OCR Unveils HIPAA Hotspots
If appropriate for your organization, this may also include more sophisticated algorithms, such as comparing patient addresses and employee addresses to detect potential cases of neighbor snooping by employees, or looking for access that is unusual for a department (e.g., a labor and delivery nurse looking up a male patient).
There is no one-size-fits-all answer, but covered entities and business associates should document what options they have considered and how they concluded that their approach was reasonable.
Hotspot: Secure wireless network
The May 2011 OIG report regarding CMS oversight of the Security Rule is helpful here, highlighting a number of vulnerabilities in wireless networks that the OIG found when auditing hospitals. For example, OIG found hospitals where no authentication was required to access the network or where there was an inability to detect devices intruding on the network.
For smaller providers, it may be less complicated issues, such as ensuring that encryption is turned on, and that the administrative access to configure the access is properly password protected.
Hotspot: Management of user access and passwords
Greene: Covered entities should ensure that there are policies generally prohibiting the sharing of user IDs, systems are configured to require strong passwords when accessing higher-risk information and to require changing of default passwords, and that access to administrative accounts is closely controlled.
- How Top-Ranked MA Plans Earn Their Stars
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Hospitals Can Become 'Upstreamists'
- 4 Ways to Lower the Cost to Collect from Self-Pay Patients
- House Calls Key to Pioneer ACO Success
- How Telehealth Pays Off for Providers, Patients
- 4 Tips for Managing Employed Physicians
- Defensive Medicine Still Prevalent Despite Tort Reform
- WellPoint Dominates Nearly Half of Markets, AMA Says
- 'Overtreatment' Debate Circles Back to Lung Cancer Screening