Confusion often occurs regarding how to best secure patients protected health information (PHI). In addition, striving for HIPAA Compliance is important to protect your reputation and your income. Due to this confusion, we have partnered with KnowBe4 to provide training and testing of our end users in cybersecurity topics, including HIPAA Compliance.
HIPAA, or the Health Insurance Portability & Accountability Act (HIPAA) is a civil rights law which gives patients control over the use and disclosure of their health information. Due to HIPAA, covered entities and business associates must ensure the privacy and security of all patients’ protected health information (PHI). Covered entities include any entity that provides care. Business associates include any company that provides services to covered entities that gives them access to protected health information.
Communications (whether electronic, written, or oral) about your patients can contain sensitive information which is protected by HIPAA. As a result, a patient’s protected health information should only be used or released if necessary for treatment, payment, or healthcare operations, to provide adequate care and fulfill your responsibilities as a health care provider.
Tips to increase HIPAA Compliance
- Always cross shred documents that contain protected health information.
- Discard CD-ROMs, USBs and other digital storage carefully in order to prevent data from being stolen. Ask your supervisor or manager how you can properly dispose of these.
- Report suspicious activity to your Help Desk or IT team immediately.
- Do not leave messages concerning a patient’s health information on answering machines or voicemails.
- Access only electronic information that you “need to know” to perform your job. If you don’t need the information for your job responsibilities, you probably should not access it.
- Lock all unattended computers.
- Secure laptop computers and other mobile devices.
- Encrypt files and folders on mobile devices.
- Store passwords in secured areas only – not accessible by others. Therefore, don’t hide your password on a post-it note at your workstation.
Employees who do not take care of sensitive information often result in fines, increased operating costs, loss of customer confidence, and even more governmental regulation for their practice. Do your part to keep sensitive information safe at all times in order to benefit your patients.
Finally, you should always strive to keep your PHI secure. Create and follow sound policies that govern the use and access of PHI. Restrict access to the internet and PHI to appropriate use only.
Single doctor practices must do annual assessments. At A Better Choice Network Solutions, we help our clients protect their patients and themselves from cybersecurity threats. We believe that you should never pay a cyber-criminal for the use or return of your data. A fully comprehensive HIPAA Compliance Assessment can help you identify threats to the PHI of your patients.