Protected Health Information

Episode 40: Know The Rules! Securing Their Protected Health Information

Are You Securing Their Protected Health Information?

Covered Entities, Business Associates, and patients alike must all be able to trust that their protected health information (PHI) remains private and secure. If your patients lack trust in your Electronic Health Records (EHRs) system they may not want to disclose ALL of their confidential health information to you.

Withholding Health Information Could Have Life-Threatening Consequences

This is one reason why it’s so important for you to ensure the privacy and security of health information. When patients trust you and the health information technology (healthIT) you use enough to share their health information, you and your patient can make better-informed decisions.

In addition, when breaches of PHI occur, they can have serious consequences for your organization, including reputational and financial harm and/or harm to your patients. Poor privacy and security practices heighten the vulnerability of patient information in your health information system, increasing the risk of successful cyberattacks.

Here is a list of eight simple, low-cost, highly effective safeguards as a place to start in implementing privacy and security-related compliance within your practice:

  1. Do not email ePHI unless you know the data is encrypted.
  2. Regularly scan your environment for viruses and malware.
  3. Regularly check all your systems and software for patch updates.
  4. Make sure the entire office understands that passwords should not be shared or easy to guess.
  5. Say “NO” to staff requests to take home electronic devices containing unencrypted ePHI.
  6. Remove hard drives from old computers before you get rid of them.
  7. Make sure your server is in a room accessible only to authorized staff, and keep the door locked.
  8. Notify your office staff that you are required to randomly monitor their access.

Don’t ignore YOUR need to be HIPAA compliant! Any device or media that has PHI needs to be properly protected – HIPAA is not system or hardware specificit applies to all!

Covered Entities and Business Associates need to understand patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?

Are you securing their PHI




Don’t know where or how to start or update your HIPAA security compliance program? Let’s chat about your compliance program – schedule a call with HIPAA alli today!