Locate, Secure Places Where Protected Health Information is Stored to Improve HIPAA Compliance

In "HIPAA Security Has Teeth, So Locate and Secure Your Healthcare Data," Marion Jenkins, executive vice president at 3T Systems, discusses the importance of identifying where your organization's protected health information is stored and then eliminating ways users can inadvertently expose the data.

The Health Insurance Portability and Accountability Act Security Rule has undergone two major changes since it was first enacted in 2005. The first occurred in 2009 when, as part of the Health Information Technology for Economic and Clinical Health Act, the maximum fines for violation of HIPAA were increased to $1.5 million. The second occurred when the HIPAA Omnibus Rule was enacted in January, which added to HIPAA breach reporting and business associate requirements.

However, one of the most important and basic specifications has not undergone any change, and yet it is often ignored by healthcare organizations, according to Mr. Jenkins.

Mr. Jenkins is referring to the specification that requires healthcare organizations to conduct an accurate and thorough assessment of potential risks to the confidentiality and availability of protected health information. Most reported data breaches appear to be a result of ignoring this specification.

Many providers assume that their protected health information is in their electronic health record system. But, Mr. Jenkins notes, there has never been, to his knowledge, a HIPAA breach because of the failure of an EHRs software database.

Mr. Jenkins advises healthcare organizations to look into the following places where protected health information is stored and find ways to prevent leaks from these sources:

1. Laptops
2. Workstations
3. Practice websites
4. Portable media — USB keys, portable hard drives, backup tapes, etc.
5. E-mail

More Articles on HIPAA:

7 Concepts for HIPAA Compliance During Litigation and Discovery
10 Steps for Ensuring HIPAA Compliance
HIPAA Compliance: What Providers Should Know About HITECH Act Mandatory Audits


Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars