OCR Unveils HIPAA Hotspots
Hotspot: Theft or loss of mobile devices
Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).
Hotspot: Up-to-date software
Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.
Hotspot: Role based access - lack of information access management
Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.
OCR Identifies HIPAA Audit Goals
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Healthcare Leaders Seek Strategic Sweet Spot
- 3 Reasons Wellness Programs Fail
- CMS Issues Health Insurance Exchange Proposed Rules
- Patients Shoulder Nearly 25% of Medical Bills
- MGMA: Physician Compensation Increasingly Based on Quality Measures
- ACOs Widespread, Yet Challenged
- HFMA: Patient Financial Interaction Guidelines Sharpened
- Data Collaborative Taps Predictive Analytics to Coordinate Care
- Physician Pay Will Soon Depend on Outcomes
- HFMA: Revenue Cycle, Reimbursements Share the Spotlight