Intelligence Unit
Special Reports
Special Events
Subscribe/Buy
Sponsored
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
Follow Us
OCR Unveils HIPAA Hotspots
Hotspot: Theft or loss of mobile devices
Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).
Hotspot: Up-to-date software
Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.
Hotspot: Role based access - lack of information access management
Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.
See Also:
OCR Identifies HIPAA Audit Goals
Dom Nicastro is a senior managing editor at HCPro, Inc. in Danvers, MA. He edits the Briefings on HIPAA newsletter and manages the HIPAA Update Blog. E-mail him at dnicastro@hcpro.com.
- New Facebook Page Gathers Stories of Medical Harm
- Urologists 'Outraged' Over PSA Test Challenge
- Five Hospitals Share Three Secrets to Improve Knee Surgery Outcomes
- Luxury Hospital Facilities Put Patient Experience First
- Beleaguered Fairview Health CEO to Retire in July
- Heartland Health Joins Mayo Clinic Network
- Challenging Physicians to Help Improve the ED
- Health Insurance Exchanges Put Defined Benefits to the Test
- The Power of Plugged-In Physicians
- For hospitals and insurers, new fervor to cut costs
Comments are moderated. Please be patient.
Mark Meade (8/16/2011 at 11:51 AM)
The Government in its crusade to protect us from evil has singled out the business community, by demanding the creation of a gargantuan beaurocracy to control PHI. While several of the ideas are worthy of consideration the whole proposal/regulation is overly burdensome, hugely expensive and wasteful of limited resources (Anybody remember MLR limits). I have yet to see effective action against the thieves who steal and use this information where the real effort needs to be. For those familiar with history, and it seems this group gets smaller all the time, this is a Maginot Line approach to keeping PHI safe which can just as easily be breached as that folly to defensive strategies was. Any wonder the economy is frozen in place with so much effort being channeled into complying with the plethora of rules and regulations pouring from our every expanding government.