Leadership
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

OCR Unveils HIPAA Hotspots

Dom Nicastro, for HealthLeaders Media, August 16, 2011

Hotspot: Theft or loss of mobile devices

Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).

Hotspot: Up-to-date software

Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.

Hotspot: Role based access - lack of information access management

Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.

See Also:
OCR Identifies HIPAA Audit Goals


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
1 | 2 | 3

Comments are moderated. Please be patient.

1 comments on "OCR Unveils HIPAA Hotspots"


Mark Meade (8/16/2011 at 11:51 AM)
The Government in its crusade to protect us from evil has singled out the business community, by demanding the creation of a gargantuan beaurocracy to control PHI. While several of the ideas are worthy of consideration the whole proposal/regulation is overly burdensome, hugely expensive and wasteful of limited resources (Anybody remember MLR limits). I have yet to see effective action against the thieves who steal and use this information where the real effort needs to be. For those familiar with history, and it seems this group gets smaller all the time, this is a Maginot Line approach to keeping PHI safe which can just as easily be breached as that folly to defensive strategies was. Any wonder the economy is frozen in place with so much effort being channeled into complying with the plethora of rules and regulations pouring from our every expanding government.