OCR Unveils HIPAA Hotspots
If appropriate for your organization, this may also include more sophisticated algorithms, such as comparing patient addresses and employee addresses to detect potential cases of neighbor snooping by employees, or looking for access that is unusual for a department (e.g., a labor and delivery nurse looking up a male patient).
There is no one-size-fits-all answer, but covered entities and business associates should document what options they have considered and how they concluded that their approach was reasonable.
Hotspot: Secure wireless network
The May 2011 OIG report regarding CMS oversight of the Security Rule is helpful here, highlighting a number of vulnerabilities in wireless networks that the OIG found when auditing hospitals. For example, OIG found hospitals where no authentication was required to access the network or where there was an inability to detect devices intruding on the network.
For smaller providers, it may be less complicated issues, such as ensuring that encryption is turned on, and that the administrative access to configure the access is properly password protected.
Hotspot: Management of user access and passwords
Greene: Covered entities should ensure that there are policies generally prohibiting the sharing of user IDs, systems are configured to require strong passwords when accessing higher-risk information and to require changing of default passwords, and that access to administrative accounts is closely controlled.
- 'Mega Boards' Could be Rural Healthcare Disruptor
- 1 in 5 Eligible Hospitals Penalized for HACs
- HL20: Rebecca Katz—Cooking Up Sustainable Nourishment
- Meaningful Use Payment Adjustments Begin
- HL20: Peter Semczuk, DDS, MPH—Taking on the Big Challenges
- PA hospital to pay $662,000 to settle Medicare fraud case
- Supreme Court to hear Obamacare subsidy challenge in March
- How the high cost of medical care is affecting Americans
- Dr. Oz gets fact-checked and the results aren't pretty
- HL20: Lee Aase—Who's Behind @MayoClinic