while billing staff can be logged out after 10, Patel offers. The Bottom Line: Automatic logoff is very useful in curbing the chances that an unauthorized user will view or manipulate your patients' PHI. Be sure to document your decision process in determining how automatic logoffs will work for your organization, Patel tells Eli.
Health Information Compliance Alert
- Enforcement:
Provider Slapped With First HIPAA Settlement -- And It's A Big One
You could be next, OCR official threatens. If you've been letting HIPAA concerns languish on [...] - You Be The Security Expert:
Do We Have To Agree To Patients' Restriction Requests?
Are different keys for inside and outside doors a security violation? Read the situation below [...] - Compliance:
Take These 6 Steps To Shore Up Your HIPAA Compliance
Don’t let harsher enforcement catch you by surprise. Providers that have let their HIPAA compliance [...] - Compliance Tips:
Cut The Cord On Your Wireless Patient Access Concerns
You can allow patients to use a wireless connection without ruining your compliance program. Any [...] - Case Study:
Tips For Taming The Wireless Access Beast
Wireless networking isn't the technology bear it's made out to be. That's the attitude Fernando [...] - Compliance Strategies:
Consider All the Legal Aspects Before Implementing A Wellness Program
First step: Choose a participation-only or standard-based program. Having a company wellness program is a [...] - Reader Question:
Avoid Severe Automatic Logoff Policies
Question: Our information systems department has asked that all workstations be set to automatically log [...] - Industry News:
Brace For Changes In The Appeals Process
Providers who submit claims to a Medicare fiscal intermediary will be operating under revised claims [...]