OCR Unveils HIPAA Hotspots
If appropriate for your organization, this may also include more sophisticated algorithms, such as comparing patient addresses and employee addresses to detect potential cases of neighbor snooping by employees, or looking for access that is unusual for a department (e.g., a labor and delivery nurse looking up a male patient).
There is no one-size-fits-all answer, but covered entities and business associates should document what options they have considered and how they concluded that their approach was reasonable.
Hotspot: Secure wireless network
The May 2011 OIG report regarding CMS oversight of the Security Rule is helpful here, highlighting a number of vulnerabilities in wireless networks that the OIG found when auditing hospitals. For example, OIG found hospitals where no authentication was required to access the network or where there was an inability to detect devices intruding on the network.
For smaller providers, it may be less complicated issues, such as ensuring that encryption is turned on, and that the administrative access to configure the access is properly password protected.
Hotspot: Management of user access and passwords
Greene: Covered entities should ensure that there are policies generally prohibiting the sharing of user IDs, systems are configured to require strong passwords when accessing higher-risk information and to require changing of default passwords, and that access to administrative accounts is closely controlled.
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Don't Underestimate Emotional Intelligence
- The Secret to Physician Engagement? It's Not Better Pay
- Care Coordination Tough to Define, Measure
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Physicians Take SGR Repeal Message to Washington
- Size Matters in Antibiotic Overuse
- CDC Warns of Antibiotic Overuse in Hospitals
- 4 Reasons PCMH Principles Aren't Going Away
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers