OCR Unveils HIPAA Hotspots
Hotspot: Theft or loss of mobile devices
Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).
Hotspot: Up-to-date software
Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.
Hotspot: Role based access - lack of information access management
Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.
OCR Identifies HIPAA Audit Goals
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- 3 Management Lessons from a Supermarket Debacle
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts
- Physicians to Appeal 'Docs v. Glocks' Ruling in FL
- CA Fines 8 Hospitals for Medical Errors
- Centralizing the Revenue Cycle Protects the Bottom Line
- Revenue Cycles Get a Boost from Simple JPEG Files
- IOM Identifies GME Problems, Calls for Finance Changes
- Employers Weigh Risks, Benefits of Private Exchanges
- Doctors Feel Pressure to Accept Risk-based Reimbursement