OCR Unveils HIPAA Hotspots
Hotspot: Theft or loss of mobile devices
Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).
Hotspot: Up-to-date software
Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.
Hotspot: Role based access - lack of information access management
Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.
OCR Identifies HIPAA Audit Goals
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- How Top-Ranked MA Plans Earn Their Stars
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Hospitals Can Become 'Upstreamists'
- 4 Ways to Lower the Cost to Collect from Self-Pay Patients
- House Calls Key to Pioneer ACO Success
- How Telehealth Pays Off for Providers, Patients
- 4 Tips for Managing Employed Physicians
- WellPoint Dominates Nearly Half of Markets, AMA Says
- Defensive Medicine Still Prevalent Despite Tort Reform
- CMS Offers Some ACOs $114M for 'Upfront' Costs