In its newly revised Guide to Privacy and Security of Electronic Health Information, the Office of the National Coordinator (ONC), stresses that basic security measures can be highly effective and affordable.
Which of these Low-cost, Highly Effective Safeguards are you using today?
Do you consistently:
- Say “no” to staff requests to take home laptops containing unencrypted electronic personal health information (ePHI)?
- Remove hard drives from old computers before you get rid of them?
- Check your EHR server often for viruses and malware?
- Make sure your server is in a room accessible only to authorized staff, and keep the door locked
- Maintain a working fire extinguisher in case of fire?
Are you providing regular security reminders and education to:
- Notify your office staff that you are required to monitor their access randomly?
- Make sure the entire office understands that passwords should not be shared or easy to guess?
Is it a known office policy that you:
- Do not email ePHI unless you know it is encrypted?
The balancing act of maintaining HIPAA security and not inhibiting the business is not child’s play. It’s one thing to think about HIPAA compliance and another to be HIPAA compliant.
6 Reasons why it’s time for a HIPAA Reality Check
Stericycle’s white paper HIPAA Compliance: Six Reality Checks is an easy read that reveals powerful facts, graphs and statistics on HIPAA compliance and what can be done to mitigate the risk of a HIPAA breach or violation.
By leveraging low-cost, highly effective best practices and committing the necessary resources to properly safeguard patient confidentiality and the security of ePHI, you can prevent costly breaches and keep the trust of your patients.