OCR Unveils HIPAA Hotspots
Hotspot: Theft or loss of mobile devices
Greene: Good policies and training on safeguarding mobile devices is a good first step. But, no matter what administrative steps are taken, mobile devices will get lost or stolen. Accordingly, I would highly recommend encryption of such devices and trying to maintain PHI centrally, whenever possible (rather than storing PHI on mobile devices themselves).
Hotspot: Up-to-date software
Greene: Covered entities and business associates should ensure that patches that address vulnerabilities are pushed out to workstations [regularly] and should consider whether an upgrade to software or an operating system is necessary if that version is no longer supported by the vendor. Of course, it is also imperative to keep anti-malware software up-to-date.
Hotspot: Role based access - lack of information access management
Greene: Staying on top of role-based access is always challenging. If standards are too lax, there are significant security risks. If standards are too tight, then patient safety may be jeopardized due to unexpected situations in which an employee needs legitimate access to information but does not have the needed access level. A closely monitored break-the-glass solution may help remedy some of the concerns.
OCR Identifies HIPAA Audit Goals
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big
- Telehealth Improves Patient Care in ICUs
- Why You Should Involve Patients in Nursing Handoffs
- Hospital M&A Volume Up, Value Down in 3Q
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- The 5 Biggest Healthcare Finance Trouble Spots
- 50 Years of Fighting Pressure Ulcers Called Into Question