Problems with HIPAA Security Rule safeguards, both administrative and technical, continue to fall among the top five HIPAA security issues the U.S. Department of Health and Human Services identifies each year.
This suggests a good place to start your HIPAA security compliance is with a careful reading of the HIPAA Security Rule.
You’re first step is to do — and document — a risk assessment for your practice. Then you can create your policies and procedures to make sure the electronic protected health information (ePHI) in your practice is secure.
Many safeguards are common sense ones. For example, keep in mind these do’s and don’ts:
DO:
- Do have a policy for handling keys, magnetic access cards, or keypad security codes when a staff member leaves the practice.
- Do use anti-virus software on your computers, and keep it current.
- Do require screensavers and passwords that contain a combination of more than 10 letters, numbers, and special characters.
- Do require staff to change passwords on a regular basis.
- Do have a procedure to handle mobile devices that are lost or stolen.
- Do back up your PHI and store the backups off site where they are safe from natural and environmental hazards.
DON'T:
- Don’t let computer screens with ePHI on them face patient waiting areas.
- Don’t invite pharmacy sales reps to wait in areas where they might have access to something they don’t need.
- Don’t dump computers in a trash bin or send them to your favorite charity without properly removing or destroying storage on the device.
- Don’t leave EHR systems running in patient exam rooms where a patient could look at another patient’s records.
- Don’t send text or email messages with ePHI unless you know they are secure.
- Don’t let your children use your personal electronic devices to watch movies, play games, or listen to music if you access or share ePHI on those devices.
TMA Practice E-Tips main page
Last Updated On
August 07, 2023
Originally Published On
May 06, 2013