Top Menu

HIPAA Weekly Security Tips Archive

HIPAA Security Reminder of the Week

Identify the Risk Groups and Safeguard PHI Sensitive information, such as PHI and PII, is a critical asset within a health care organization. Identifying the risk groups helps clarify operational context and reveals potential vulnerabilities across the IT infrastructure. By doing this, we establish clear priorities for making security investments so that the most critical […]

0 comments

HIPAA Security Reminder of the Week

HIPAA Alphabet Soup The Acts that made all this privacy and security possible: HIPAA: Health Insurance Portability and Accountability Act HITECH Act: Health Information Technology for Economic and Clinical Health Act ARRA Act: American Recovery and Reinvestment Act Key acronyms: BA: Business Associate CE: Covered Entity EHR: Electronic Health Record, also sometimes referred to as […]

0 comments

HIPAA Security Reminder of the Week

Unique User Identification – Logon ID The HIPAA Security Rule requires Covered Entities and Business Associates to implement a “Unique User Identification” for systems holding Electronic Protected Health Information (ePHI). It is a “required” implementation specification under the Access Control Standard and should be employed for all information assets that create, receive, transmit and maintain […]

0 comments

HIPAA Security Reminder of the Week

Potential HIPAA Security Violations When an unencrypted device containing ePHI is stolen or missing, this could result in a HIPAA security violation. For example: A thumb drive containing the Electronic Protected Health Information (ePHI) of approximately 2,200 individuals was stolen from a vehicle. The entity needed to conduct an accurate and thorough analysis of the […]

0 comments

HIPAA Security Reminder of the Week

Working Off-Site When working off-site, remember: Do not take confidential information off-site unless: You have official authorization from your department or division manager and department policy or practice permits the information to be taken off-site. The information must be taken off-site to fulfill your job duties (for example: home visits to a patient). For hard […]

0 comments

HIPAA Security Reminder of the Week

Prevent a Breach of PHI Fax: If you manually enter the fax number, double-check all fax numbers before sending the fax. When discharging a patient, double-check the patient’s identifying information on the discharge instructions and any related prescriptions. Make sure all information matches the patient’s records. Do not leave paper PHI unattended. Logoff any EHR […]

0 comments

HIPAA Security Reminder of the Week

Avoid Peer-to-Peer File Sharing Millions of people use free Peer-to-Peer (P2P) file sharing programs / software to swap files over the Internet. P2P can make files on your computer available to potentially millions of users. Sharing copyrighted material over a P2P network may result in legal action against both the user and your company. P2P […]

0 comments

HIPAA Security Reminder of the Week

Your Online Presence Your online presence is all encompassing. The message you send via email or photos needs to be consistent. For a better idea of where this consistency comes in, consider these: Your photo – provide a professional photo for your website and ID badge Emails – make sure you spell-check and grammar-check before […]

0 comments

HIPAA Security Reminder of the Week

Tailgating/Access Card Usage Tailgating is one of the most common physical security breaches. It starts out innocently – an employee opens a door and holds it open for other employees, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these lax situations is that they open your facility to undocumented […]

0 comments

HIPAA Security Reminder of the Week

Where do we place servers that store ePHI? When determining the location of servers with PHI or PII, consider these two main factors: physical and environmental protection. Physical protection should be focused on preventing unauthorized individuals from accessing the server (e.g. storing the server in locked room accessible only to staff). Environmental protection should focus on protecting […]

0 comments

HIPAA Security Reminder of the Week

Breach of PHI Assessment 4-Factor Requirement Do you think there’s been a breach of PHI?   Follow these guidelines to determine if PHI has been compromised: Look at the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification. Find out who accessed the PHI. Was the person […]

0 comments

HIPAA Security Reminder of the Week

Sanction Policy Both the HIPAA Security Rule and the HIPAA Privacy Rule require Covered Entities and Business Associates to document the disciplinary policy and apply sanctions against members of the workforce who violate the respective regulations.   Sanctions may be applied if you: Access PHI that is not necessary for your job – this includes activities like […]

0 comments

HIPAA Security Reminder of the Week

HHS Guidance on Sharing Mental Health Information of a patient The HHS Office for Civil Rights published guidance that addresses some of the more frequently asked questions about when it is appropriate under the HIPAA Privacy Rule for a health care provider to share the protected health information of a patient who is being treated […]

0 comments

HIPAA Security Reminder of the Week

Protect Yourself from Data Security Breaches By monitoring your accounts regularly, you can respond quickly if hackers attempt to use your information.   Security Tips: Pay attention to “last logged in” info. Sign up for electronic alerts. Consider a credit monitoring service. Freeze your credit. Change your passwords regularly. Think twice before giving out personal […]

0 comments

HIPAA Security Reminder of the Week

Secure Paper Protected Health Information (PHI) too! Sensitive information on paper is the same as sensitive information on a computer. Both need to be protected from unauthorized access and should be treated with caution and discretion. In particular, protected health information (PHI) in all forms (e.g., verbal, fax, paper, electronic) is covered by the HIPAA […]

0 comments

HIPAA Security Reminder of the Week

Information Security Reminder Spring is upon us. And while most of us look forward to enjoying the time, scammers and hackers are hard at work trying to foil that enjoyment. Here are a few reminders to help you foil the attackers: • Ensure that your home computer systems are protected with the most current antivirus/anti-malware products. […]

0 comments

HIPAA Security Reminder of the Week

Information Systems are a Privilege Your access to information “assets” such as hardware, software, storage media, etc. is a privilege. Use of company-owned software and hardware is for legitimate, job-related activity only. Protect this privilege! Guard your authentication credentials – username, password, ID badge, key fob, etc. Do not share your credentials with any other workforce […]

0 comments

HIPAA Security Reminder of the Week

Clean Desk Policy Keep the minimum amount of paper PHI on your desk – only the documents you are working on at the moment. Why? A clean desk produces a positive image – you are organized and respect patients’ privacy. Sensitive documents left in the open can be stolen by a malicious entity. Remember to: […]

0 comments

HIPAA Security Reminder of the Week

Protecting a Patient’s Privacy Well-known individuals or celebrities have the same rights to privacy as anyone else. Privacy violations involving celebrities are further complicated due to the higher exposure that may follow these types of patients. Remember: Do not access a patient record unless it is necessary in order to perform your job. Do not […]

0 comments

HIPAA Security Reminder of the Week

Social Networking Safety Social engineering is quickly becoming the most common way the “bad guys” are breaking into systems. Our systems are good at keeping the bad guys out. But it’s much harder to keep them out once you’ve let them in by visiting infected websites, clicking on links or attachments in emails, or responding […]

0 comments

HIPAA Security Reminder of the Week

Secure PHI in Patient or Customer Care Areas Do not discuss PHI or customer details in common places such as cafeterias, elevators, parking lots, or outside the facility. Do not leave hard copy files unattended, for example on top of the desk. Review your company Clean Desk Policy. If you must work with hard copy […]

0 comments

HIPAA Security Reminder of the Week

Check Devices to Ensure They Are in Compliance All desktops, laptops and other mobile computing devices must encrypted. This is to ensure that all devices that access ePHI will be compliance with the HIPAA Security Rule. Verify that your device has been been encrypted. If you are unsure, contact your IT Help Desk @ 610-640-4223 […]

0 comments

HIPAA Security Reminder of the Week

Treat Paper Records & Electronic Data Equally Sensitive information on paper is the same as sensitive information on a computer. Both need to be protected from unauthorized access and should be treated with caution and discretion. In particular, Protected Health Information (PHI) in all forms (e.g. verbal, fax, paper, electronic) is covered by the HIPAA […]

0 comments

HIPAA Security Reminder of the Week

Logon ID Sharing user IDs and passwords is not advisable and may be a non-compliance with your company policy or local legislation. If you shared this information and someone used it to access ePHI, you will be held responsible for the actions that person took using your credentials. Do not to share network logon ID […]

0 comments

HIPAA Security Reminder of the Week

What is PHI? PHI is individually identifiable health information which is created or received by a health care provider, health plan, or health care clearinghouse. Such information relates to the past, present or future physical health, mental health or condition of an individual AND can be directly tied to an individual. PHI either identifies or […]

0 comments