Health Information Compliance Alert
FTP Won't TKO Your Security Rule
PDF
Question: Our staffers want to use file transfer protocol (FTP) to send patients' confidential information back to the office when they're working from home. Can we do this without violating the privacy or security rules? Alaska Subscriber Answer: "Yes," says security specialist Ali Pabrai, CEO and co-founder of HIPAA Academy.net in Chicago. But, that doesn't mean it's a safe practice, he warns. FTP is a widely used method of moving files from one system to another over the Internet, but it is loaded with security risks, Pabrai asserts. "Information sent via FTP is sent in clear text -- anyone can read it," whether the file is in transit or at rest, he explains. Better idea: If your staff needs to send information back to the office, instruct them to use encrypted e-mail instead. And if you cannot afford to equip each workstation with encryption, make staffers save their work to a portable disk, he suggests. That way, you can control who sees the information and how it is disposed. The Bottom Line: Though FTP is not banned by either the privacy or security rules, you can't just send your patients' PHI into the world without protection, Pabrai declares. Next step: Work with your tech team to develop a policy on how PHI can be transmitted from home, he offers.
Health Information Compliance Alert
- Security:
Start 2008 By Tightening Up Your Electronic Data Safeguards
7 system checks keep your data safe and sound. Your old data protection plan may [...] - Kickbacks:
Check This List Twice Before Giving Gifts
New Stark II refinements change little -- but plenty of caution is still in order. [...] - You Be The Security Expert:
How Deeply Can We Delve Into Payment Arrangements?
Question: One of our patients was admitted as self-pay. Previously, Medicare covered her medical expenses. [...] - Kickbacks:
Take A Fresh Look At Your Beneficiary Gift-Giving
Goodwill could land you in hot water. You may feel compelled to help needy patients [...] - Security Compliance:
Cork PHI Leaks In Staff E-Mail With These Key Tactics
Use these strategies to keep your compliance plan strong without breaking the bank. When you [...] - Compliance Tactics:
Overcome Contract Negotiation Challenges With This Checklist
10 tips can prevent carrier hassles. Carrier contract negotiation is often a long, difficult process. [...] - Clip 'n' Save:
Use This Tool To Strip Your E-Mails Of Patients' PHI
Information that does not identify an individual is considered deidentified. That means the data is [...] - Reader Questions:
NPPs For Mother's Little Helpers
Question: A mother walks into a provider's office with her four children for the first [...] - Reader Questions:
Keep Crimes From Killing Your Compliance Efforts
Question: Law enforcement officers recently contacted us about a patient that was treated in our [...] - Reader Questions:
FTP Won't TKO Your Security Rule
Question: Our staffers want to use file transfer protocol (FTP) to send patients' confidential information [...] - Industry News:
Physicians' Claims Made Easier With NPI Claim Fields
CMS warns against denials with incorrect claims. Physicians will have one less thing to worry [...] - Continuing Education:
Boost Your Brain With A Quick Audioconference
Go to audioeducator.com to find out more. Brushing up on your business skills doesn’t [...]