5 Ways of Securing Patient Data

Here are some tips and products that can help to secure patient data in the medical office.

Know HIPAA Laws

Photo courtesy of Jetta Productions/gettyimages
Whether intentional or accidental, unauthorized disclosure of PHI is considered a violation of HIPAA. Any organization that accesses patient health information is considered a covered entity and is required by law to comply with HIPAA provisions or face civil and/or criminal penalties. It is imperative that medical records remain confidential and cannot be accessed by people that do not have proper authorization. Disclosures made regarding a patient's protected health information (PHI) without their authorization is considered a violation of the Privacy Rule.

HIPAA security refers to establishing safeguards for PHI in any electronic format. This includes any information used, stored or transmitted electronically. Any facility defined by HIPAA as a covered-entity has the responsibility to ensure the privacy and security of its patient’s information as well as maintaining the confidentiality of their PHI. With the increased use of information technology in health care, your medical office must continue to find ways to maintain the security of the protected health information (PHI) of the patients they serve.

Buy from Amazon

Develop a Privacy Policy

Image courtesy of Yellow Dog Productions/Getty Images
Privacy policies should include safeguarding three areas of focus: administrative, physical, and technical. Some of which are meant to:
  • Develop a formal security management process including the development of policies and procedures, internal audits, contingency plan and other safeguards to ensure compliance by medical office staff.
  • Develop policies for verifying access authorizations, equipment control, and handling visitors.
  • Develop and provide documentation including instructions on how your medical office can help to protect PHI (for example, logging off the computer before leaving it unattended.
  • Creating a social media policy for medical office staff establishes guidelines to protect patient privacy and prevents the violation of HIPAA Privacy Rules.

Office Staff Training

Photo courtesy of Jupiterimages/getty images
All healthcare providers have a responsibility to keep their staff trained and informed regarding HIPAA compliance. Five areas of focus should include:
  1. Routine Conversation. Healthcare professionals should be very careful to refrain from disclosing information through routine conversation.
  2. Public Areas. Discussing patient information in waiting areas, hallways or elevators should be strictly off limits.
  3. Trash. PHI should never be disposed of in the trash can. Any document thrown in the trash is open to the public and therefore a breach of information.
  4. Gossip. Gossip is particularly hard to control. That is why it is important that access to information be strictly limited to employees whose jobs require that information.
  5. Marketing. Selling patient lists or disclosing PHI to third parties for marketing purposes is strictly prohibited without prior authorization from the patient.

Use of Secure Technology

Photo courtesy of John Lamb/gettyimages
There are a number of available technologies designed to secure patient data. Be selective in choosing devices and software that secure data over a wireless connection including firewalls, anti-virus, anti-spyware, and intrusion detection technology. Use extreme caution when accessing data over a remote connection. IT specialists suggest using a two-factor authentication system with security tokens and passwords.

Buy from Amazon

Designate a Privacy Officer

Image courtesy of Yellow Dog Productions/Getty Images
HIPAA laws require the designation of a privacy officer to be responsible for the development and implementation of HIPAA compliance policies and procedures. The privacy office is also responsible for

-creating, posting and/or distributing the notice of patient privacy practices
-recording/storing the patient's acknowledgement of receiving the notice of patient privacy practices
-meeting requests for health record changes/corrections
-receiving and considering requests for additional protection for sensitive health information
-providing answers to patients and staff regarding HIPAA or other privacy protections
-handling any complaints from patients and staff regarding privacy violations

Buy from Amazon

Continue Reading