Health Information Compliance Alert
Review Security Rule Policies, Feds Urge
PDF
Laptops in the field okay--but vulnerable, guidance says.
Make sure you didn't miss this in the winter-holiday rush: The U.S. Department of Health and Human Services wants proof that your HIPAA Security Rule policies and procedures are up to snuff.
The guidance, released Dec. 28, notes "a number of security incidents related to the use of laptops, other portable and/or mobile devices and external hardware that store ... electronic Protected Health Information (PHI)"
Translated: Some providers are slipping up in protecting beneficiaries' PHI.
Real-life risk: Last year, someone stole a laptop being used by a nurse working for a Minnesota home health agency. Because the laptop contained patient information, including home addresses and Social Security numbers for more than 14,000 patients, the agency wound up buying patients' peace of mind by offering free credit counseling. The agency required the use of two passwords to secure information.
"In general, [health care providers] should be extremely cautious about allowing the offsite use of, or access to, electronic PHI," the guidance states.
The guidance specifically allows "a home health nurse collecting and accessing patient data using a PDA or laptop during a home health visit," but stresses that policies and procedures must be in place to manage the risk of data falling into unauthorized hands. "Reasonable and appropriate is still the standard," says attorney Robert Markette, a partner with Gilliland, Markette & Milligan in Indianapolis.
"The best advice in the handout is about training," stresses Markette. "If your employees don't follow your policies, then you don't have policies."
Health Information Compliance Alert
- PRIVACY:
4 Privacy Rule Mistakes You Can't Afford To Make
Don't muddle your compliance with misinterpretations.
Is your organization still struggling to overcome those persistent HIPAA [...] - YOU BE THE SECURITY EXPERT:
STOP, DROP AND ROLL TO EXTINGUISH PRIVACY FIRES
Read the question below and decide how you would handle it before you compare it [...] - Security:
Review Security Rule Policies, Feds Urge
Laptops in the field okay--but vulnerable, guidance says.
Make sure you didn't miss this in the [...] - Enforcement:
HIPAA Widens Scope, Toughens Penalties With Final Enforcement Rule
Reviewing the Final Rule's provisions could save you time and money.
How much do you know [...] - Privacy:
For Mental Health Privacy, Let Patient Notes Prevail
Check out this 3-step process To HIPAA-compliant psychotherapy.
While HIPAA doesn't require providers who offer mental [...] - Privacy Tool:
Are You Protecting Your PHI In Emergencies? Decision Tool Helps You Find Out
Answer 3 questions and keep your emergency plan HIPAA complaint.
Were you aware that the U.S. [...] - READER QUESTIONS:
DON'T DRIVE PRIVACY AWAY WITH YOUR PATIENTS
Question: We want to hire a company to transport patients to and from other medical [...] - READER QUESTIONS:
HEAR TREATMENT TALK? SPILL THE PHI
Question: A speech therapist at the local elementary school sent us a request for information [...] - Industry News:
New Site Helps You Avoid Communication Gaps
3 keys resources could keep you free of federal scrutiny.
Healthcare providers who encounter many patients with [...] - Training Document:
For HIPAA Rookies, Offer HIPAA-Lite
Simple guidelines keep your organization safe from trainee mishaps.
While the training of residents, medical students, [...] - Brochure Helps You Understand Privacy and Anti-Discrimination Policy
These reminders could help you avoid a violation.
If you have questions about what constitutes violations [...]